fix: address PR #589 review findings
- Fix anyio.Lock() created at module import time; use lazy init in get_shared_storage() to avoid instantiation before event loop exists - Stop get_login_flow_session from silently swallowing DB exceptions; re-raise and handle in caller with proper error response - Update ProvisionAccessResponse and UpdateScopesResponse status field docs to include all actual values (declined, cancelled, unchanged) - Narrow except clause in present_login_url to (AttributeError, NotImplementedError) instead of bare Exception - Add KeyError handling in LoginFlowV2Client.initiate() and poll() for clear errors on malformed Nextcloud responses - Simplify redundant env-var bypass branches in scope_authorization.py - Extract _maybe_login_flow_cleanup() context manager to replace 4 inline cleanup loop registrations in app.py; move sleep to end of loop body so cleanup runs once at startup - Replace fragile string replacement in _rewrite_login_flow_url with proper urllib.parse URL handling Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -128,20 +128,17 @@ def require_scopes(*required_scopes: str):
|
||||
)
|
||||
|
||||
if access_token is None:
|
||||
# Check if single-user BasicAuth mode (env var app password)
|
||||
# If NEXTCLOUD_APP_PASSWORD or NEXTCLOUD_PASSWORD is set, bypass scope checks
|
||||
# No OAuth token — either BasicAuth with env var credentials
|
||||
# or BasicAuth without explicit credentials. Both bypass scope checks.
|
||||
settings = get_settings()
|
||||
if settings.nextcloud_app_password or settings.nextcloud_password:
|
||||
logger.debug(
|
||||
f"No access token for {func_name} - allowing (env var app password)"
|
||||
)
|
||||
return await func(*args, **kwargs)
|
||||
|
||||
# Not in OAuth mode (BasicAuth or no auth)
|
||||
# In BasicAuth mode, all operations are allowed
|
||||
logger.debug(
|
||||
f"No access token present for {func_name} - allowing (BasicAuth mode)"
|
||||
)
|
||||
else:
|
||||
logger.debug(
|
||||
f"No access token present for {func_name} - allowing (BasicAuth mode)"
|
||||
)
|
||||
return await func(*args, **kwargs)
|
||||
|
||||
# ── Login Flow v2: Check stored app password scopes ──
|
||||
|
||||
Reference in New Issue
Block a user