friendica/src/Module/OAuth/Revoke.php

<?php
/**
 * @copyright Copyright (C) 2010-2022, the Friendica project
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 */

namespace Friendica\Module\OAuth;

use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Module\BaseApi;
use Psr\Http\Message\ResponseInterface;

/**
 * @see https://docs.joinmastodon.org/spec/oauth/
 */
class Revoke extends BaseApi
{
	public function run(array $request = [], bool $scopecheck = true): ResponseInterface
	{
		return parent::run($request, false);
	}

	protected function post(array $request = [])
	{
		$request = $this->getRequest([
			'client_id'     => '', // Client ID, obtained during app registration
			'client_secret' => '', // Client secret, obtained during app registration
			'token'         => '', // The previously obtained token, to be invalidated
		], $request);

		$condition = ['client_id' => $request['client_id'], 'client_secret' => $request['client_secret'], 'access_token' => $request['token']];
		$token = DBA::selectFirst('application-view', ['id'], $condition);
		if (empty($token['id'])) {
			Logger::notice('Token not found', $condition);
			DI::mstdnError()->Unauthorized();
		}

		DBA::delete('application-token', ['application-id' => $token['id']]);
		System::jsonExit([]);
	}
}
Login prototype 2021-05-11 06:30:20 +00:00			`<?php`
			`/**`
Update copyright 2022-01-02 07:27:47 +00:00			`* @copyright Copyright (C) 2010-2022, the Friendica project`
Login prototype 2021-05-11 06:30:20 +00:00			`*`
			`* @license GNU AGPL version 3 or any later version`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as`
			`* published by the Free Software Foundation, either version 3 of the`
			`* License, or (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
			`*`
			`*/`

			`namespace Friendica\Module\OAuth;`

API: Added OAuth revoke, adding documentation to parameters 2021-06-16 19:24:44 +00:00			`use Friendica\Core\Logger;`
			`use Friendica\Core\System;`
			`use Friendica\Database\DBA;`
			`use Friendica\DI;`
Login prototype 2021-05-11 06:30:20 +00:00			`use Friendica\Module\BaseApi;`
API: Fix for OAuth endpoints that mustn't be authorized 2021-12-17 15:25:04 +00:00			`use Psr\Http\Message\ResponseInterface;`
Login prototype 2021-05-11 06:30:20 +00:00
			`/**`
Added documentation 2021-05-12 12:00:24 +00:00			`* @see https://docs.joinmastodon.org/spec/oauth/`
Login prototype 2021-05-11 06:30:20 +00:00			`*/`
			`class Revoke extends BaseApi`
			`{`
API: Fix for OAuth endpoints that mustn't be authorized 2021-12-17 15:25:04 +00:00			`public function run(array $request = [], bool $scopecheck = true): ResponseInterface`
			`{`
			`return parent::run($request, false);`
			`}`

Make $_REQUEST processing independent of sub-calls - Move HTTPInputData::process() into App::runFrontend() - Pass $_REQUEST (including processed Input) to every Module method - Delete $_POST parameters at Module post() calls because of $_REQUEST 2021-11-28 12:44:42 +00:00			`protected function post(array $request = [])`
Login prototype 2021-05-11 06:30:20 +00:00			`{`
extract "BaseApi::checkDefaults()" method for later usage 2021-11-28 12:22:27 +00:00			`$request = $this->getRequest([`
API: Added OAuth revoke, adding documentation to parameters 2021-06-16 19:24:44 +00:00			`'client_id' => '', // Client ID, obtained during app registration`
			`'client_secret' => '', // Client secret, obtained during app registration`
			`'token' => '', // The previously obtained token, to be invalidated`
Add a second parameter to BaseApi::getRequest to enable API tests 2021-11-27 23:30:41 +00:00			`], $request);`
API: Added OAuth revoke, adding documentation to parameters 2021-06-16 19:24:44 +00:00
			`$condition = ['client_id' => $request['client_id'], 'client_secret' => $request['client_secret'], 'access_token' => $request['token']];`
			`$token = DBA::selectFirst('application-view', ['id'], $condition);`
			`if (empty($token['id'])) {`
Some more changed log levels 2022-08-31 05:01:22 +00:00			`Logger::notice('Token not found', $condition);`
API: Added OAuth revoke, adding documentation to parameters 2021-06-16 19:24:44 +00:00			`DI::mstdnError()->Unauthorized();`
			`}`

			`DBA::delete('application-token', ['application-id' => $token['id']]);`
			`System::jsonExit([]);`
Login prototype 2021-05-11 06:30:20 +00:00			`}`
			`}`