1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AuthController do
6 use Pleroma.Web, :controller
8 import Pleroma.Web.ControllerHelper, only: [json_response: 3]
10 alias Pleroma.Helpers.UriHelper
12 alias Pleroma.Web.OAuth.App
13 alias Pleroma.Web.OAuth.Authorization
14 alias Pleroma.Web.OAuth.Token
15 alias Pleroma.Web.OAuth.Token.Strategy.Revoke, as: RevokeToken
16 alias Pleroma.Web.TwitterAPI.TwitterAPI
18 action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
20 plug(Pleroma.Web.Plugs.RateLimiter, [name: :password_reset] when action == :password_reset)
22 @local_mastodon_name "Mastodon-Local"
25 # Local Mastodon FE login callback action
26 def login(conn, %{"code" => auth_token} = params) do
27 with {:ok, app} <- local_mastofe_app(),
28 {:ok, auth} <- Authorization.get_by_token(app, auth_token),
29 {:ok, oauth_token} <- Token.exchange_token(app, auth) do
32 |> local_mastodon_post_login_path()
33 |> UriHelper.modify_uri_params(%{"access_token" => oauth_token.token})
36 |> redirect(to: redirect_to)
38 _ -> redirect_to_oauth_form(conn, params)
42 def login(conn, params) do
43 with %{assigns: %{user: %User{}, token: %Token{app_id: app_id, token: token}}} <- conn,
44 {:ok, %{id: ^app_id}} <- local_mastofe_app() do
45 redirect(conn, to: local_mastodon_post_login_path(conn) <> "?access_token=#{token}")
47 _ -> redirect_to_oauth_form(conn, params)
51 defp redirect_to_oauth_form(conn, _params) do
52 with {:ok, app} <- local_mastofe_app() do
54 Routes.o_auth_path(conn, :authorize,
55 response_type: "code",
56 client_id: app.client_id,
58 scope: Enum.join(app.scopes, " ")
61 redirect(conn, to: path)
65 @doc "DELETE /auth/sign_out"
66 def logout(conn, _) do
68 with %{assigns: %{token: %Token{} = oauth_token}} <- conn,
69 {:ok, %Token{token: _session_token}} <- RevokeToken.revoke(oauth_token) do
75 redirect(conn, to: "/")
78 @doc "POST /auth/password"
79 def password_reset(conn, params) do
80 nickname_or_email = params["email"] || params["nickname"]
82 TwitterAPI.password_reset(nickname_or_email)
84 json_response(conn, :no_content, "")
87 defp local_mastodon_post_login_path(conn) do
88 case get_session(conn, :return_to) do
90 Routes.masto_fe_path(conn, :index, ["getting-started"])
93 delete_session(conn, :return_to)
98 @spec local_mastofe_app() :: {:ok, App.t()} | {:error, Ecto.Changeset.t()}
99 def local_mastofe_app do
101 %{client_name: @local_mastodon_name, redirect_uris: "."},
102 ["read", "write", "follow", "push", "admin"]