Let the OAuth form remember you, fixes #1909
This commit is contained in:
parent
9f48dfb705
commit
d11c0ede3a
|
@ -76,8 +76,17 @@ defp do_authorize(%Plug.Conn{} = conn, params) do
|
||||||
available_scopes = (app && app.scopes) || []
|
available_scopes = (app && app.scopes) || []
|
||||||
scopes = Scopes.fetch_scopes(params, available_scopes)
|
scopes = Scopes.fetch_scopes(params, available_scopes)
|
||||||
|
|
||||||
|
user =
|
||||||
|
with %{assigns: %{user: %User{} = user}} <- conn do
|
||||||
|
user
|
||||||
|
else
|
||||||
|
_ -> nil
|
||||||
|
end
|
||||||
|
|
||||||
# Note: `params` might differ from `conn.params`; use `@params` not `@conn.params` in template
|
# Note: `params` might differ from `conn.params`; use `@params` not `@conn.params` in template
|
||||||
render(conn, Authenticator.auth_template(), %{
|
render(conn, Authenticator.auth_template(), %{
|
||||||
|
app: app && Map.delete(app, :client_secret),
|
||||||
|
user: user,
|
||||||
response_type: params["response_type"],
|
response_type: params["response_type"],
|
||||||
client_id: params["client_id"],
|
client_id: params["client_id"],
|
||||||
available_scopes: available_scopes,
|
available_scopes: available_scopes,
|
||||||
|
@ -121,11 +130,13 @@ defp handle_existing_authorization(
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def create_authorization(
|
def create_authorization(_, _, opts \\ [])
|
||||||
%Plug.Conn{} = conn,
|
|
||||||
%{"authorization" => _} = params,
|
def create_authorization(%Plug.Conn{assigns: %{user: %User{} = user}} = conn, params, []) do
|
||||||
opts \\ []
|
create_authorization(conn, params, user: user)
|
||||||
) do
|
end
|
||||||
|
|
||||||
|
def create_authorization(%Plug.Conn{} = conn, %{"authorization" => _} = params, opts) do
|
||||||
with {:ok, auth, user} <- do_create_authorization(conn, params, opts[:user]),
|
with {:ok, auth, user} <- do_create_authorization(conn, params, opts[:user]),
|
||||||
{:mfa_required, _, _, false} <- {:mfa_required, user, auth, MFA.require?(user)} do
|
{:mfa_required, _, _, false} <- {:mfa_required, user, auth, MFA.require?(user)} do
|
||||||
after_create_authorization(conn, auth, params)
|
after_create_authorization(conn, auth, params)
|
||||||
|
|
|
@ -278,9 +278,9 @@ defmodule Pleroma.Web.Router do
|
||||||
scope [] do
|
scope [] do
|
||||||
pipe_through([:oauth, :after_auth])
|
pipe_through([:oauth, :after_auth])
|
||||||
get("/authorize", OAuthController, :authorize)
|
get("/authorize", OAuthController, :authorize)
|
||||||
|
post("/authorize", OAuthController, :create_authorization)
|
||||||
end
|
end
|
||||||
|
|
||||||
post("/authorize", OAuthController, :create_authorization)
|
|
||||||
post("/token", OAuthController, :token_exchange)
|
post("/token", OAuthController, :token_exchange)
|
||||||
post("/revoke", OAuthController, :token_revoke)
|
post("/revoke", OAuthController, :token_revoke)
|
||||||
get("/registration_details", OAuthController, :registration_details)
|
get("/registration_details", OAuthController, :registration_details)
|
||||||
|
|
|
@ -5,10 +5,29 @@
|
||||||
<p class="alert alert-danger" role="alert"><%= get_flash(@conn, :error) %></p>
|
<p class="alert alert-danger" role="alert"><%= get_flash(@conn, :error) %></p>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<h2>OAuth Authorization</h2>
|
|
||||||
<%= form_for @conn, o_auth_path(@conn, :authorize), [as: "authorization"], fn f -> %>
|
<%= form_for @conn, o_auth_path(@conn, :authorize), [as: "authorization"], fn f -> %>
|
||||||
|
|
||||||
<%= if @params["registration"] in ["true", true] do %>
|
<%= if @user do %>
|
||||||
|
<div class="account-header">
|
||||||
|
<div class="avatar">
|
||||||
|
<img src="<%= Pleroma.User.avatar_url(@user) %>">
|
||||||
|
</div>
|
||||||
|
<div class="name">
|
||||||
|
Signed in as:
|
||||||
|
