OAuth2: Improve authorize page wording

2024-12-22 22:12:24 +01:00 · 2023-10-31 19:50:29 +00:00 · 2023-10-31 19:50:29 +00:00 · 073dcf9517
commit 073dcf9517
parent 8b03ca6c63
2 changed files with 4 additions and 8 deletions
--- a/app/blueprints/oauth/init.py
+++ b/app/blueprints/oauth/init.py
@ -179,7 +179,7 @@ def create_edit_client(username, id_=None):
 	if id_ is not None:
 		client = OAuthClient.query.get_or_404(id_)
 		if client.owner != user:
-			abort(403)
+			abort(404)

 	form = OAuthClientForm(formdata=request.form, obj=client)
 	if form.validate_on_submit():
@ -212,10 +212,8 @@ def delete_client(username, id_):
 		abort(403)

 	client = OAuthClient.query.get(id_)
-	if client is None:
+	if client is None or client.owner != user:
 		abort(404)
-	elif client.owner != user:
-		abort(403)

 	add_audit_log(AuditSeverity.NORMAL, current_user,
 			f"Deleted OAuth2 application {client.title} by {client.owner.username} [{client.id}]",
@ -235,10 +233,8 @@ def revoke_all(username, id_):
 		abort(403)

 	client = OAuthClient.query.get(id_)
-	if client is None:
+	if client is None or client.owner != user:
 		abort(404)
-	elif client.owner != user:
-		abort(403)

 	add_audit_log(AuditSeverity.NORMAL, current_user,
 			f"Revoked all user tokens for OAuth2 application {client.title} by {client.owner.username} [{client.id}]",
--- a/app/templates/oauth/authorize.html
+++ b/app/templates/oauth/authorize.html
@ -37,7 +37,7 @@
 							{{ _("Public data only") }}
 						</p>
 						<p class="text-muted my-0">
-							{{  _("Display name, username") }}
+							{{  _("Read-only access to your public data") }}
 						</p>
 					</div>
 				</div>