git.squeep.com Git - akkoma/blob - lib/pleroma/web/mastodon_api/controllers/auth_controller.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MastodonAPI.AuthController do
   6   use Pleroma.Web, :controller
   7
   8   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
   9
  10   alias Pleroma.Helpers.AuthHelper
  11   alias Pleroma.Helpers.UriHelper
  12   alias Pleroma.User
  13   alias Pleroma.Web.OAuth.App
  14   alias Pleroma.Web.OAuth.Authorization
  15   alias Pleroma.Web.OAuth.Token
  16   alias Pleroma.Web.OAuth.Token.Strategy.Revoke, as: RevokeToken
  17   alias Pleroma.Web.TwitterAPI.TwitterAPI
  18
  19   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
  20
  21   plug(Pleroma.Web.Plugs.RateLimiter, [name: :password_reset] when action == :password_reset)
  22
  23   @local_mastodon_name "Mastodon-Local"
  24
  25   @doc "GET /web/login"
  26   # Local Mastodon FE login callback action
  27   def login(conn, %{"code" => auth_token} = params) do
  28     with {:ok, app} <- local_mastofe_app(),
  29          {:ok, auth} <- Authorization.get_by_token(app, auth_token),
  30          %User{} = user <- User.get_cached_by_id(auth.user_id),
  31          {:ok, oauth_token} <- Token.get_or_exchange_token(auth, app, user) do
  32       redirect_to =
  33         conn
  34         |> local_mastodon_post_login_path()
  35         |> UriHelper.modify_uri_params(%{"access_token" => oauth_token.token})
  36
  37       conn
  38       |> AuthHelper.put_session_token(oauth_token.token)
  39       |> redirect(to: redirect_to)
  40     else
  41       _ -> redirect_to_oauth_form(conn, params)
  42     end
  43   end
  44
  45   def login(conn, params) do
  46     with %{assigns: %{user: %User{}, token: %Token{app_id: app_id}}} <- conn,
  47          {:ok, %{id: ^app_id}} <- local_mastofe_app() do
  48       redirect(conn, to: local_mastodon_post_login_path(conn))
  49     else
  50       _ -> redirect_to_oauth_form(conn, params)
  51     end
  52   end
  53
  54   defp redirect_to_oauth_form(conn, _params) do
  55     with {:ok, app} <- local_mastofe_app() do
  56       path =
  57         Routes.o_auth_path(conn, :authorize,
  58           response_type: "code",
  59           client_id: app.client_id,
  60           redirect_uri: ".",
  61           scope: Enum.join(app.scopes, " ")
  62         )
  63
  64       redirect(conn, to: path)
  65     end
  66   end
  67
  68   @doc "DELETE /auth/sign_out"
  69   def logout(conn, _) do
  70     conn =
  71       with %{assigns: %{token: %Token{} = oauth_token}} <- conn,
  72            session_token = AuthHelper.get_session_token(conn),
  73            {:ok, %Token{token: ^session_token}} <- RevokeToken.revoke(oauth_token) do
  74         AuthHelper.delete_session_token(conn)
  75       else
  76         _ -> conn
  77       end
  78
  79     redirect(conn, to: "/")
  80   end
  81
  82   @doc "POST /auth/password"
  83   def password_reset(conn, params) do
  84     nickname_or_email = params["email"] || params["nickname"]
  85
  86     TwitterAPI.password_reset(nickname_or_email)
  87
  88     json_response(conn, :no_content, "")
  89   end
  90
  91   defp local_mastodon_post_login_path(conn) do
  92     case get_session(conn, :return_to) do
  93       nil ->
  94         Routes.masto_fe_path(conn, :index, ["getting-started"])
  95
  96       return_to ->
  97         delete_session(conn, :return_to)
  98         return_to
  99     end
 100   end
 101
 102   @spec local_mastofe_app() :: {:ok, App.t()} | {:error, Ecto.Changeset.t()}
 103   def local_mastofe_app do
 104     App.get_or_make(
 105       %{client_name: @local_mastodon_name, redirect_uris: "."},
 106       ["read", "write", "follow", "push", "admin"]
 107     )
 108   end
 109 end