From 624a2e11615f345dc167de07ed565fadeb1b5c04 Mon Sep 17 00:00:00 2001
From: Aevann1 <Aevann3@gmail.com>
Date: Tue, 3 Aug 2021 19:43:30 +0200
Subject: [PATCH] fdfd

---
 drama/classes/clients.py           | 42 +++---------------------------
 drama/routes/oauth.py              | 23 ++++++----------
 drama/templates/admin/app.html     |  2 +-
 drama/templates/admin/apps.html    |  4 +--
 drama/templates/settings_apps.html |  5 ++--
 5 files changed, 16 insertions(+), 60 deletions(-)

diff --git a/drama/classes/clients.py b/drama/classes/clients.py
index 8f0d0c26a..a92a22dc4 100644
--- a/drama/classes/clients.py
+++ b/drama/classes/clients.py
@@ -7,29 +7,22 @@ from .submission import Submission
 from .comment import Comment
 from drama.__main__ import Base
 
-
 class OauthApp(Base, Stndrd):
 
 	__tablename__ = "oauth_apps"
 
 	id = Column(Integer, primary_key=True)
 	client_id = Column(String(64))
-	client_secret = Column(String(128))
 	app_name = Column(String(50))
 	redirect_uri = Column(String(4096))
-	author_id = Column(Integer, ForeignKey("users.id"))
-	is_banned = Column(Boolean, default=False)
 	description = Column(String(256))
-
 	author = relationship("User")
 
-	def __repr__(self):
-		return f"<OauthApp(id={self.id})>"
+	def __repr__(self): return f"<OauthApp(id={self.id})>"
 
 	@property
-	def permalink(self):
+	def permalink(self): return f"/admin/app/{self.id}"
 
-		return f"/admin/app/{self.id}"
 
 	def idlist(self, page=1, **kwargs):
 
@@ -51,41 +44,12 @@ class OauthApp(Base, Stndrd):
 
 		return [x[0] for x in posts.all()]
 
-
-
-
 class ClientAuth(Base, Stndrd):
 
 	__tablename__ = "client_auths"
 
 	id = Column(Integer, primary_key=True)
 	oauth_client = Column(Integer, ForeignKey("oauth_apps.id"))
-	oauth_code = Column(String(128))
-	user_id = Column(Integer, ForeignKey("users.id"))
-	scope_identity = Column(Boolean, default=False)
-	scope_create = Column(Boolean, default=False)
-	scope_read = Column(Boolean, default=False)
-	scope_update = Column(Boolean, default=False)
-	scope_delete = Column(Boolean, default=False)
-	scope_vote = Column(Boolean, default=False)
 	access_token = Column(String(128))
-	refresh_token = Column(String(128))
-	access_token_expire_utc = Column(Integer)
-
 	user = relationship("User", lazy="joined")
-	application = relationship("OauthApp", lazy="joined")
-
-	@property
-	def scopelist(self):
-
-		output = ""
-		output += "identity," if self.scope_identity else ""
-		output += "create," if self.scope_create else ""
-		output += "read," if self.scope_read else ""
-		output += "update," if self.scope_update else ""
-		output += "delete," if self.scope_delete else ""
-		output += "vote," if self.scope_vote else ""
-
-		output = output.rstrip(',')
-
-		return output
+	application = relationship("OauthApp", lazy="joined")
\ No newline at end of file
diff --git a/drama/routes/oauth.py b/drama/routes/oauth.py
index c56b3efdf..af0c933d4 100644
--- a/drama/routes/oauth.py
+++ b/drama/routes/oauth.py
@@ -11,7 +11,6 @@ def authorize_prompt(v):
 	client_id = request.args.get("client_id")
 	application = g.db.query(OauthApp).filter_by(client_id=client_id).first()
 	if not application: return {"oauth_error": "Invalid `client_id`"}, 401
-	if application.is_banned: return {"oauth_error": f"Application `{application.app_name}` is suspended."}, 403
 	return render_template("oauth.html", v=v, application=application)
 
 
@@ -23,7 +22,6 @@ def authorize(v):
 	client_id = request.form.get("client_id")
 	application = g.db.query(OauthApp).filter_by(client_id=client_id).first()
 	if not application: return {"oauth_error": "Invalid `client_id`"}, 401
-	if application.is_banned: return {"oauth_error": f"Application `{application.app_name}` is suspended."}, 403
 	access_token = secrets.token_urlsafe(128)[:128]
 	new_auth = ClientAuth(
 		oauth_client = application.id,
@@ -97,8 +95,6 @@ def admin_app_approve(v, aid):
 	app = g.db.query(OauthApp).filter_by(id=aid).first()
 
 	app.client_id = secrets.token_urlsafe(64)[:64]
-	app.client_secret = secrets.token_urlsafe(128)[:128]
-
 	g.db.add(app)
 
 	access_token = secrets.token_urlsafe(128)[:128]
@@ -122,15 +118,14 @@ def admin_app_revoke(v, aid):
 
 	app = g.db.query(OauthApp).filter_by(id=aid).first()
 
-	app.client_id = None
-	app.client_secret = None
+	for auth in g.db.query(ClientAuth).filter_by(oauth_client=app.id).all(): g.db.delete(auth)
 
-	g.db.add(app)
+	g.db.flush()
+	send_notification(1046, app.author, f"Your application `{app.app_name}` has been revoked.")
 
