From 073dcf95170af1f602cd89afcf31459d10bd9c96 Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Tue, 31 Oct 2023 19:50:29 +0000 Subject: [PATCH] OAuth2: Improve authorize page wording --- app/blueprints/oauth/__init__.py | 10 +++------- app/templates/oauth/authorize.html | 2 +- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/app/blueprints/oauth/__init__.py b/app/blueprints/oauth/__init__.py index c2dd23de..cae323fa 100644 --- a/app/blueprints/oauth/__init__.py +++ b/app/blueprints/oauth/__init__.py @@ -179,7 +179,7 @@ def create_edit_client(username, id_=None): if id_ is not None: client = OAuthClient.query.get_or_404(id_) if client.owner != user: - abort(403) + abort(404) form = OAuthClientForm(formdata=request.form, obj=client) if form.validate_on_submit(): @@ -212,10 +212,8 @@ def delete_client(username, id_): abort(403) client = OAuthClient.query.get(id_) - if client is None: + if client is None or client.owner != user: abort(404) - elif client.owner != user: - abort(403) add_audit_log(AuditSeverity.NORMAL, current_user, f"Deleted OAuth2 application {client.title} by {client.owner.username} [{client.id}]", @@ -235,10 +233,8 @@ def revoke_all(username, id_): abort(403) client = OAuthClient.query.get(id_) - if client is None: + if client is None or client.owner != user: abort(404) - elif client.owner != user: - abort(403) add_audit_log(AuditSeverity.NORMAL, current_user, f"Revoked all user tokens for OAuth2 application {client.title} by {client.owner.username} [{client.id}]", diff --git a/app/templates/oauth/authorize.html b/app/templates/oauth/authorize.html index f751ee4e..fecdfe02 100644 --- a/app/templates/oauth/authorize.html +++ b/app/templates/oauth/authorize.html @@ -37,7 +37,7 @@ {{ _("Public data only") }}

- {{ _("Display name, username") }} + {{ _("Read-only access to your public data") }}