jonny/jonnybarnes.uk
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases 5 Packages Wiki Activity Actions

Improve scope checking

Browse source 
Whether the scopes are defined as a space separated string, or an array,
we should now be checking them without any errors.
This commit is contained in:
Jonny Barnes 2024-07-13 14:52:57 +01:00
parent 55afa8f01d
commit baee7ade4f
Signed by: jonny
SSH key fingerprint: SHA256:CTuSlns5U7qlD9jqHvtnVmfYV3Zwl2Z7WnJ4/dqOaL8
3 changed files with 29 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

12
app/Http/Controllers/MicropubMediaController.php
View file

@ -51,7 +51,11 @@ class MicropubMediaController extends Controller
return $micropubResponses->tokenHasNoScopeResponse();
}
if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
$scopes = $tokenData->claims()->get('scope');
if (is_string($scopes)) {
$scopes = explode(' ', $scopes);
}
if (!in_array('create', $scopes)) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse();
@ -119,7 +123,11 @@ class MicropubMediaController extends Controller
return $micropubResponses->tokenHasNoScopeResponse();
}
if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
$scopes = $tokenData->claims()->get('scope');
if (is_string($scopes)) {
$scopes = explode(' ', $scopes);
}
if (!in_array('create', $scopes)) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse();