mobilizon/lib/web/controllers/application_controller.ex

defmodule Mobilizon.Web.ApplicationController do
  use Mobilizon.Web, :controller

  alias Mobilizon.Applications.Application
  alias Mobilizon.Service.Auth.Applications
  plug(:put_layout, false)
  import Mobilizon.Web.Gettext, only: [dgettext: 2]

  @out_of_band_redirect_uri "urn:ietf:wg:oauth:2.0:oob"

  @doc """
  Create an application
  """
  @spec create_application(Plug.Conn.t(), map()) :: Plug.Conn.t()
  def create_application(conn, %{"name" => name, "redirect_uris" => redirect_uris} = args) do
    case Applications.create(
           name,
           redirect_uris,
           Map.get(args, "scopes"),
           Map.get(args, "website")
         ) do
      {:ok, %Application{} = app} ->
        json(
          conn,
          Map.take(app, [:name, :website, :redirect_uris, :client_id, :client_secret, :scope])
        )

      {:error, _error} ->
        send_resp(
          conn,
          500,
          dgettext(
            "errors",
            "Impossible to create application."
          )
        )
    end
  end

  def create_application(conn, _args) do
    send_resp(
      conn,
      400,
      dgettext(
        "errors",
        "Both name and redirect_uri parameters are required to create an application"
      )
    )
  end

  @doc """
  Authorize
  """
  @spec authorize(Plug.Conn.t(), map()) :: Plug.Conn.t()
  def authorize(
        conn,
        _args
      ) do
    conn = fetch_query_params(conn)

    client_id = conn.query_params["client_id"]
    redirect_uri = conn.query_params["redirect_uri"]
    state = conn.query_params["state"]

    if is_binary(client_id) and is_binary(redirect_uri) and is_binary(state) do
      redirect(conn,
        to:
          Routes.page_path(conn, :authorize,
            client_id: client_id,
            redirect_uri: redirect_uri,
            scope: conn.query_params["scope"],
            state: state
          )
      )
    else
      send_resp(
        conn,
        400,
        dgettext(
          "errors",
          "You need to specify client_id, redirect_uri and state to autorize an application"
        )
      )
    end
  end

  @spec generate_access_token(Plug.Conn.t(), map()) :: Plug.Conn.t()
  def generate_access_token(conn, %{
        "client_id" => client_id,
        "client_secret" => client_secret,
        "code" => code,
        "redirect_uri" => redirect_uri
      }) do
    case Applications.generate_access_token(client_id, client_secret, code, redirect_uri) do
      {:ok, token} ->
        if redirect_uri != @out_of_band_redirect_uri do
          redirect(conn, external: generate_redirect_with_query_params(redirect_uri, token))
        else
          json(conn, token)
        end

      {:error, :application_not_found} ->
        send_resp(conn, 400, dgettext("errors", "No application was found with this client_id"))

      {:error, :redirect_uri_not_in_allowed} ->
        send_resp(conn, 400, dgettext("errors", "This redirect URI is not allowed"))

      {:error, :invalid_or_expired} ->
        send_resp(conn, 400, dgettext("errors", "The provided code is invalid or expired"))

      {:error, :invalid_client_id} ->
        send_resp(
          conn,
          400,
          dgettext("errors", "The provided client_id does not match the provided code")
        )

      {:error, :invalid_client_secret} ->
        send_resp(conn, 400, dgettext("errors", "The provided client_secret is invalid"))

      {:error, :user_not_found} ->
        send_resp(conn, 400, dgettext("errors", "The user for this code was not found"))
    end
  end

  @spec generate_redirect_with_query_params(String.t(), map()) :: String.t()
  defp generate_redirect_with_query_params(redirect_uri, query_params) do
    redirect_uri |> URI.parse() |> URI.merge("?" <> URI.encode_query(query_params)) |> to_string()
  end
end
Introduce application tokens Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2023-02-15 19:31:23 +01:00			`defmodule Mobilizon.Web.ApplicationController do`
			`use Mobilizon.Web, :controller`

			`alias Mobilizon.Applications.Application`
			`alias Mobilizon.Service.Auth.Applications`
			`plug(:put_layout, false)`
			`import Mobilizon.Web.Gettext, only: [dgettext: 2]`