<div class="username">@<%= @user.nickname %></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<%= if @app do %>
|
||||||
|
<p>Application <strong><%= @app.client_name %></strong> is requesting access to your account.</p>
|
||||||
|
<%= render @view_module, "_scopes.html", Map.merge(assigns, %{form: f}) %>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<%= if @user do %>
|
||||||
|
<%= submit "Authorize" %>
|
||||||
|
<% else %>
|
||||||
|
<%= if @params["registration"] in ["true", true] do %>
|
||||||
<h3>This is the first time you visit! Please enter your Pleroma handle.</h3>
|
<h3>This is the first time you visit! Please enter your Pleroma handle.</h3>
|
||||||
<p>Choose carefully! You won't be able to change this later. You will be able to change your display name, though.</p>
|
<p>Choose carefully! You won't be able to change this later. You will be able to change your display name, though.</p>
|
||||||
<div class="input">
|
<div class="input">
|
||||||
|
@ -18,7 +37,7 @@
|
||||||
<%= hidden_input f, :name, value: @params["name"] %>
|
<%= hidden_input f, :name, value: @params["name"] %>
|
||||||
<%= hidden_input f, :password, value: @params["password"] %>
|
<%= hidden_input f, :password, value: @params["password"] %>
|
||||||
<br>
|
<br>
|
||||||
<% else %>
|
<% else %>
|
||||||
<div class="input">
|
<div class="input">
|
||||||
<%= label f, :name, "Username" %>
|
<%= label f, :name, "Username" %>
|
||||||
<%= text_input f, :name %>
|
<%= text_input f, :name %>
|
||||||
|
@ -28,7 +47,7 @@
|
||||||
<%= password_input f, :password %>
|
<%= password_input f, :password %>
|
||||||
</div>
|
</div>
|
||||||
<%= submit "Log In" %>
|
<%= submit "Log In" %>
|
||||||
<%= render @view_module, "_scopes.html", Map.merge(assigns, %{form: f}) %>
|
<% end %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<%= hidden_input f, :client_id, value: @client_id %>
|
<%= hidden_input f, :client_id, value: @client_id %>
|
||||||
|
@ -40,4 +59,3 @@
|
||||||
<%= if Pleroma.Config.oauth_consumer_enabled?() do %>
|
<%= if Pleroma.Config.oauth_consumer_enabled?() do %>
|
||||||
<%= render @view_module, Pleroma.Web.Auth.Authenticator.oauth_consumer_template(), assigns %>
|
<%= render @view_module, Pleroma.Web.Auth.Authenticator.oauth_consumer_template(), assigns %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
|
|
Binary file not shown.
|
@ -606,6 +606,43 @@ test "redirects with oauth authorization, " <>
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "authorize from cookie" do
|
||||||
|
app_scopes = ["read", "write"]
|
||||||
|
app = insert(:oauth_app)
|
||||||
|
redirect_uri = OAuthController.default_redirect_uri(app)
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
build_conn()
|
||||||
|
|> Plug.Session.call(Plug.Session.init(@session_opts))
|
||||||
|
|> fetch_session()
|
||||||
|
|> put_session(:user_id, user.id)
|
||||||
|
|> post(
|
||||||
|
"/oauth/authorize",
|
||||||
|
%{
|
||||||
|
"authorization" => %{
|
||||||
|
"name" => user.nickname,
|
||||||
|
"client_id" => app.client_id,
|
||||||
|
"redirect_uri" => redirect_uri,
|
||||||
|
"scope" => app_scopes,
|
||||||
|
"state" => "statepassed"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
assert Enum.count(Repo.all(Pleroma.Web.OAuth.Authorization)) == 1
|
||||||
|
|
||||||
|
target = redirected_to(conn)
|
||||||
|
assert target =~ redirect_uri
|
||||||
|
|
||||||
|
query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
|
||||||
|
|
||||||
|
assert %{"state" => "statepassed", "code" => code} = query
|
||||||
|
auth = Repo.get_by(Authorization, token: code)
|
||||||
|
assert auth
|
||||||
|
assert auth.scopes == app_scopes
|
||||||
|
end
|
||||||
|
|
||||||
test "redirect to on two-factor auth page" do
|
test "redirect to on two-factor auth page" do
|
||||||
otp_secret = TOTP.generate_secret()
|
otp_secret = TOTP.generate_secret()
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue