From abc11732d2d14b4715f5314572b45de75484ad76 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Fri, 15 Oct 2021 17:59:23 +0200 Subject: [PATCH] fsdfds --- files/routes/oauth.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/files/routes/oauth.py b/files/routes/oauth.py index b5b90cb9a..6ffcbf68e 100755 --- a/files/routes/oauth.py +++ b/files/routes/oauth.py @@ -26,11 +26,7 @@ def authorize(v): application = g.db.query(OauthApp).options(lazyload('*')).filter_by(client_id=client_id).first() if not application: return {"oauth_error": "Invalid `client_id`"}, 401 access_token = secrets.token_urlsafe(128)[:128] - new_auth = ClientAuth( - oauth_client = application.id, - user_id = v.id, - access_token=access_token - ) + new_auth = ClientAuth(oauth_client = application.id, user_id = v.id, access_token=access_token) g.db.add(new_auth) @@ -69,6 +65,8 @@ def delete_oauth_app(v, aid): aid = int(aid) app = g.db.query(OauthApp).options(lazyload('*')).filter_by(id=aid).first() + if app.author_id != v.id: abort(403) + for auth in g.db.query(ClientAuth).options(lazyload('*')).filter_by(oauth_client=app.id).all(): g.db.delete(auth) @@ -88,6 +86,8 @@ def edit_oauth_app(v, aid): aid = int(aid) app = g.db.query(OauthApp).options(lazyload('*')).filter_by(id=aid).first() + if app.author_id != v.id: abort(403) + app.redirect_uri = request.values.get('redirect_uri') app.app_name = request.values.get('name') app.description = request.values.get("description")[:256]