Auth customization support.
OAuthController#create_authorization user retrieval / creation, errors handling, template & layout selection.
This commit is contained in:
parent
2813f28b6f
commit
1097ce6d9f
|
@ -3,6 +3,14 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.OAuth do
|
defmodule Pleroma.Web.OAuth do
|
||||||
|
@authenticator Application.get_env(
|
||||||
|
:pleroma,
|
||||||
|
Pleroma.Web.AuthenticatorAdapter,
|
||||||
|
Pleroma.Web.Authenticator
|
||||||
|
)
|
||||||
|
|
||||||
|
def authenticator, do: @authenticator
|
||||||
|
|
||||||
def parse_scopes(scopes, _default) when is_list(scopes) do
|
def parse_scopes(scopes, _default) when is_list(scopes) do
|
||||||
Enum.filter(scopes, &(&1 not in [nil, ""]))
|
Enum.filter(scopes, &(&1 not in [nil, ""]))
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
defmodule Pleroma.Web.Authenticator do
|
||||||
|
alias Pleroma.User
|
||||||
|
alias Comeonin.Pbkdf2
|
||||||
|
|
||||||
|
@behaviour Pleroma.Web.AuthenticatorAdapter
|
||||||
|
|
||||||
|
def get_user(%Plug.Conn{} = conn) do
|
||||||
|
%{"authorization" => %{"name" => name, "password" => password}} = conn.params
|
||||||
|
|
||||||
|
with {_, %User{} = user} <- {:user, User.get_by_nickname_or_email(name)},
|
||||||
|
{_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do
|
||||||
|
{:ok, user}
|
||||||
|
else
|
||||||
|
error ->
|
||||||
|
{:error, error}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def handle_error(%Plug.Conn{} = _conn, error) do
|
||||||
|
error
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,7 @@
|
||||||
|
defmodule Pleroma.Web.AuthenticatorAdapter do
|
||||||
|
alias Pleroma.User
|
||||||
|
|
||||||
|
@callback get_user(Plug.Conn.t()) :: {:ok, User.t()} | {:error, any()}
|
||||||
|
|
||||||
|
@callback handle_error(Plug.Conn.t(), any()) :: any()
|
||||||
|
end
|
|
@ -5,6 +5,7 @@
|
||||||
defmodule Pleroma.Web.OAuth.OAuthController do
|
defmodule Pleroma.Web.OAuth.OAuthController do
|
||||||
use Pleroma.Web, :controller
|
use Pleroma.Web, :controller
|
||||||
|
|
||||||
|
alias Pleroma.Web.OAuth
|
||||||
alias Pleroma.Web.OAuth.Authorization
|
alias Pleroma.Web.OAuth.Authorization
|
||||||
alias Pleroma.Web.OAuth.Token
|
alias Pleroma.Web.OAuth.Token
|
||||||
alias Pleroma.Web.OAuth.App
|
alias Pleroma.Web.OAuth.App
|
||||||
|
@ -24,27 +25,27 @@ def authorize(conn, params) do
|
||||||
available_scopes = (app && app.scopes) || []
|
available_scopes = (app && app.scopes) || []
|
||||||
scopes = oauth_scopes(params, nil) || available_scopes
|
scopes = oauth_scopes(params, nil) || available_scopes
|
||||||
|
|
||||||
render(conn, "show.html", %{
|
template = Application.get_env(:pleroma, :auth_template, "show.html")
|
||||||
|
|
||||||
|
render(conn, template, %{
|
||||||
response_type: params["response_type"],
|
response_type: params["response_type"],
|
||||||
client_id: params["client_id"],
|
client_id: params["client_id"],
|
||||||
available_scopes: available_scopes,
|
available_scopes: available_scopes,
|
||||||
scopes: scopes,
|
scopes: scopes,
|
||||||
redirect_uri: params["redirect_uri"],
|
redirect_uri: params["redirect_uri"],
|
||||||
state: params["state"]
|
state: params["state"],
|
||||||
|
params: params
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
def create_authorization(conn, %{
|
def create_authorization(conn, %{
|
||||||
"authorization" =>
|
"authorization" =>
|
||||||
%{
|
%{
|
||||||
"name" => name,
|
|
||||||
"password" => password,
|
|
||||||
"client_id" => client_id,
|
"client_id" => client_id,
|
||||||
"redirect_uri" => redirect_uri
|
"redirect_uri" => redirect_uri
|
||||||
} = auth_params
|
} = auth_params
|
||||||
}) do
|
}) do
|
||||||
with %User{} = user <- User.get_by_nickname_or_email(name),
|
with {_, {:ok, %User{} = user}} <- {:get_user, OAuth.authenticator().get_user(conn)},
|
||||||
true <- Pbkdf2.checkpw(password, user.password_hash),
|
|
||||||
%App{} = app <- Repo.get_by(App, client_id: client_id),
|
%App{} = app <- Repo.get_by(App, client_id: client_id),
|
||||||
true <- redirect_uri in String.split(app.redirect_uris),
|
true <- redirect_uri in String.split(app.redirect_uris),
|
||||||
scopes <- oauth_scopes(auth_params, []),
|
scopes <- oauth_scopes(auth_params, []),
|
||||||
|
@ -53,9 +54,9 @@ def create_authorization(conn, %{
|
||||||
{:missing_scopes, false} <- {:missing_scopes, scopes == []},
|
{:missing_scopes, false} <- {:missing_scopes, scopes == []},
|
||||||
{:auth_active, true} <- {:auth_active, User.auth_active?(user)},
|
{:auth_active, true} <- {:auth_active, User.auth_active?(user)},
|
||||||
{:ok, auth} <- Authorization.create_authorization(app, user, scopes) do
|
{:ok, auth} <- Authorization.create_authorization(app, user, scopes) do
|
||||||
# Special case: Local MastodonFE.
|
|
||||||
redirect_uri =
|
redirect_uri =
|
||||||
if redirect_uri == "." do
|
if redirect_uri == "." do
|
||||||
|
# Special case: Local MastodonFE
|
||||||
mastodon_api_url(conn, :login)
|
mastodon_api_url(conn, :login)
|
||||||
else
|
else
|
||||||
redirect_uri
|
redirect_uri
|
||||||
|
@ -97,7 +98,7 @@ def create_authorization(conn, %{
|
||||||
|> authorize(auth_params)
|
|> authorize(auth_params)
|
||||||
|
|
||||||
error ->
|
error ->
|
||||||
error
|
OAuth.authenticator().handle_error(conn, error)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -26,6 +26,8 @@ def controller do
|
||||||
import Plug.Conn
|
import Plug.Conn
|
||||||
import Pleroma.Web.Gettext
|
import Pleroma.Web.Gettext
|
||||||
import Pleroma.Web.Router.Helpers
|
import Pleroma.Web.Router.Helpers
|
||||||
|
|
||||||
|
plug(:put_layout, Application.get_env(:pleroma, :app_template, "app.html"))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue