Introduce device flow

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2023-02-21 14:50:09 +01:00
parent 2ee329ff7b
commit b6875f6a4b
No known key found for this signature in database
GPG key ID: A061B9DDE0CA0773
19 changed files with 833 additions and 47 deletions

View file

@ -0,0 +1,91 @@
<template>
<h1 class="text-3xl">
{{ t("Autorize this application to access your account?") }}
</h1>
<div
class="rounded-lg bg-mbz-warning dark:text-black shadow-xl my-6 p-4 flex items-center gap-2"
>
<AlertCircle :size="42" />
<p>
{{
t(
"This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust."
)
}}
</p>
</div>
<div class="rounded-lg bg-white dark:bg-zinc-900 shadow-xl my-6">
<div class="p-4 pb-0">
<p class="text-3xl font-bold">{{ authApplication.name }}</p>
<p>{{ authApplication.website }}</p>
</div>
<div class="flex gap-3 p-4">
<o-button @click="() => authorize()">{{ t("Authorize") }}</o-button>
<o-button outlined tag="router-link" :to="{ name: RouteName.HOME }">{{
t("Decline")
}}</o-button>
</div>
</div>
</template>
<script lang="ts" setup>
import { useHead } from "@vueuse/head";
import { computed } from "vue";
import { useI18n } from "vue-i18n";
import { useMutation } from "@vue/apollo-composable";
import { AUTORIZE_APPLICATION } from "@/graphql/application";
import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
import RouteName from "@/router/name";
import { IApplication } from "@/types/application.model";
const { t } = useI18n({ useScope: "global" });
const props = defineProps<{
authApplication: IApplication;
redirectURI?: string | null;
state?: string | null;
scope?: string | null;
}>();
const { mutate: authorizeMutation, onDone: onAuthorizeMutationDone } =
useMutation<
{ authorizeApplication: { code: string; state: string } },
{
applicationClientId: string;
redirectURI: string;
state?: string | null;
scope?: string | null;
}
>(AUTORIZE_APPLICATION);
const authorize = () => {
authorizeMutation({
applicationClientId: props.authApplication.clientId,
redirectURI: props.redirectURI as string,
state: props.state,
scope: props.scope,
});
};
onAuthorizeMutationDone(({ data }) => {
const code = data?.authorizeApplication?.code;
const returnedState = data?.authorizeApplication?.state ?? "";
if (!code) return;
if (props.redirectURI) {
const params = new URLSearchParams(
Object.entries({ code, state: returnedState })
);
window.location.assign(
new URL(`${props.redirectURI}?${params.toString()}`)
);
}
});
useHead({
title: computed(() => t("Authorize application")),
});
</script>

View file

@ -3,6 +3,7 @@ import gql from "graphql-tag";
export const AUTH_APPLICATION = gql`
query AuthApplication($clientId: String!) {
authApplication(clientId: $clientId) {
id
clientId
name
website
@ -13,7 +14,7 @@ export const AUTH_APPLICATION = gql`
export const AUTORIZE_APPLICATION = gql`
mutation AuthorizeApplication(
$applicationClientId: String!
$redirectURI: String!
$redirectURI: String
$state: String
$scope: String
) {
@ -53,3 +54,18 @@ export const REVOKED_AUTHORIZED_APPLICATION = gql`
}
}
`;
export const DEVICE_ACTIVATION = gql`
mutation DeviceActivation($userCode: String!) {
deviceActivation(userCode: $userCode) {
id
application {
id
clientId
name
website
}
scope
}
}
`;

View file

@ -14,6 +14,7 @@ export enum UserRouteName {
VALIDATE = "Validate",
LOGIN = "Login",
OAUTH_AUTORIZE = "OAUTH_AUTORIZE",
OAUTH_LOGIN_DEVICE = "OAUTH_LOGIN_DEVICE",
}
export const userRoutes: RouteRecordRaw[] = [
@ -120,4 +121,16 @@ export const userRoutes: RouteRecordRaw[] = [
},
},
},
{
path: "/login/device",
name: UserRouteName.OAUTH_LOGIN_DEVICE,
component: (): Promise<any> =>
import("@/views/OAuth/DeviceActivationView.vue"),
meta: {
requiredAuth: true,
announcer: {
message: (): string => t("Device activation") as string,
},
},
},
];

View file

@ -26,39 +26,14 @@
</div>
</div>
</div>
<div
<AuthorizeApplication
v-if="authApplication"
v-show="!authApplicationLoading && !authApplicationError && !resultCode"
>
<h1 class="text-3xl">
{{ t("Autorize this application to access your account?") }}
</h1>
<div
class="rounded-lg bg-mbz-warning shadow-xl my-6 p-4 flex items-center gap-2"
>
<AlertCircle :size="42" />
<p>
{{
t(
"This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust."
)
}}
</p>
</div>
<div class="rounded-lg bg-white shadow-xl my-6">
<div class="p-4 pb-0">
<p class="text-3xl font-bold">{{ authApplication?.name }}</p>
<p>{{ authApplication?.website }}</p>
</div>
<div class="flex gap-3 p-4">
<o-button @click="() => authorize()">{{ t("Authorize") }}</o-button>
<o-button outlined tag="router-link" :to="{ name: RouteName.HOME }">{{
t("Decline")
}}</o-button>
</div>
</div>
</div>
:auth-application="authApplication"
:redirectURI="redirectURI"
:state="state"
:scope="scope"
/>
<div v-show="authApplicationError">
<div
class="rounded-lg bg-mbz-danger shadow-xl my-6 p-4 flex items-center gap-2"
@ -114,6 +89,7 @@ import { IApplication } from "@/types/application.model";
import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
import type { AbsintheGraphQLError } from "@/types/errors.model";
import RouteName from "@/router/name";
import AuthorizeApplication from "@/components/OAuth/AuthorizeApplication.vue";
const { t } = useI18n({ useScope: "global" });

View file

@ -0,0 +1,149 @@
<template>
<div class="container mx-auto w-96">
<form
@submit.prevent="() => validateCode({ userCode: code })"
@paste="pasteCode"
class="rounded-lg bg-white dark:bg-zinc-900 shadow-xl my-6 p-4"
v-if="!application"
>
<h1 class="text-3xl text-center">
{{ t("Device activation") }}
</h1>
<p class="mb-4 text-center">
{{ t("Enter the code displayed on your device") }}
</p>
<div class="flex items-center justify-between mb-4 gap-2">
<div
v-for="i in Array(9).keys()"
:key="i"
:class="i === 4 ? 'w-6' : 'w-8'"
>
<span
:id="`user-code-${i}`"
v-if="i === 4"
class="block text-3xl text-center"
>-</span
>
<o-input
autocapitalize="characters"
@update:modelValue="(val: string) => inputs[i] = val.toUpperCase()"
:useHtml5Validation="true"
:id="`user-code-${i}`"
:ref="(el: Element) => userCodeInputs[i] = el"
:modelValue="inputs[i]"
v-else
size="large"
style="font-size: 22px; padding: 0.5rem 0.15rem 0.5rem 0.25rem"
required
maxlength="1"
pattern="[A-Z]{1}"
:autofocus="i === 0 ? true : undefined"
/>
</div>
</div>
<div
class="rounded-lg bg-mbz-danger shadow-xl my-6 p-4 flex items-center gap-2"
v-if="error"
>
<AlertCircle :size="42" />
<div>
<p>{{ error }}</p>
</div>
</div>
<div class="text-center">
<o-button native-type="submit">{{ t("Continue") }}</o-button>
</div>
</form>
<AuthorizeApplication v-if="application" :auth-application="application" />
</div>
</template>
<script lang="ts" setup>
import { DEVICE_ACTIVATION } from "@/graphql/application";
import { useMutation } from "@vue/apollo-composable";
import { useHead } from "@vueuse/head";
import { computed, reactive, ref, watch } from "vue";
import { useI18n } from "vue-i18n";
import AuthorizeApplication from "@/components/OAuth/AuthorizeApplication.vue";
import { IApplication } from "@/types/application.model";
import { AbsintheGraphQLErrors } from "@/types/errors.model";
import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
const { t } = useI18n({ useScope: "global" });
const {
mutate: validateCode,
onDone: onDeviceActivationDone,
onError: onDeviceActivationError,
} = useMutation<{
deviceActivation: { application: IApplication; id: string; scope: string };
}>(DEVICE_ACTIVATION);
const inputs = reactive<string[]>([]);
const application = ref<IApplication | null>(null);
onDeviceActivationDone(({ data }) => {
const foundApplication = data?.deviceActivation?.application;
if (foundApplication) {
application.value = foundApplication;
}
});
const code = computed(() => {
return inputs.join("");
});
const userCodeInputs = reactive<Record<number, Element>>([]);
watch(inputs, (localInputs) => {
localInputs.forEach((input, index) => {
if (input && index < 8) {
if (index === 3) {
index = 4;
}
(userCodeInputs[index + 1] as HTMLInputElement).focus();
}
});
});
const error = ref<string | null>(null);
onDeviceActivationError(
({ graphQLErrors }: { graphQLErrors: AbsintheGraphQLErrors }) => {
if (graphQLErrors[0].status_code === 404) {
error.value = t("The device code is incorrect or no longer valid.");
}
resetInputs();
(userCodeInputs[0] as HTMLInputElement).focus();
setTimeout(() => {
error.value = null;
}, 10000);
}
);
const resetInputs = () => {
inputs.splice(0);
};
const pasteCode = (e: ClipboardEvent) => {
let pastedCode = e.clipboardData?.getData("text").trim();
if (!pastedCode) return;
if (pastedCode.match(/^[A-Z]{4}-[A-Z]{4}$/)) {
pastedCode = pastedCode.slice(0, 4) + pastedCode.slice(5);
}
if (pastedCode.match(/^[A-Z]{8}$/)) {
pastedCode.split("").forEach((val, index) => {
const realIndex = index > 3 ? index + 1 : index;
inputs[realIndex] = val;
});
}
};
useHead({
title: computed(() => t("Device activation")),
});
</script>