			`@out_of_band_redirect_uri "urn:ietf:wg:oauth:2.0:oob"`

			`@doc """`
			`Create an application`
			`"""`
			`@spec create_application(Plug.Conn.t(), map()) :: Plug.Conn.t()`
			`def create_application(conn, %{"name" => name, "redirect_uris" => redirect_uris} = args) do`
			`case Applications.create(`
			`name,`
			`redirect_uris,`
			`Map.get(args, "scopes"),`
			`Map.get(args, "website")`
			`) do`
			`{:ok, %Application{} = app} ->`
			`json(`
			`conn,`
			`Map.take(app, [:name, :website, :redirect_uris, :client_id, :client_secret, :scope])`
			`)`

			`{:error, _error} ->`
			`send_resp(`
			`conn,`
			`500,`
			`dgettext(`
			`"errors",`
			`"Impossible to create application."`
			`)`
			`)`
			`end`
			`end`

			`def create_application(conn, _args) do`
			`send_resp(`
			`conn,`
			`400,`
			`dgettext(`
			`"errors",`
			`"Both name and redirect_uri parameters are required to create an application"`
			`)`
			`)`
			`end`

			`@doc """`
			`Authorize`
			`"""`
			`@spec authorize(Plug.Conn.t(), map()) :: Plug.Conn.t()`
			`def authorize(`
			`conn,`
			`_args`
			`) do`
			`conn = fetch_query_params(conn)`

			`client_id = conn.query_params["client_id"]`
			`redirect_uri = conn.query_params["redirect_uri"]`
			`state = conn.query_params["state"]`

			`if is_binary(client_id) and is_binary(redirect_uri) and is_binary(state) do`
			`redirect(conn,`
			`to:`
			`Routes.page_path(conn, :authorize,`
			`client_id: client_id,`
			`redirect_uri: redirect_uri,`
			`scope: conn.query_params["scope"],`
			`state: state`
			`)`
			`)`
			`else`
			`send_resp(`
			`conn,`
			`400,`
			`dgettext(`
			`"errors",`
			`"You need to specify client_id, redirect_uri and state to autorize an application"`
			`)`
			`)`
			`end`
			`end`

			`@spec generate_access_token(Plug.Conn.t(), map()) :: Plug.Conn.t()`
			`def generate_access_token(conn, %{`
			`"client_id" => client_id,`
			`"client_secret" => client_secret,`
			`"code" => code,`
			`"redirect_uri" => redirect_uri`
			`}) do`
			`case Applications.generate_access_token(client_id, client_secret, code, redirect_uri) do`
			`{:ok, token} ->`
			`if redirect_uri != @out_of_band_redirect_uri do`
			`redirect(conn, external: generate_redirect_with_query_params(redirect_uri, token))`
			`else`
			`json(conn, token)`
			`end`

			`{:error, :application_not_found} ->`
			`send_resp(conn, 400, dgettext("errors", "No application was found with this client_id"))`

			`{:error, :redirect_uri_not_in_allowed} ->`
			`send_resp(conn, 400, dgettext("errors", "This redirect URI is not allowed"))`

			`{:error, :invalid_or_expired} ->`
			`send_resp(conn, 400, dgettext("errors", "The provided code is invalid or expired"))`

			`{:error, :invalid_client_id} ->`
			`send_resp(`
			`conn,`
			`400,`
			`dgettext("errors", "The provided client_id does not match the provided code")`
			`)`

			`{:error, :invalid_client_secret} ->`
			`send_resp(conn, 400, dgettext("errors", "The provided client_secret is invalid"))`

			`{:error, :user_not_found} ->`
			`send_resp(conn, 400, dgettext("errors", "The user for this code was not found"))`
			`end`
			`end`

			`@spec generate_redirect_with_query_params(String.t(), map()) :: String.t()`
			`defp generate_redirect_with_query_params(redirect_uri, query_params) do`
			`redirect_uri \|> URI.parse() \|> URI.merge("?" <> URI.encode_query(query_params)) \|> to_string()`
			`end`
			`end`