1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2024-08-20 21:08:15 -07:00

Compare commits

...

2 commits

Author SHA1 Message Date
Emelia Smith
db992e92e8
Merge 28ceb42daa into 549ab089ee 2024-07-31 11:06:50 +00:00
Emelia Smith
28ceb42daa
Remove OAuth Password Grant Type support 2024-07-08 20:57:57 +02:00

View file

@ -9,16 +9,9 @@ Doorkeeper.configure do
current_user || redirect_to(new_user_session_url) current_user || redirect_to(new_user_session_url)
end end
resource_owner_from_credentials do |_routes| # Disable Resource Owner Password Credentials Grant Flow
user = User.authenticate_with_ldap(email: request.params[:username], password: request.params[:password]) if Devise.ldap_authentication resource_owner_from_credentials do
user ||= User.authenticate_with_pam(email: request.params[:username], password: request.params[:password]) if Devise.pam_authentication nil
if user.nil?
user = User.find_by(email: request.params[:username])
user = nil unless user&.valid_password?(request.params[:password])
end
user unless user&.otp_required_for_login?
end end
# Doorkeeper provides some administrative interfaces for managing OAuth # Doorkeeper provides some administrative interfaces for managing OAuth
@ -170,7 +163,7 @@ Doorkeeper.configure do
# http://tools.ietf.org/html/rfc6819#section-4.4.3 # http://tools.ietf.org/html/rfc6819#section-4.4.3
# #
grant_flows %w(authorization_code password client_credentials) grant_flows %w(authorization_code client_credentials)
# Under some circumstances you might want to have applications auto-approved, # Under some circumstances you might want to have applications auto-approved,
# so that the user skips the authorization step. # so that the user skips the authorization step.