From 1097ce6d9f06a7552652c5990cee12e7b7b3cc59 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 21 Feb 2019 18:55:19 +0300 Subject: [PATCH] Auth customization support. OAuthController#create_authorization user retrieval / creation, errors handling, template & layout selection. --- lib/pleroma/web/oauth.ex | 8 +++++++ lib/pleroma/web/oauth/authenticator.ex | 22 +++++++++++++++++++ .../web/oauth/authenticator_adapter.ex | 7 ++++++ lib/pleroma/web/oauth/oauth_controller.ex | 17 +++++++------- lib/pleroma/web/web.ex | 2 ++ 5 files changed, 48 insertions(+), 8 deletions(-) create mode 100644 lib/pleroma/web/oauth/authenticator.ex create mode 100644 lib/pleroma/web/oauth/authenticator_adapter.ex diff --git a/lib/pleroma/web/oauth.ex b/lib/pleroma/web/oauth.ex index d2835a0ba..f3bac33c8 100644 --- a/lib/pleroma/web/oauth.ex +++ b/lib/pleroma/web/oauth.ex @@ -3,6 +3,14 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.OAuth do + @authenticator Application.get_env( + :pleroma, + Pleroma.Web.AuthenticatorAdapter, + Pleroma.Web.Authenticator + ) + + def authenticator, do: @authenticator + def parse_scopes(scopes, _default) when is_list(scopes) do Enum.filter(scopes, &(&1 not in [nil, ""])) end diff --git a/lib/pleroma/web/oauth/authenticator.ex b/lib/pleroma/web/oauth/authenticator.ex new file mode 100644 index 000000000..86bbc41f0 --- /dev/null +++ b/lib/pleroma/web/oauth/authenticator.ex @@ -0,0 +1,22 @@ +defmodule Pleroma.Web.Authenticator do + alias Pleroma.User + alias Comeonin.Pbkdf2 + + @behaviour Pleroma.Web.AuthenticatorAdapter + + def get_user(%Plug.Conn{} = conn) do + %{"authorization" => %{"name" => name, "password" => password}} = conn.params + + with {_, %User{} = user} <- {:user, User.get_by_nickname_or_email(name)}, + {_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do + {:ok, user} + else + error -> + {:error, error} + end + end + + def handle_error(%Plug.Conn{} = _conn, error) do + error + end +end diff --git a/lib/pleroma/web/oauth/authenticator_adapter.ex b/lib/pleroma/web/oauth/authenticator_adapter.ex new file mode 100644 index 000000000..282963b1c --- /dev/null +++ b/lib/pleroma/web/oauth/authenticator_adapter.ex @@ -0,0 +1,7 @@ +defmodule Pleroma.Web.AuthenticatorAdapter do + alias Pleroma.User + + @callback get_user(Plug.Conn.t()) :: {:ok, User.t()} | {:error, any()} + + @callback handle_error(Plug.Conn.t(), any()) :: any() +end diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 7c1a3adbd..abe6fd2f2 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do use Pleroma.Web, :controller + alias Pleroma.Web.OAuth alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Token alias Pleroma.Web.OAuth.App @@ -24,27 +25,27 @@ defmodule Pleroma.Web.OAuth.OAuthController do available_scopes = (app && app.scopes) || [] scopes = oauth_scopes(params, nil) || available_scopes - render(conn, "show.html", %{ + template = Application.get_env(:pleroma, :auth_template, "show.html") + + render(conn, template, %{ response_type: params["response_type"], client_id: params["client_id"], available_scopes: available_scopes, scopes: scopes, redirect_uri: params["redirect_uri"], - state: params["state"] + state: params["state"], + params: params }) end def create_authorization(conn, %{ "authorization" => %{ - "name" => name, - "password" => password, "client_id" => client_id, "redirect_uri" => redirect_uri } = auth_params }) do - with %User{} = user <- User.get_by_nickname_or_email(name), - true <- Pbkdf2.checkpw(password, user.password_hash), + with {_, {:ok, %User{} = user}} <- {:get_user, OAuth.authenticator().get_user(conn)}, %App{} = app <- Repo.get_by(App, client_id: client_id), true <- redirect_uri in String.split(app.redirect_uris), scopes <- oauth_scopes(auth_params, []), @@ -53,9 +54,9 @@ defmodule Pleroma.Web.OAuth.OAuthController do {:missing_scopes, false} <- {:missing_scopes, scopes == []}, {:auth_active, true} <- {:auth_active, User.auth_active?(user)}, {:ok, auth} <- Authorization.create_authorization(app, user, scopes) do - # Special case: Local MastodonFE. redirect_uri = if redirect_uri == "." do + # Special case: Local MastodonFE mastodon_api_url(conn, :login) else redirect_uri @@ -97,7 +98,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do |> authorize(auth_params) error -> - error + OAuth.authenticator().handle_error(conn, error) end end diff --git a/lib/pleroma/web/web.ex b/lib/pleroma/web/web.ex index 853aa2a87..4f618743d 100644 --- a/lib/pleroma/web/web.ex +++ b/lib/pleroma/web/web.ex @@ -26,6 +26,8 @@ defmodule Pleroma.Web do import Plug.Conn import Pleroma.Web.Gettext import Pleroma.Web.Router.Helpers + + plug(:put_layout, Application.get_env(:pleroma, :app_template, "app.html")) end end -- 2.45.2