From 4f640c43edc237f4450cc0d42896b5e0a7b4a324 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 6 Nov 2018 15:19:11 +0100 Subject: [PATCH 1/3] Unify Mastodon Login with OAuth login. This removes duplication in the login code. --- .../mastodon_api/mastodon_api_controller.ex | 41 ++++++++++-------- lib/pleroma/web/oauth/oauth_controller.ex | 42 ++++++++++++------- .../mastodon_api/mastodon/login.html.eex | 11 ----- 3 files changed, 49 insertions(+), 45 deletions(-) delete mode 100644 lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index e92114f57..51a7ec2b2 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -985,9 +985,30 @@ def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _para end end + def login(conn, %{"code" => code}) do + with {:ok, app} <- get_or_make_app(), + %Authorization{} = auth <- Repo.get_by(Authorization, token: code, app_id: app.id), + {:ok, token} <- Token.exchange_token(app, auth) do + + conn + |> put_session(:oauth_token, token.token) + |> redirect(to: "/web/getting-started") + end + end + def login(conn, _) do - conn - |> render(MastodonView, "login.html", %{error: false}) + with {:ok, app} <- get_or_make_app() do + path = + o_auth_path(conn, :authorize, + response_type: "code", + client_id: app.client_id, + redirect_uri: ".", + scope: app.scopes + ) + + conn + |> redirect(to: path) + end end defp get_or_make_app() do @@ -1006,22 +1027,6 @@ defp get_or_make_app() do end end - def login_post(conn, %{"authorization" => %{"name" => name, "password" => password}}) do - with %User{} = user <- User.get_by_nickname_or_email(name), - true <- Pbkdf2.checkpw(password, user.password_hash), - {:ok, app} <- get_or_make_app(), - {:ok, auth} <- Authorization.create_authorization(app, user), - {:ok, token} <- Token.exchange_token(app, auth) do - conn - |> put_session(:oauth_token, token.token) - |> redirect(to: "/web/getting-started") - else - _e -> - conn - |> render(MastodonView, "login.html", %{error: "Wrong username or password"}) - end - end - def logout(conn, _) do conn |> clear_session diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 5441ee0a8..35c158fbb 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -33,25 +33,35 @@ def create_authorization(conn, %{ true <- Pbkdf2.checkpw(password, user.password_hash), %App{} = app <- Repo.get_by(App, client_id: client_id), {:ok, auth} <- Authorization.create_authorization(app, user) do - if redirect_uri == "urn:ietf:wg:oauth:2.0:oob" do - render(conn, "results.html", %{ - auth: auth - }) - else - connector = if String.contains?(redirect_uri, "?"), do: "&", else: "?" - url = "#{redirect_uri}#{connector}" - url_params = %{:code => auth.token} + # Special case: Local MastodonFE. + redirect_uri = + if redirect_uri == "." do + mastodon_api_url(conn, :login) + else + redirect_uri + end - url_params = - if params["state"] do - Map.put(url_params, :state, params["state"]) - else - url_params - end + cond do + redirect_uri == "urn:ietf:wg:oauth:2.0:oob" -> + render(conn, "results.html", %{ + auth: auth + }) - url = "#{url}#{Plug.Conn.Query.encode(url_params)}" + true -> + connector = if String.contains?(redirect_uri, "?"), do: "&", else: "?" + url = "#{redirect_uri}#{connector}" + url_params = %{:code => auth.token} - redirect(conn, external: url) + url_params = + if params["state"] do + Map.put(url_params, :state, params["state"]) + else + url_params + end + + url = "#{url}#{Plug.Conn.Query.encode(url_params)}" + + redirect(conn, external: url) end end end diff --git a/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex b/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex deleted file mode 100644 index 34cd7ed89..000000000 --- a/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex +++ /dev/null @@ -1,11 +0,0 @@ -

Login to Mastodon Frontend

-<%= if @error do %> -

<%= @error %>

-<% end %> -<%= form_for @conn, mastodon_api_path(@conn, :login), [as: "authorization"], fn f -> %> -<%= text_input f, :name, placeholder: "Username or email" %> -
-<%= password_input f, :password, placeholder: "Password" %> -
-<%= submit "Log in" %> -<% end %> From a8f1e30cb81fe17866e3ee33f5b3558dd5b33764 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 6 Nov 2018 16:05:58 +0100 Subject: [PATCH 2/3] Formatting. --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 51a7ec2b2..5cb007740 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -989,7 +989,6 @@ def login(conn, %{"code" => code}) do with {:ok, app} <- get_or_make_app(), %Authorization{} = auth <- Repo.get_by(Authorization, token: code, app_id: app.id), {:ok, token} <- Token.exchange_token(app, auth) do - conn |> put_session(:oauth_token, token.token) |> redirect(to: "/web/getting-started") From 236fd28aca4191617cf059ff0a536f6b2fef5d64 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 6 Nov 2018 16:12:09 +0100 Subject: [PATCH 3/3] use more modern elixir --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 46fa1c74c..c28468cd4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ -image: elixir:1.6.4 +image: elixir:1.7.2 services: - postgres:9.6.2