Merge branch 'features/mastoapi/2.6.0-force-login-option' into 'develop'

MastoAPI 2.6.0 `force_login` option Closes #734 See merge request pleroma/pleroma!999
2019-04-02 10:57:38 +00:00 · 2019-04-02 10:57:38 +00:00 · 091baf9316
commit 091baf9316
parent 26d509cc86 15ce710460
6 changed files with 378 additions and 261 deletions
--- a/lib/pleroma/web/controller_helper.ex
+++ b/lib/pleroma/web/controller_helper.ex
@ -5,6 +5,11 @@
 defmodule Pleroma.Web.ControllerHelper do
  use Pleroma.Web, :controller

+  # As in MastoAPI, per https://api.rubyonrails.org/classes/ActiveModel/Type/Boolean.html
+  @falsy_param_values [false, 0, "0", "f", "F", "false", "FALSE", "off", "OFF"]
+  def truthy_param?(blank_value) when blank_value in [nil, ""], do: nil
+  def truthy_param?(value), do: value not in @falsy_param_values
+
  def oauth_scopes(params, default) do
    # Note: `scopes` is used by Mastodon — supporting it but sticking to
    # OAuth's standard `scope` wherever we control it
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@ -1249,16 +1249,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
    "glitch"
  end

-  def login(conn, %{"code" => code}) do
+  def login(%{assigns: %{user: %User{}}} = conn, _params) do
+    redirect(conn, to: local_mastodon_root_path(conn))
+  end
+
+  @doc "Local Mastodon FE login init action"
+  def login(conn, %{"code" => auth_token}) do
    with {:ok, app} <- get_or_make_app(),
-         %Authorization{} = auth <- Repo.get_by(Authorization, token: code, app_id: app.id),
+         %Authorization{} = auth <- Repo.get_by(Authorization, token: auth_token, app_id: app.id),
         {:ok, token} <- Token.exchange_token(app, auth) do
      conn
      |> put_session(:oauth_token, token.token)
-      |> redirect(to: "/web/getting-started")
+      |> redirect(to: local_mastodon_root_path(conn))
    end
  end

+  @doc "Local Mastodon FE callback action"
  def login(conn, _) do
    with {:ok, app} <- get_or_make_app() do
      path =
@ -1276,6 +1282,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
    end
  end

+  defp local_mastodon_root_path(conn), do: mastodon_api_path(conn, :index, ["getting-started"])
+
  defp get_or_make_app do
    find_attrs = %{client_name: @local_mastodon_name, redirect_uris: "."}
    scopes = ["read", "write", "follow", "push"]
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@ -8,6 +8,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.Auth.Authenticator
+  alias Pleroma.Web.ControllerHelper
  alias Pleroma.Web.OAuth.App
  alias Pleroma.Web.OAuth.Authorization
  alias Pleroma.Web.OAuth.Token
@ -19,7 +20,28 @@ defmodule Pleroma.Web.OAuth.OAuthController do

  action_fallback(Pleroma.Web.OAuth.FallbackController)

-  def authorize(conn, params) do
+  def authorize(%{assigns: %{token: %Token{} = token}} = conn, params) do
+    if ControllerHelper.truthy_param?(params["force_login"]) do
+      do_authorize(conn, params)
+    else
+      redirect_uri =
+        if is_binary(params["redirect_uri"]) do
+          params["redirect_uri"]
+        else
+          app = Repo.preload(token, :app).app
+
+          app.redirect_uris
+          |> String.split()
+          |> Enum.at(0)
+        end
+
+      redirect(conn, external: redirect_uri(conn, redirect_uri))
+    end
+  end
+
+  def authorize(conn, params), do: do_authorize(conn, params)
+
+  defp do_authorize(conn, params) do
    app = Repo.get_by(App, client_id: params["client_id"])
    available_scopes = (app && app.scopes) || []
    scopes = oauth_scopes(params, nil) || available_scopes
@ -51,13 +73,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
         {:missing_scopes, false} <- {:missing_scopes, scopes == []},
         {:auth_active, true} <- {:auth_active, User.auth_active?(user)},
         {:ok, auth} <- Authorization.create_authorization(app, user, scopes) do
-      redirect_uri =
-        if redirect_uri == "." do
-          # Special case: Local MastodonFE
-          mastodon_api_url(conn, :login)
-        else
-          redirect_uri
-        end
+      redirect_uri = redirect_uri(conn, redirect_uri)

      cond do
        redirect_uri == "urn:ietf:wg:oauth:2.0:oob" ->
@ -221,4 +237,9 @@ defmodule Pleroma.Web.OAuth.OAuthController do
      nil
    end
  end
+
+  # Special case: Local MastodonFE
+  defp redirect_uri(conn, "."), do: mastodon_api_url(conn, :login)
+
+  defp redirect_uri(_conn, redirect_uri), do: redirect_uri
 end
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -5,6 +5,11 @@
 defmodule Pleroma.Web.Router do
  use Pleroma.Web, :router

+  pipeline :oauth do
+    plug(:fetch_session)
+    plug(Pleroma.Plugs.OAuthPlug)
+  end
+
  pipeline :api do
    plug(:accepts, ["json"])
    plug(:fetch_session)
@ -105,10 +110,6 @@ defmodule Pleroma.Web.Router do
    plug(:accepts, ["json", "xml"])
  end

-  pipeline :oauth do
-    plug(:accepts, ["html", "json"])
-  end
-
  pipeline :pleroma_api do
    plug(:accepts, ["html", "json"])
  end
@ -200,7 +201,11 @@ defmodule Pleroma.Web.Router do
  end

  scope "/oauth", Pleroma.Web.OAuth do
-    get("/authorize", OAuthController, :authorize)
+    scope [] do
+      pipe_through(:oauth)
+      get("/authorize", OAuthController, :authorize)
+    end
+
    post("/authorize", OAuthController, :create_authorization)
    post("/token", OAuthController, :token_exchange)
    post("/revoke", OAuthController, :token_revoke)