diff --git a/backend/test/mastodon/oauth.spec.ts b/backend/test/mastodon/oauth.spec.ts index eb55137..765e47f 100644 --- a/backend/test/mastodon/oauth.spec.ts +++ b/backend/test/mastodon/oauth.spec.ts @@ -85,7 +85,7 @@ describe('Mastodon APIs', () => { headers, }) const res = await oauth_authorize.handleRequestPost(req, db, userKEK, accessDomain, accessAud) - assert.equal(res.status, 403) + assert.equal(res.status, 422) }) test('authorize redirects with code on success and show first login', async () => { diff --git a/frontend/src/routes/layout.tsx b/frontend/src/routes/layout.tsx index 44e2719..ba847a4 100644 --- a/frontend/src/routes/layout.tsx +++ b/frontend/src/routes/layout.tsx @@ -6,12 +6,12 @@ type AuthLoaderData = { isAuthorized: boolean } -export const authLoader = loader$>(async ({ platform, request }) => { +export const authLoader = loader$>(async ({ platform }) => { const isAuthorized = platform.data.connectedActor !== null - // FIXME(sven): remove hardcoded value + // defined in migrations/0010_add_ui_client.sql const UI_CLIENT_ID = '924801be-d211-495d-8cac-e73503413af8' const params = new URLSearchParams({ - redirect_uri: request.url, + redirect_uri: '/', response_type: 'code', client_id: UI_CLIENT_ID, scope: 'all', diff --git a/functions/oauth/authorize.ts b/functions/oauth/authorize.ts index 612d856..033aac5 100644 --- a/functions/oauth/authorize.ts +++ b/functions/oauth/authorize.ts @@ -50,7 +50,7 @@ export async function buildRedirect( const redirect_uri = url.searchParams.get('redirect_uri') if (client.redirect_uris !== redirect_uri) { - return new Response('', { status: 403 }) + return errors.validationError('redirect_uri not allowed') } const code = `${client.id}.${jwt}` diff --git a/migrations/0010_add_ui_client.sql b/migrations/0010_add_ui_client.sql new file mode 100644 index 0000000..61f65b9 --- /dev/null +++ b/migrations/0010_add_ui_client.sql @@ -0,0 +1,4 @@ +-- Migration number: 0010 2023-03-08T09:40:30.734Z + +INSERT INTO clients (id, secret, name, redirect_uris, scopes) +VALUES ('924801be-d211-495d-8cac-e73503413af8', hex(randomblob(42)), 'Wildebeest User Interface', '/', 'all');