OAuth2: Improve authorize page wording

luanti-org · Oct 31, 2023 · 073dcf9 · 073dcf9
1 parent 8b03ca6
commit 073dcf9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 8 deletions.
diff --git a/app/blueprints/oauth/__init__.py b/app/blueprints/oauth/__init__.py
@@ -179,7 +179,7 @@ def create_edit_client(username, id_=None):
 	if id_ is not None:
 		client = OAuthClient.query.get_or_404(id_)
 		if client.owner != user:
-			abort(403)
+			abort(404)
 
 	form = OAuthClientForm(formdata=request.form, obj=client)
 	if form.validate_on_submit():
@@ -212,10 +212,8 @@ def delete_client(username, id_):
 		abort(403)
 
 	client = OAuthClient.query.get(id_)
-	if client is None:
+	if client is None or client.owner != user:
 		abort(404)
-	elif client.owner != user:
-		abort(403)
 
 	add_audit_log(AuditSeverity.NORMAL, current_user,
 			f"Deleted OAuth2 application {client.title} by {client.owner.username} [{client.id}]",
@@ -235,10 +233,8 @@ def revoke_all(username, id_):
 		abort(403)
 
 	client = OAuthClient.query.get(id_)
-	if client is None:
+	if client is None or client.owner != user:
 		abort(404)
-	elif client.owner != user:
-		abort(403)
 
 	add_audit_log(AuditSeverity.NORMAL, current_user,
 			f"Revoked all user tokens for OAuth2 application {client.title} by {client.owner.username} [{client.id}]",

diff --git a/app/templates/oauth/authorize.html b/app/templates/oauth/authorize.html
@@ -37,7 +37,7 @@ <h1 class="card-title">{{ self.title() }}</h1>
 							{{ _("Public data only") }}
 						</p>
 						<p class="text-muted my-0">
-							{{  _("Display name, username") }}
+							{{  _("Read-only access to your public data") }}
 						</p>
 					</div>
 				</div>