From 14f15b321be2473596edb4cfd30011d3eff2defd Mon Sep 17 00:00:00 2001 From: kim Date: Tue, 29 Apr 2025 13:43:01 +0000 Subject: [PATCH] [bugfix] don't prevent moved accounts from invalidating their old tokens (#4091) # Description Removes the move check from the invalidate token API handler, as moved accounts should be able to delete their old tokens. closes #4067 ## Checklist - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [x] I/we have commented the added code, particularly in hard-to-understand areas. - [ ] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [x] I/we have run tests and they pass locally with the changes. - [x] I/we have run `go fmt ./...` and `golangci-lint run`. Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4091 Co-authored-by: kim Co-committed-by: kim --- internal/api/client/tokens/tokeninvalidate.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/internal/api/client/tokens/tokeninvalidate.go b/internal/api/client/tokens/tokeninvalidate.go index eab77cc04..e705e2635 100644 --- a/internal/api/client/tokens/tokeninvalidate.go +++ b/internal/api/client/tokens/tokeninvalidate.go @@ -73,10 +73,9 @@ func (m *Module) TokenInvalidatePOSTHandler(c *gin.Context) { return } - if authed.Account.IsMoving() { - apiutil.ForbiddenAfterMove(c) - return - } + // Note that we don't perform a move check, + // as even moved accounts should be able to + // invalidate their old tokens. if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil { apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)