search

Traewelling / traewelling

Free check-in service to log your public transit journeys
https://traewelling.de
GNU Affero General Public License v3.0
234 stars 47 forks source link

Too many requested scopes #2666

Open HerrLevin opened 5 months ago

HerrLevin commented 5 months ago

Describe the bug

Träwelling is requesting too many scopes on activitpub-servers ~that are not mastodon.~

Due to a recent discussion in #2768 and subsequent debugging I've come to the following conclusion:

The problem is the following: Our old mastodon library had a bug and didn't allow anything except read/write scopes. It's technically possible now to change it, but we would have to rewrite a huge chunk of our login/social posting code to handle both "old" keys with their scopes and the new ones with reduced scopes. Also we would have to re-authenticate all users and about 500 instances. Which is a lot.

[!NOTE] What should we do here? I'm not sure if we can and should still change this. Maybe add a flag in the mastodon servers table indicating the scopes?

Steps to reproduce

  1. Create an account on a misskey instance
  2. Log in on TRWL with your account
  3. See way more scopes than read/write

Browser console logs

See also: https://blahaj.zone/notes/9u5sdaa31l6o01la

Browser

All

HerrLevin commented 4 months ago

Here is a small working patch for newly created träwelling instances:

Subject: [PATCH] Changes
---
Index: app/Http/Controllers/Frontend/Social/MastodonController.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/app/Http/Controllers/Frontend/Social/MastodonController.php b/app/Http/Controllers/Frontend/Social/MastodonController.php
--- a/app/Http/Controllers/Frontend/Social/MastodonController.php   
+++ b/app/Http/Controllers/Frontend/Social/MastodonController.php   
@@ -47,7 +47,9 @@
         session(['mastodon_server' => $server]);

         try {
-            return Socialite::driver('mastodon')->redirect();
+            return Socialite::driver('mastodon')
+                            ->setScopes(config('services.mastodon.scopes'))
+                            ->redirect();
         } catch (Exception $exception) {
             report($exception);
             return back()->with('error', __('messages.exception.general'));
Index: config/services.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/config/services.php b/config/services.php
--- a/config/services.php   
+++ b/config/services.php   
@@ -49,5 +49,6 @@
         'client_id'     => env('MASTODON_ID'),
         'client_secret' => env('MASTODON_SECRET'),
         'redirect'      => env('MASTODON_REDIRECT'),
+        'scopes'        => env('MASTODON_SCOPES', 'read:statuses write:statuses read:accounts'),
     ],
 ];
Index: app/Http/Controllers/Backend/Social/MastodonController.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/app/Http/Controllers/Backend/Social/MastodonController.php b/app/Http/Controllers/Backend/Social/MastodonController.php
--- a/app/Http/Controllers/Backend/Social/MastodonController.php    
+++ b/app/Http/Controllers/Backend/Social/MastodonController.php    
@@ -94,7 +94,8 @@
             $info = Mastodon::domain($domain)->createApp(
                 client_name:   config('trwl.mastodon_appname'),
                 redirect_uris: config('trwl.mastodon_redirect'),
-                scopes:        'write read'
+                scopes:        config('services.mastodon.scopes'),
+                website:       config('app.url')
             );
             return MastodonServer::updateOrCreate([
                                                       'domain' => $domain,