-	u = get_account(app.author_id, v=v)
-	send_notification(1046, u, f"Your application `{app.app_name}` has been revoked.")
+	g.db.delete(app)
 
-	return {"message": f"{app.app_name} revoked"}
+	return {"message": f"App revoked"}
 
 
 @app.post("/admin/app/reject/<aid>")
@@ -140,16 +135,14 @@ def admin_app_reject(v, aid):
 
 	app = g.db.query(OauthApp).filter_by(id=aid).first()
 
-	for auth in g.db.query(ClientAuth).filter_by(oauth_client=app.id).all():
-		g.db.delete(auth)
+	for auth in g.db.query(ClientAuth).filter_by(oauth_client=app.id).all(): g.db.delete(auth)
 
 	g.db.flush()
-	u = get_account(app.author_id, v=v)
-	send_notification(1046, u, f"Your application `{app.app_name}` has been rejected.")
+	send_notification(1046, app.author, f"Your application `{app.app_name}` has been rejected.")
 
 	g.db.delete(app)
 
-	return {"message": f"{app.app_name} rejected"}
+	return {"message": f"App rejected"}
 
 
 @app.get("/admin/app/<aid>")
diff --git a/drama/templates/admin/app.html b/drama/templates/admin/app.html
index d08b27b97..07eb42f46 100644
--- a/drama/templates/admin/app.html
+++ b/drama/templates/admin/app.html
@@ -32,7 +32,7 @@
 	</div>
 	<div class="footer">
 		<div class="d-flex">
-			{% if not app.client_secret%}
+			{% if not app.client_id%}
 
 			<a href="javascript:void(0)" class="btn btn-primary ml-auto" onclick="post_toast('/admin/app/approve/{{app.id}}')">Approve</a>
 			<a href="javascript:void(0)" class="btn btn-secondary mr-0" onclick="post_toast('/admin/app/reject/{{app.id}}')">Reject</a> 
diff --git a/drama/templates/admin/apps.html b/drama/templates/admin/apps.html
index 10340e793..47cc0e181 100644
--- a/drama/templates/admin/apps.html
+++ b/drama/templates/admin/apps.html
@@ -23,7 +23,7 @@
 			<label for="edit-{{app.id}}-name" class="mb-0 w-lg-25">App Name</label>
 			<input id="edit-{{app.id}}-name" class="form-control" type="text" name="name" value="{{app.app_name}}" readonly=readonly>
 
-			{% if app.client_secret %}
+			{% if app.client_id %}
 			<label for="edit-{{app.id}}-client-id" class="mb-0 w-lg-25">Client ID</label>
 			<input id="edit-{{app.id}}-client-id" class="form-control" type="text" name="name" value="{{app.client_id}}" readonly="readonly">
 			{% endif %}
@@ -37,7 +37,7 @@
 	</div>
 	<div class="footer">
 		<div class="d-flex">
-			{% if not app.client_secret %}
+			{% if not app.client_id %}
 
 			<a href="javascript:void(0)" class="btn btn-primary ml-auto" onclick="post_toast('/admin/app/approve/{{app.id}}')">Approve</a>
 			<a href="javascript:void(0)" class="btn btn-secondary mr-0" onclick="post_toast('/admin/app/reject/{{app.id}}')">Reject</a> 
diff --git a/drama/templates/settings_apps.html b/drama/templates/settings_apps.html
index 2921cb1fd..e75d27985 100644
--- a/drama/templates/settings_apps.html
+++ b/drama/templates/settings_apps.html
@@ -17,7 +17,7 @@
 
 <h2 class="h5">Your API Applications</h2>
 
-{% for app in v.applications if app.client_secret %}
+{% for app in v.applications if app.client_id %}
 
 <form id="edit-app-{{app.id}}" action="/edit_app/{{app.id}}" method="post">
 	<div class="settings-section rounded">
@@ -50,7 +50,7 @@
 
 <h2 class="h5">API Applications Awaiting Approval</h2>
 
-{% for app in v.applications if not app.client_secret %}
+{% for app in v.applications if not app.client_id %}
 
 <form id="edit-app-{{app.id}}" action="/edit_app/{{app.id}}" method="post">
 	<div class="settings-section rounded">
@@ -92,7 +92,6 @@
 						<div class="body w-lg-100">
 				<input type="hidden" name="formkey" value="{{v.formkey}}">
 				<label class="mb-0 w-lg-25">Permissions</label>
-				<input class="form-control" type="text" name="name" value="{{auth.scopelist}}" readonly="readonly">
 				<label class="mb-0 w-lg-25">Description</label>
 				<textarea class="form-control" name="description" maxlength="256" readonly="readonly">{{auth.application.description}}</textarea>
 			</div>