[feature] Enforce OAuth token scopes (#3835)

* move tokenauth to apiutil * enforce scopes * docs * update test models, remove deprecated "follow" * file header * tests * tweak scope matcher * simplify... * fix tests * log user out of settings panel in case of oauth error
author: tobi <31960611+tsmethurst@users.noreply.github.com> 2025-02-26 13:04:55 +0100
committer: GitHub <noreply@github.com> 2025-02-26 13:04:55 +0100
commit: eb720241da3d786c6ec79f2325277fa4af23846f (patch)
tree: 36e0e08699e55a56d247353d082cc0a2b8144999 /testrig/testmodels.go
parent: [chore]: Bump golang.org/x/crypto from 0.33.0 to 0.34.0 (#3824) (diff)
download: gotosocial-eb720241da3d786c6ec79f2325277fa4af23846f.tar.xz
1 files changed, 13 insertions, 3 deletions
diff --git a/testrig/testmodels.go b/testrig/testmodels.go
index 806e64891..15b28b8c9 100644
--- a/testrig/testmodels.go
+++ b/testrig/testmodels.go
@@ -51,11 +51,21 @@ func NewTestTokens() map[string]*gtsmodel.Token {
 			ClientID:        "01F8MGV8AC3NGSJW0FE8W1BV70",
 			UserID:          "01F8MGVGPHQ2D3P3X0454H54Z5",
 			RedirectURI:     "http://localhost:8080",
-			Scope:           "read write follow push",
+			Scope:           "read write push",
 			Access:          "NZAZOTC0OWITMDU0NC0ZODG4LWE4NJITMWUXM2M4MTRHZDEX",
 			AccessCreateAt:  TimeMustParse("2022-06-10T15:22:08Z"),
 			AccessExpiresAt: TimeMustParse("2050-01-01T15:22:08Z"),
 		},
+		"local_account_1_push_only": {
+			ID:              "01JN0X2D9GJTZQ5KYPYFWN16QW",
+			ClientID:        "01F8MGV8AC3NGSJW0FE8W1BV70",
+			UserID:          "01F8MGVGPHQ2D3P3X0454H54Z5",
+			RedirectURI:     "http://localhost:8080",
+			Scope:           "push",
+			Access:          "01JN0X49RYKMP6G9X0HJAP317101JN0X49RYKMP6G9X0HJAP",
+			AccessCreateAt:  TimeMustParse("2022-06-10T15:22:08Z"),
+			AccessExpiresAt: TimeMustParse("2050-01-01T15:22:08Z"),
+		},
 		"local_account_1_client_application_token": {
 			ID:              "01P9SVWS9J3SPHZQ3KCMBEN70N",
 			ClientID:        "01F8MGV8AC3NGSJW0FE8W1BV70",
@@ -78,7 +88,7 @@ func NewTestTokens() map[string]*gtsmodel.Token {
 			ClientID:        "01F8MGW47HN8ZXNHNZ7E47CDMQ",
 			UserID:          "01F8MH1VYJAE00TVVGMM5JNJ8X",
 			RedirectURI:     "http://localhost:8080",
-			Scope:           "read write follow push",
+			Scope:           "read write push",
 			Access:          "PIPINALKNNNFNF98717NAMNAMNFKIJKJ881818KJKJAKJJJA",
 			AccessCreateAt:  TimeMustParse("2022-06-10T15:22:08Z"),
 			AccessExpiresAt: TimeMustParse("2050-01-01T15:22:08Z"),
@@ -88,7 +98,7 @@ func NewTestTokens() map[string]*gtsmodel.Token {
 			ClientID:        "01F8MGWSJCND9BWBD4WGJXBM93",
 			UserID:          "01F8MGWYWKVKS3VS8DV1AMYPGE",
 			RedirectURI:     "http://localhost:8080",
-			Scope:           "read write follow push admin",
+			Scope:           "read write push admin",
 			Access:          "AININALKNENFNF98717NAMG4LWE4NJITMWUXM2M4MTRHZDEX",
 			AccessCreateAt:  TimeMustParse("2022-06-10T15:22:08Z"),
 			AccessExpiresAt: TimeMustParse("2050-01-01T15:22:08Z"),
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2025-02-26 13:04:55 +0100
committer	GitHub <noreply@github.com>	2025-02-26 13:04:55 +0100
commit	eb720241da3d786c6ec79f2325277fa4af23846f (patch)
tree	36e0e08699e55a56d247353d082cc0a2b8144999 /testrig/testmodels.go
parent	[chore]: Bump golang.org/x/crypto from 0.33.0 to 0.34.0 (#3824) (diff)
download	gotosocial-eb720241da3d786c6ec79f2325277fa4af23846f.tar.xz