Let the OAuth form remember you, fixes #1909
This commit is contained in:
parent
9f48dfb705
commit
d11c0ede3a
@ -76,8 +76,17 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
||||
available_scopes = (app && app.scopes) || []
|
||||
scopes = Scopes.fetch_scopes(params, available_scopes)
|
||||
|
||||
user =
|
||||
with %{assigns: %{user: %User{} = user}} <- conn do
|
||||
user
|
||||
else
|
||||
_ -> nil
|
||||
end
|
||||
|
||||
# Note: `params` might differ from `conn.params`; use `@params` not `@conn.params` in template
|
||||
render(conn, Authenticator.auth_template(), %{
|
||||
app: app && Map.delete(app, :client_secret),
|
||||
user: user,
|
||||
response_type: params["response_type"],
|
||||
client_id: params["client_id"],
|
||||
available_scopes: available_scopes,
|
||||
@ -121,11 +130,13 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
||||
end
|
||||
end
|
||||
|
||||
def create_authorization(
|
||||
%Plug.Conn{} = conn,
|
||||
%{"authorization" => _} = params,
|
||||
opts \\ []
|
||||
) do
|
||||
def create_authorization(_, _, opts \\ [])
|
||||
|
||||
def create_authorization(%Plug.Conn{assigns: %{user: %User{} = user}} = conn, params, []) do
|
||||
create_authorization(conn, params, user: user)
|
||||
end
|
||||
|
||||
def create_authorization(%Plug.Conn{} = conn, %{"authorization" => _} = params, opts) do
|
||||
with {:ok, auth, user} <- do_create_authorization(conn, params, opts[:user]),
|
||||
{:mfa_required, _, _, false} <- {:mfa_required, user, auth, MFA.require?(user)} do
|
||||
after_create_authorization(conn, auth, params)
|
||||
|
@ -278,9 +278,9 @@ defmodule Pleroma.Web.Router do
|
||||
scope [] do
|
||||
pipe_through([:oauth, :after_auth])
|
||||
get("/authorize", OAuthController, :authorize)
|
||||
post("/authorize", OAuthController, :create_authorization)
|
||||
end
|
||||
|
||||
post("/authorize", OAuthController, :create_authorization)
|
||||
post("/token", OAuthController, :token_exchange)
|
||||
post("/revoke", OAuthController, :token_revoke)
|
||||
get("/registration_details", OAuthController, :registration_details)
|
||||
|
@ -5,10 +5,29 @@
|
||||
<p class="alert alert-danger" role="alert"><%= get_flash(@conn, :error) %></p>
|
||||
<% end %>
|
||||
|
||||
<h2>OAuth Authorization</h2>
|
||||
<%= form_for @conn, o_auth_path(@conn, :authorize), [as: "authorization"], fn f -> %>
|
||||
|
||||
<%= if @params["registration"] in ["true", true] do %>
|
||||
<%= if @user do %>
|
||||
<div class="account-header">
|
||||
<div class="avatar">
|
||||
<img src="<%= Pleroma.User.avatar_url(@user) %>">
|
||||
</div>
|
||||
<div class="name">
|
||||
Signed in as:
|
||||
<div class="username">@<%= @user.nickname %></div>
|
||||
</div>
|
||||
</div>
|
||||
<% end %>
|
||||
|
||||
<%= if @app do %>
|
||||
<p>Application <strong><%= @app.client_name %></strong> is requesting access to your account.</p>
|
||||
<%= render @view_module, "_scopes.html", Map.merge(assigns, %{form: f}) %>
|
||||
<% end %>
|
||||
|
||||
<%= if @user do %>
|
||||
<%= submit "Authorize" %>
|
||||
<% else %>
|
||||
<%= if @params["registration"] in ["true", true] do %>
|
||||
<h3>This is the first time you visit! Please enter your Pleroma handle.</h3>
|
||||
<p>Choose carefully! You won't be able to change this later. You will be able to change your display name, though.</p>
|
||||
<div class="input">
|
||||
@ -18,7 +37,7 @@
|
||||
<%= hidden_input f, :name, value: @params["name"] %>
|
||||
<%= hidden_input f, :password, value: @params["password"] %>
|
||||
<br>
|
||||
<% else %>
|
||||
<% else %>
|
||||
<div class="input">
|
||||
<%= label f, :name, "Username" %>
|
||||
<%= text_input f, :name %>
|
||||
@ -28,7 +47,7 @@
|
||||
<%= password_input f, :password %>
|
||||
</div>
|
||||
<%= submit "Log In" %>
|
||||
<%= render @view_module, "_scopes.html", Map.merge(assigns, %{form: f}) %>
|
||||
<% end %>
|
||||
<% end %>
|
||||
|
||||
<%= hidden_input f, :client_id, value: @client_id %>
|
||||
@ -40,4 +59,3 @@
|
||||
<%= if Pleroma.Config.oauth_consumer_enabled?() do %>
|
||||
<%= render @view_module, Pleroma.Web.Auth.Authenticator.oauth_consumer_template(), assigns %>
|
||||
<% end %>
|
||||
|
||||
|
@ -175,6 +175,23 @@ button:hover {
|
||||
font-size: 16px;
|
||||
}
|
||||
|
||||
.account-header {
|
||||
display: flex;
|
||||
margin: 20px 0;
|
||||
text-align: left;
|
||||
}
|
||||
|
||||
.account-header .avatar {
|
||||
display: flex;
|
||||
max-width: 60px;
|
||||
margin-right: 10px;
|
||||
}
|
||||
|
||||
.account-header .avatar img {
|
||||
width: 100%;
|
||||
border-radius: 4px;
|
||||
}
|
||||
|
||||
@media all and (max-width: 440px) {
|
||||
.container {
|
||||
margin-top: 0
|
||||
|
@ -606,6 +606,43 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
|
||||
end
|
||||
end
|
||||
|
||||
test "authorize from cookie" do
|
||||
app_scopes = ["read", "write"]
|
||||
app = insert(:oauth_app)
|
||||
redirect_uri = OAuthController.default_redirect_uri(app)
|
||||
user = insert(:user)
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> Plug.Session.call(Plug.Session.init(@session_opts))
|
||||
|> fetch_session()
|
||||
|> put_session(:user_id, user.id)
|
||||
|> post(
|
||||
"/oauth/authorize",
|
||||
%{
|
||||
"authorization" => %{
|
||||
"name" => user.nickname,
|
||||
"client_id" => app.client_id,
|
||||
"redirect_uri" => redirect_uri,
|
||||
"scope" => app_scopes,
|
||||
"state" => "statepassed"
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
assert Enum.count(Repo.all(Pleroma.Web.OAuth.Authorization)) == 1
|
||||
|
||||
target = redirected_to(conn)
|
||||
assert target =~ redirect_uri
|
||||
|
||||
query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
|
||||
|
||||
assert %{"state" => "statepassed", "code" => code} = query
|
||||
auth = Repo.get_by(Authorization, token: code)
|
||||
assert auth
|
||||
assert auth.scopes == app_scopes
|
||||
end
|
||||
|
||||
test "redirect to on two-factor auth page" do
|
||||
otp_secret = TOTP.generate_secret()
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user