[#468] Refactored OAuth scopes parsing / defaults handling.
This commit is contained in:
parent
949e35e26d
commit
027adbc9e5
|
@ -5,6 +5,10 @@
|
||||||
defmodule Pleroma.Web.ControllerHelper do
|
defmodule Pleroma.Web.ControllerHelper do
|
||||||
use Pleroma.Web, :controller
|
use Pleroma.Web, :controller
|
||||||
|
|
||||||
|
def oauth_scopes(params, default) do
|
||||||
|
Pleroma.Web.OAuth.parse_scopes(params["scopes"] || params["scope"], default)
|
||||||
|
end
|
||||||
|
|
||||||
def json_response(conn, status, json) do
|
def json_response(conn, status, json) do
|
||||||
conn
|
conn
|
||||||
|> put_status(status)
|
|> put_status(status)
|
||||||
|
|
|
@ -19,11 +19,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||||
alias Pleroma.Web.ActivityPub.Utils
|
alias Pleroma.Web.ActivityPub.Utils
|
||||||
alias Pleroma.Web.CommonAPI
|
alias Pleroma.Web.CommonAPI
|
||||||
alias Pleroma.Web.OAuth
|
|
||||||
alias Pleroma.Web.OAuth.{Authorization, Token, App}
|
alias Pleroma.Web.OAuth.{Authorization, Token, App}
|
||||||
alias Pleroma.Web.MediaProxy
|
alias Pleroma.Web.MediaProxy
|
||||||
|
|
||||||
|
import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2]
|
||||||
import Ecto.Query
|
import Ecto.Query
|
||||||
|
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
@httpoison Application.get_env(:pleroma, :httpoison)
|
@httpoison Application.get_env(:pleroma, :httpoison)
|
||||||
|
@ -32,8 +33,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
|
||||||
action_fallback(:errors)
|
action_fallback(:errors)
|
||||||
|
|
||||||
def create_app(conn, params) do
|
def create_app(conn, params) do
|
||||||
scopes = OAuth.parse_scopes(params["scope"] || params["scopes"])
|
scopes = oauth_scopes(params, [])
|
||||||
app_attrs = params |> Map.drop(["scope", "scopes"]) |> Map.put("scopes", scopes)
|
|
||||||
|
app_attrs =
|
||||||
|
params
|
||||||
|
|> Map.drop(["scope", "scopes"])
|
||||||
|
|> Map.put("scopes", scopes)
|
||||||
|
|
||||||
with cs <- App.register_changeset(%App{}, app_attrs),
|
with cs <- App.register_changeset(%App{}, app_attrs),
|
||||||
false <- cs.changes[:client_name] == @local_mastodon_name,
|
false <- cs.changes[:client_name] == @local_mastodon_name,
|
||||||
|
|
|
@ -3,22 +3,21 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.OAuth do
|
defmodule Pleroma.Web.OAuth do
|
||||||
def parse_scopes(nil) do
|
def parse_scopes(scopes, default) when is_list(scopes) do
|
||||||
nil
|
scopes = Enum.filter(scopes, &(&1 not in [nil, ""]))
|
||||||
|
|
||||||
|
if Enum.any?(scopes),
|
||||||
|
do: scopes,
|
||||||
|
else: default
|
||||||
end
|
end
|
||||||
|
|
||||||
def parse_scopes(scopes) when is_list(scopes) do
|
def parse_scopes(scopes, default) when is_binary(scopes) do
|
||||||
scopes
|
scopes
|
||||||
|
|> String.split(~r/[\s,]+/)
|
||||||
|
|> parse_scopes(default)
|
||||||
end
|
end
|
||||||
|
|
||||||
def parse_scopes(scopes) do
|
def parse_scopes(_, default) do
|
||||||
scopes =
|
default
|
||||||
scopes
|
|
||||||
|> to_string()
|
|
||||||
|> String.trim()
|
|
||||||
|
|
||||||
if scopes == "",
|
|
||||||
do: [],
|
|
||||||
else: String.split(scopes, [" ", ","])
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -5,11 +5,12 @@
|
||||||
defmodule Pleroma.Web.OAuth.OAuthController do
|
defmodule Pleroma.Web.OAuth.OAuthController do
|
||||||
use Pleroma.Web, :controller
|
use Pleroma.Web, :controller
|
||||||
|
|
||||||
alias Pleroma.Web.OAuth
|
|
||||||
alias Pleroma.Web.OAuth.{Authorization, Token, App}
|
alias Pleroma.Web.OAuth.{Authorization, Token, App}
|
||||||
alias Pleroma.{Repo, User}
|
alias Pleroma.{Repo, User}
|
||||||
alias Comeonin.Pbkdf2
|
alias Comeonin.Pbkdf2
|
||||||
|
|
||||||
|
import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2]
|
||||||
|
|
||||||
plug(:fetch_session)
|
plug(:fetch_session)
|
||||||
plug(:fetch_flash)
|
plug(:fetch_flash)
|
||||||
|
|
||||||
|
@ -19,7 +20,7 @@ def authorize(conn, params) do
|
||||||
render(conn, "show.html", %{
|
render(conn, "show.html", %{
|
||||||
response_type: params["response_type"],
|
response_type: params["response_type"],
|
||||||
client_id: params["client_id"],
|
client_id: params["client_id"],
|
||||||
scopes: scopes(params) || [],
|
scopes: oauth_scopes(params, []),
|
||||||
redirect_uri: params["redirect_uri"],
|
redirect_uri: params["redirect_uri"],
|
||||||
state: params["state"]
|
state: params["state"]
|
||||||
})
|
})
|
||||||
|
@ -39,7 +40,7 @@ def create_authorization(conn, %{
|
||||||
{:auth_active, true} <- {:auth_active, User.auth_active?(user)},
|
{:auth_active, true} <- {:auth_active, User.auth_active?(user)},
|
||||||
%App{} = app <- Repo.get_by(App, client_id: client_id),
|
%App{} = app <- Repo.get_by(App, client_id: client_id),
|
||||||
true <- redirect_uri in String.split(app.redirect_uris),
|
true <- redirect_uri in String.split(app.redirect_uris),
|
||||||
scopes <- scopes(params) || app.scopes,
|
scopes <- oauth_scopes(params, app.scopes),
|
||||||
[] <- scopes -- app.scopes,
|
[] <- scopes -- app.scopes,
|
||||||
true <- Enum.any?(scopes),
|
true <- Enum.any?(scopes),
|
||||||
{:ok, auth} <- Authorization.create_authorization(app, user, scopes) do
|
{:ok, auth} <- Authorization.create_authorization(app, user, scopes) do
|
||||||
|
@ -117,7 +118,7 @@ def token_exchange(
|
||||||
%User{} = user <- User.get_by_nickname_or_email(name),
|
%User{} = user <- User.get_by_nickname_or_email(name),
|
||||||
true <- Pbkdf2.checkpw(password, user.password_hash),
|
true <- Pbkdf2.checkpw(password, user.password_hash),
|
||||||
{:auth_active, true} <- {:auth_active, User.auth_active?(user)},
|
{:auth_active, true} <- {:auth_active, User.auth_active?(user)},
|
||||||
scopes <- scopes(params) || app.scopes,
|
scopes <- oauth_scopes(params, app.scopes),
|
||||||
{:ok, auth} <- Authorization.create_authorization(app, user, scopes),
|
{:ok, auth} <- Authorization.create_authorization(app, user, scopes),
|
||||||
{:ok, token} <- Token.exchange_token(app, auth) do
|
{:ok, token} <- Token.exchange_token(app, auth) do
|
||||||
response = %{
|
response = %{
|
||||||
|
@ -197,7 +198,4 @@ defp get_app_from_request(conn, params) do
|
||||||
nil
|
nil
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
defp scopes(params),
|
|
||||||
do: OAuth.parse_scopes(params["scopes"] || params["scope"])
|
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue