Merge branch 'customizable_auth' into 'develop'

Auth customization support

See merge request pleroma/pleroma!852
This commit is contained in:
href 2019-02-28 10:12:26 +00:00
commit 90a24fbf95
4 changed files with 61 additions and 8 deletions

View File

@ -0,0 +1,20 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Auth.DatabaseAuthenticator do
alias Pleroma.User
def implementation do
Pleroma.Config.get(
Pleroma.Web.Auth.DatabaseAuthenticator,
Pleroma.Web.Auth.PleromaDatabaseAuthenticator
)
end
@callback get_user(Plug.Conn.t()) :: {:ok, User.t()} | {:error, any()}
def get_user(plug), do: implementation().get_user(plug)
@callback handle_error(Plug.Conn.t(), any()) :: any()
def handle_error(plug, error), do: implementation().handle_error(plug, error)
end

View File

@ -0,0 +1,26 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Auth.PleromaDatabaseAuthenticator do
alias Pleroma.User
alias Comeonin.Pbkdf2
@behaviour Pleroma.Web.Auth.DatabaseAuthenticator
def get_user(%Plug.Conn{} = conn) do
%{"authorization" => %{"name" => name, "password" => password}} = conn.params
with {_, %User{} = user} <- {:user, User.get_by_nickname_or_email(name)},
{_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do
{:ok, user}
else
error ->
{:error, error}
end
end
def handle_error(%Plug.Conn{} = _conn, error) do
error
end
end

View File

@ -5,6 +5,7 @@
defmodule Pleroma.Web.OAuth.OAuthController do defmodule Pleroma.Web.OAuth.OAuthController do
use Pleroma.Web, :controller use Pleroma.Web, :controller
alias Pleroma.Web.Auth.DatabaseAuthenticator
alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Authorization
alias Pleroma.Web.OAuth.Token alias Pleroma.Web.OAuth.Token
alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.App
@ -24,27 +25,27 @@ def authorize(conn, params) do
available_scopes = (app && app.scopes) || [] available_scopes = (app && app.scopes) || []
scopes = oauth_scopes(params, nil) || available_scopes scopes = oauth_scopes(params, nil) || available_scopes
render(conn, "show.html", %{ template = Pleroma.Config.get(:auth_template, "show.html")
render(conn, template, %{
response_type: params["response_type"], response_type: params["response_type"],
client_id: params["client_id"], client_id: params["client_id"],
available_scopes: available_scopes, available_scopes: available_scopes,
scopes: scopes, scopes: scopes,
redirect_uri: params["redirect_uri"], redirect_uri: params["redirect_uri"],
state: params["state"] state: params["state"],
params: params
}) })
end end
def create_authorization(conn, %{ def create_authorization(conn, %{
"authorization" => "authorization" =>
%{ %{
"name" => name,
"password" => password,
"client_id" => client_id, "client_id" => client_id,
"redirect_uri" => redirect_uri "redirect_uri" => redirect_uri
} = auth_params } = auth_params
}) do }) do
with %User{} = user <- User.get_by_nickname_or_email(name), with {_, {:ok, %User{} = user}} <- {:get_user, DatabaseAuthenticator.get_user(conn)},
true <- Pbkdf2.checkpw(password, user.password_hash),
%App{} = app <- Repo.get_by(App, client_id: client_id), %App{} = app <- Repo.get_by(App, client_id: client_id),
true <- redirect_uri in String.split(app.redirect_uris), true <- redirect_uri in String.split(app.redirect_uris),
scopes <- oauth_scopes(auth_params, []), scopes <- oauth_scopes(auth_params, []),
@ -53,9 +54,9 @@ def create_authorization(conn, %{
{:missing_scopes, false} <- {:missing_scopes, scopes == []}, {:missing_scopes, false} <- {:missing_scopes, scopes == []},
{:auth_active, true} <- {:auth_active, User.auth_active?(user)}, {:auth_active, true} <- {:auth_active, User.auth_active?(user)},
{:ok, auth} <- Authorization.create_authorization(app, user, scopes) do {:ok, auth} <- Authorization.create_authorization(app, user, scopes) do
# Special case: Local MastodonFE.
redirect_uri = redirect_uri =
if redirect_uri == "." do if redirect_uri == "." do
# Special case: Local MastodonFE
mastodon_api_url(conn, :login) mastodon_api_url(conn, :login)
else else
redirect_uri redirect_uri
@ -97,7 +98,7 @@ def create_authorization(conn, %{
|> authorize(auth_params) |> authorize(auth_params)
error -> error ->
error DatabaseAuthenticator.handle_error(conn, error)
end end
end end

View File

@ -26,6 +26,12 @@ def controller do
import Plug.Conn import Plug.Conn
import Pleroma.Web.Gettext import Pleroma.Web.Gettext
import Pleroma.Web.Router.Helpers import Pleroma.Web.Router.Helpers
plug(:set_put_layout)
defp set_put_layout(conn, _) do
put_layout(conn, Pleroma.Config.get(:app_layout, "app.html"))
end
end end
end end