Merge branch 'bugfix/oauth-token-padding' into 'develop'

oauth: never use base64 padding when returning tokens to applications

See merge request pleroma/pleroma!825

lib/pleroma/web/oauth/app.ex

@@ -25,8 +25,14 @@ def register_changeset(struct, params \\ %{}) do
 
     if changeset.valid? do
       changeset
-      |> put_change(:client_id, :crypto.strong_rand_bytes(32) |> Base.url_encode64())
+      |> put_change(
-      |> put_change(:client_secret, :crypto.strong_rand_bytes(32) |> Base.url_encode64())
+        :client_id,
+        :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
+      )
+      |> put_change(
+        :client_secret,
+        :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
+      )
     else
       changeset
     end

lib/pleroma/web/oauth/authorization.ex

@@ -24,7 +24,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
   end
 
   def create_authorization(%App{} = app, %User{} = user) do
-    token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
+    token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
 
     authorization = %Authorization{
       token: token,

lib/pleroma/web/oauth/oauth_controller.ex

@@ -173,7 +173,7 @@ defp fix_padding(token) do
     token
     |> URI.decode()
     |> Base.url_decode64!(padding: false)
-    |> Base.url_encode64()
+    |> Base.url_encode64(padding: false)
   end
 
   defp get_app_from_request(conn, params) do

lib/pleroma/web/oauth/token.ex

@@ -31,8 +31,8 @@ def exchange_token(app, auth) do
   end
 
   def create_token(%App{} = app, %User{} = user) do
-    token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
+    token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
-    refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
+    refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
 
     token = %Token{
       token: token,