[#468] Refactored OAuth scopes parsing / defaults handling.

This commit is contained in:
Ivan Tashkinov 2019-02-14 17:03:19 +03:00
parent 949e35e26d
commit 027adbc9e5
4 changed files with 28 additions and 22 deletions

View File

@ -5,6 +5,10 @@
defmodule Pleroma.Web.ControllerHelper do defmodule Pleroma.Web.ControllerHelper do
use Pleroma.Web, :controller use Pleroma.Web, :controller
def oauth_scopes(params, default) do
Pleroma.Web.OAuth.parse_scopes(params["scopes"] || params["scope"], default)
end
def json_response(conn, status, json) do def json_response(conn, status, json) do
conn conn
|> put_status(status) |> put_status(status)

View File

@ -19,11 +19,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.ActivityPub.Utils
alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI
alias Pleroma.Web.OAuth
alias Pleroma.Web.OAuth.{Authorization, Token, App} alias Pleroma.Web.OAuth.{Authorization, Token, App}
alias Pleroma.Web.MediaProxy alias Pleroma.Web.MediaProxy
import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2]
import Ecto.Query import Ecto.Query
require Logger require Logger
@httpoison Application.get_env(:pleroma, :httpoison) @httpoison Application.get_env(:pleroma, :httpoison)
@ -32,8 +33,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
action_fallback(:errors) action_fallback(:errors)
def create_app(conn, params) do def create_app(conn, params) do
scopes = OAuth.parse_scopes(params["scope"] || params["scopes"]) scopes = oauth_scopes(params, [])
app_attrs = params |> Map.drop(["scope", "scopes"]) |> Map.put("scopes", scopes)
app_attrs =
params
|> Map.drop(["scope", "scopes"])
|> Map.put("scopes", scopes)
with cs <- App.register_changeset(%App{}, app_attrs), with cs <- App.register_changeset(%App{}, app_attrs),
false <- cs.changes[:client_name] == @local_mastodon_name, false <- cs.changes[:client_name] == @local_mastodon_name,

View File

@ -3,22 +3,21 @@
# SPDX-License-Identifier: AGPL-3.0-only # SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.OAuth do defmodule Pleroma.Web.OAuth do
def parse_scopes(nil) do def parse_scopes(scopes, default) when is_list(scopes) do
nil scopes = Enum.filter(scopes, &(&1 not in [nil, ""]))
if Enum.any?(scopes),
do: scopes,
else: default
end end
def parse_scopes(scopes) when is_list(scopes) do def parse_scopes(scopes, default) when is_binary(scopes) do
scopes scopes
|> String.split(~r/[\s,]+/)
|> parse_scopes(default)
end end
def parse_scopes(scopes) do def parse_scopes(_, default) do
scopes = default
scopes
|> to_string()
|> String.trim()
if scopes == "",
do: [],
else: String.split(scopes, [" ", ","])
end end
end end

View File

@ -5,11 +5,12 @@
defmodule Pleroma.Web.OAuth.OAuthController do defmodule Pleroma.Web.OAuth.OAuthController do
use Pleroma.Web, :controller use Pleroma.Web, :controller
alias Pleroma.Web.OAuth
alias Pleroma.Web.OAuth.{Authorization, Token, App} alias Pleroma.Web.OAuth.{Authorization, Token, App}
alias Pleroma.{Repo, User} alias Pleroma.{Repo, User}
alias Comeonin.Pbkdf2 alias Comeonin.Pbkdf2
import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2]
plug(:fetch_session) plug(:fetch_session)
plug(:fetch_flash) plug(:fetch_flash)
@ -19,7 +20,7 @@ def authorize(conn, params) do
render(conn, "show.html", %{ render(conn, "show.html", %{
response_type: params["response_type"], response_type: params["response_type"],
client_id: params["client_id"], client_id: params["client_id"],
scopes: scopes(params) || [], scopes: oauth_scopes(params, []),
redirect_uri: params["redirect_uri"], redirect_uri: params["redirect_uri"],
state: params["state"] state: params["state"]
}) })
@ -39,7 +40,7 @@ def create_authorization(conn, %{
{:auth_active, true} <- {:auth_active, User.auth_active?(user)}, {:auth_active, true} <- {:auth_active, User.auth_active?(user)},
%App{} = app <- Repo.get_by(App, client_id: client_id), %App{} = app <- Repo.get_by(App, client_id: client_id),
true <- redirect_uri in String.split(app.redirect_uris), true <- redirect_uri in String.split(app.redirect_uris),
scopes <- scopes(params) || app.scopes, scopes <- oauth_scopes(params, app.scopes),
[] <- scopes -- app.scopes, [] <- scopes -- app.scopes,
true <- Enum.any?(scopes), true <- Enum.any?(scopes),
{:ok, auth} <- Authorization.create_authorization(app, user, scopes) do {:ok, auth} <- Authorization.create_authorization(app, user, scopes) do
@ -117,7 +118,7 @@ def token_exchange(
%User{} = user <- User.get_by_nickname_or_email(name), %User{} = user <- User.get_by_nickname_or_email(name),
true <- Pbkdf2.checkpw(password, user.password_hash), true <- Pbkdf2.checkpw(password, user.password_hash),
{:auth_active, true} <- {:auth_active, User.auth_active?(user)}, {:auth_active, true} <- {:auth_active, User.auth_active?(user)},
scopes <- scopes(params) || app.scopes, scopes <- oauth_scopes(params, app.scopes),
{:ok, auth} <- Authorization.create_authorization(app, user, scopes), {:ok, auth} <- Authorization.create_authorization(app, user, scopes),
{:ok, token} <- Token.exchange_token(app, auth) do {:ok, token} <- Token.exchange_token(app, auth) do
response = %{ response = %{
@ -197,7 +198,4 @@ defp get_app_from_request(conn, params) do
nil nil
end end
end end
defp scopes(params),
do: OAuth.parse_scopes(params["scopes"] || params["scope"])
end end