View file

@ -76,11 +76,12 @@ import {
} from "@/graphql/application";
import { useMutation, useQuery } from "@vue/apollo-composable";
import { useHead } from "@vueuse/head";
import { computed } from "vue";
import { computed, inject } from "vue";
import { useI18n } from "vue-i18n";
import RouteName from "../../router/name";
import { IUser } from "@/types/current-user.model";
import { formatDateString } from "@/filters/datetime";
import { Notifier } from "@/plugins/notifier";
const { t } = useI18n({ useScope: "global" });
@ -132,6 +133,14 @@ const { mutate: revoke, onDone: onRevokedApplication } = useMutation<
},
});
const notifier = inject<Notifier>("notifier");
onRevokedApplication(() => {
notifier?.success(
t("Application was revoked")
);
})
useHead({
title: computed(() => t("Apps")),
});

View file

@ -4,7 +4,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Application do
"""
alias Mobilizon.Applications, as: ApplicationManager
alias Mobilizon.Applications.{Application, ApplicationToken}
alias Mobilizon.Applications.{Application, ApplicationDeviceActivation, ApplicationToken}
alias Mobilizon.Service.Auth.Applications
alias Mobilizon.Users.User
import Mobilizon.Web.Gettext, only: [dgettext: 2]
@ -89,4 +89,33 @@ defmodule Mobilizon.GraphQL.Resolvers.Application do
def revoke_application_token(_parent, _args, _resolution) do
{:error, :unauthenticated}
end
def activate_device(_parent, %{user_code: user_code}, %{
context: %{current_user: %User{} = user}
}) do
with {:ok, %ApplicationDeviceActivation{} = app_device_activation} <-
Applications.activate_device(user_code, user) do
{:ok, app_device_activation |> Map.from_struct() |> Map.take([:application, :id, :scope])}
end
end
@spec authorize_device_application(any(), map(), Absinthe.Resolution.t()) ::
{:ok, map()} | {:error, String.t()}
def authorize_device_application(
_parent,
%{client_id: client_id, user_code: user_code},
%{context: %{current_user: %User{id: user_id}}}
) do
case Applications.autorize_device_application(client_id, user_code, user_id) do
{:ok, %Application{} = app} ->
{:ok, app}
{:error, :application_not_found} ->
{:error,
dgettext(
"errors",
"No application with this client_id was found"
)}
end
end
end

View file

@ -7,6 +7,7 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
@desc "An application"
object :auth_application do
field(:id, :id)
field(:name, :string)
field(:client_id, :string)
field(:scopes, :string)
@ -27,6 +28,12 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
field(:state, :string)
end
object :application_device_activation do
field(:id, :id)
field(:application, :auth_application)
field(:scope, :string)
end
object :auth_application_queries do
@desc "Get an application"
field :auth_application, :auth_application do
@ -53,9 +60,27 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
resolve(&Application.authorize/3)
end
@desc "Revoke an authorized application"
field :revoke_application_token, :deleted_object do
arg(:app_token_id, non_null(:string), description: "The application token's ID")
resolve(&Application.revoke_application_token/3)
end
@desc "Activate an user device"
field :device_activation, :application_device_activation do
arg(:user_code, non_null(:string),
description: "The code provided by the application entered by the user"
)
resolve(&Application.activate_device/3)
end
@desc "Activate an user device"
field :authorize_device_application, :auth_application do
arg(:client_id, non_null(:string), description: "The application's client_id")
arg(:scope, :string, description: "The scope for the authorization")
resolve(&Application.authorize_device_application/3)
end
end
end

View file

@ -4,10 +4,24 @@ defmodule Mobilizon.Applications do
"""
import Ecto.Query, warn: false
import EctoEnum
alias Ecto.Multi
alias Mobilizon.Applications.Application
alias Mobilizon.Storage.Repo
defenum(ApplicationDeviceActivationStatus, [
"success",
"pending",
"incorrect_device_code",
"access_denied"
])
defenum(ApplicationTokenStatus, [
"success",
"pending",
"access_denied"
])
@doc """
Returns the list of applications.
@ -255,4 +269,129 @@ defmodule Mobilizon.Applications do
def change_application_token(%ApplicationToken{} = application_token, attrs \\ %{}) do
ApplicationToken.changeset(application_token, attrs)
end
alias Mobilizon.Applications.ApplicationDeviceActivation
@doc """
Returns the list of application_device_activation.
## Examples
iex> list_application_device_activation()
[%ApplicationDeviceActivation{}, ...]
"""
def list_application_device_activation do
Repo.all(ApplicationDeviceActivation)
end
@doc """
Gets a single application_device_activation.
Raises `Ecto.NoResultsError` if the Application device activation does not exist.
## Examples
iex> get_application_device_activation!(123)
%ApplicationDeviceActivation{}
iex> get_application_device_activation!(456)
** (Ecto.NoResultsError)
"""
def get_application_device_activation!(id), do: Repo.get!(ApplicationDeviceActivation, id)
def get_application_device_activation(id), do: Repo.get(ApplicationDeviceActivation, id)
def get_application_device_activation_by_user_code(user_code),
do: Repo.get_by(ApplicationDeviceActivation, user_code: user_code)
def get_application_device_activation(client_id, device_code) do
ApplicationDeviceActivation
|> join(:left, [ada], a in assoc(ada, :application))
|> where([_, a], a.client_id == ^client_id)
|> where([ada], ada.device_code == ^device_code)
|> select([ada], ada)
|> Repo.one()
end
@doc """
Creates a application_device_activation.
## Examples
iex> create_application_device_activation(%{field: value})
{:ok, %ApplicationDeviceActivation{}}
iex> create_application_device_activation(%{field: bad_value})
{:error, %Ecto.Changeset{}}
"""
def create_application_device_activation(attrs \\ %{}) do
%ApplicationDeviceActivation{}
|> ApplicationDeviceActivation.changeset(attrs)
|> Repo.insert()
end
@doc """
Updates a application_device_activation.
## Examples
iex> update_application_device_activation(application_device_activation, %{field: new_value})
{:ok, %ApplicationDeviceActivation{}}
iex> update_application_device_activation(application_device_activation, %{field: bad_value})
{:error, %Ecto.Changeset{}}
"""
def update_application_device_activation(
%ApplicationDeviceActivation{} = application_device_activation,
attrs
) do
application_device_activation
|> ApplicationDeviceActivation.changeset(attrs)
|> Repo.update()
|> case do
{:ok, application_device_activation} ->
{:ok, Repo.preload(application_device_activation, :application)}
error ->
error
end
end
@doc """
Deletes a application_device_activation.
## Examples
iex> delete_application_device_activation(application_device_activation)
{:ok, %ApplicationDeviceActivation{}}
iex> delete_application_device_activation(application_device_activation)
{:error, %Ecto.Changeset{}}
"""
def delete_application_device_activation(
%ApplicationDeviceActivation{} = application_device_activation
) do
Repo.delete(application_device_activation)
end
@doc """
Returns an `%Ecto.Changeset{}` for tracking application_device_activation changes.
## Examples
iex> change_application_device_activation(application_device_activation)
%Ecto.Changeset{data: %ApplicationDeviceActivation{}}
"""
def change_application_device_activation(
%ApplicationDeviceActivation{} = application_device_activation,
attrs \\ %{}
) do
ApplicationDeviceActivation.changeset(application_device_activation, attrs)
end
end

View file

@ -0,0 +1,32 @@
defmodule Mobilizon.Applications.ApplicationDeviceActivation do
@moduledoc """
Module representing a application device activation
"""
use Ecto.Schema
import Ecto.Changeset
alias Mobilizon.Applications.{Application, ApplicationDeviceActivationStatus}
alias Mobilizon.Users.User
schema "application_device_activation" do
field(:user_code, :string)
field(:device_code, :string)
field(:scope, :string)
field(:expires_in, :integer)
field(:status, ApplicationDeviceActivationStatus, default: :pending)
belongs_to(:user, User)
belongs_to(:application, Application)
timestamps()
end
@required_attrs [:user_code, :device_code, :expires_in, :application_id]
@optional_attrs [:status, :user_id]
@attrs @required_attrs ++ @optional_attrs
@doc false
def changeset(application_device_activation, attrs) do
application_device_activation
|> cast(attrs, @attrs)
|> validate_required(@required_attrs)
end
end

View file

@ -4,16 +4,20 @@ defmodule Mobilizon.Applications.ApplicationToken do
"""
use Ecto.Schema
import Ecto.Changeset
alias Mobilizon.Applications.{Application, ApplicationTokenStatus}
alias Mobilizon.Users.User
schema "application_tokens" do
belongs_to(:user, Mobilizon.Users.User)
belongs_to(:application, Mobilizon.Applications.Application)
belongs_to(:user, User)
belongs_to(:application, Application)
field(:authorization_code, :string)
field(:status, ApplicationTokenStatus)
field(:scope, :string)
timestamps()
end
@required_attrs [:user_id, :application_id]
@required_attrs [:user_id, :application_id, :scope]
@optional_attrs [:authorization_code]
@attrs @required_attrs ++ @optional_attrs

View file

@ -3,8 +3,10 @@ defmodule Mobilizon.Service.Auth.Applications do
Module to handle applications management
"""
alias Mobilizon.Applications
alias Mobilizon.Applications.{Application, ApplicationToken}
alias Mobilizon.Applications.{Application, ApplicationDeviceActivation, ApplicationToken}
alias Mobilizon.Service.Auth.Authenticator
alias Mobilizon.Users.User
alias Mobilizon.Web.Router.Helpers, as: Routes
@app_access_tokens_ttl {8, :hour}
@app_refresh_tokens_ttl {26, :week}
@ -58,6 +60,15 @@ defmodule Mobilizon.Service.Auth.Applications do
end
end
def autorize_device_application(client_id, user_code) do
case Applications.get_application_device_activation(client_id, user_code) do
%ApplicationDeviceActivation{status: :confirmed} = app_device_activation ->
Applications.update_application_device_activation(app_device_activation, %{
status: :success
})
end
end
@spec generate_access_token(String.t(), String.t(), String.t(), String.t()) ::
{:ok, access_token_details()}
| {:error,
@ -118,6 +129,126 @@ defmodule Mobilizon.Service.Auth.Applications do
end
end
def generate_access_token(client_id, device_code) do
case Applications.get_application_device_activation(client_id, device_code) do
%ApplicationDeviceActivation{status: :success, scope: scope, user_id: user_id} =
app_device_activation ->
if device_activation_expired?(app_device_activation) do
{:error, :expired}
else
%Application{id: app_id} = Applications.get_application_by_client_id(client_id)
{:ok, %ApplicationToken{} = app_token} =
Applications.create_application_token(%{
user_id: user_id,
application_id: app_id,
authorization_code: nil,
scope: scope
})
{:ok, access_token} =
Authenticator.generate_access_token(app_token, @app_access_tokens_ttl)
{:ok, refresh_token} =
Authenticator.generate_refresh_token(app_token, @app_refresh_tokens_ttl)
{:ok,
%{
access_token: access_token,
expires_in: ttl_to_seconds(@app_access_tokens_ttl),
refresh_token: refresh_token,
refresh_token_expires_in: ttl_to_seconds(@app_refresh_tokens_ttl),
scope: scope,
token_type: "bearer"
}}
end
%ApplicationDeviceActivation{status: :incorrect_device_code} ->
{:error, :incorrect_device_code}
%ApplicationDeviceActivation{status: :access_denied} ->
{:error, :access_denied}
err ->
require Logger
Logger.error(inspect(err))
{:error, :incorrect_device_code}
end
end
@chars "ABCDEFGHIJKLMNOPQRSTUVWXYZ" |> String.split("", trim: true)
defp string_of_length(length) do
1..length
|> Enum.reduce([], fn _i, acc ->
[Enum.random(@chars) | acc]
end)
|> Enum.join("")
end
@expires_in 900
@interval 5
@spec register_device_code(String.t(), String.t() | nil) ::
{:ok, ApplicationDeviceActivation.t()}
| {:error, Ecto.Changeset.t()}
def register_device_code(client_id, scope) do
%Application{} = application = Applications.get_application_by_client_id(client_id)
device_code = string_of_length(40)
user_code = string_of_length(8)
verification_uri = Routes.page_url(Mobilizon.Web.Endpoint, :auth_device)
expires_in = @expires_in
interval = @interval
case Applications.create_application_device_activation(%{
device_code: device_code,
user_code: user_code,
expires_in: expires_in,
application_id: application.id,
scope: scope
}) do
{:ok, %ApplicationDeviceActivation{} = application_device_activation} ->
{:ok,
application_device_activation
|> Map.from_struct()
|> Map.take([:device_code, :user_code, :expires_in])
|> Map.update!(:user_code, &user_code_displayed/1)
|> Map.merge(%{
interval: interval,
verification_uri: verification_uri
})}
{:error, %Ecto.Changeset{} = err} ->
{:error, err}
end
end
@spec activate_device(String.t(), User.t()) ::
{:ok, ApplicationDeviceActivation.t()}
| {:error, Ecto.Changeset.t()}
| {:error, :not_found}
| {:error, :expired}
def activate_device(user_code, user) do
case Applications.get_application_device_activation_by_user_code(user_code) do
%ApplicationDeviceActivation{} = app_device_activation ->
if device_activation_expired?(app_device_activation) do
{:error, :expired}
else
Applications.update_application_device_activation(app_device_activation, %{
status: :confirmed,
user_id: user.id
})
end
_ ->
{:error, :not_found}
end
end
defp user_code_displayed(user_code) do
String.slice(user_code, 0..3) <> "-" <> String.slice(user_code, 4..7)
end
def revoke_application_token(%ApplicationToken{} = app_token) do
Applications.revoke_application_token(app_token)
end
@ -127,4 +258,13 @@ defmodule Mobilizon.Service.Auth.Applications do
defp ttl_to_seconds({value, :minute}), do: value * 60
defp ttl_to_seconds({value, :hour}), do: value * 3600
defp ttl_to_seconds({value, :week}), do: value * 604_800
@spec device_activation_expired?(ApplicationDeviceActivation.t()) :: boolean()
defp device_activation_expired?(%ApplicationDeviceActivation{
inserted_at: inserted_at,
expires_in: expires_in
}) do
NaiveDateTime.compare(NaiveDateTime.add(inserted_at, expires_in), NaiveDateTime.utc_now()) ==
:gt
end
end

View file

@ -1,12 +1,11 @@
defmodule Mobilizon.Web.ApplicationController do
use Mobilizon.Web, :controller
alias Mobilizon.Applications.Application
alias Mobilizon.Applications.{Application, ApplicationDeviceActivation}
alias Mobilizon.Service.Auth.Applications
plug(:put_layout, false)
import Mobilizon.Web.Gettext, only: [dgettext: 2]
@out_of_band_redirect_uri "urn:ietf:wg:oauth:2.0:oob"
require Logger
@doc """
Create an application
@ -84,6 +83,27 @@ defmodule Mobilizon.Web.ApplicationController do
end
end
def device_code(conn, %{"client_id" => client_id} = args) do
case Applications.register_device_code(client_id, Map.get(args, "scope")) do
{:ok, res} when is_map(res) ->
case get_format(conn) do
"json" ->
json(conn, res)
_ ->
send_resp(conn, 200, URI.encode_query(res))
end
{:error, %Ecto.Changeset{} = err} ->
Logger.error(inspect(err))
send_resp(conn, 500, "Unable to produce device code")
end
end
def device_code(conn, _args) do
send_resp(conn, 400, "You need to send to send at least client_id to obtain a device code")
end
@spec generate_access_token(Plug.Conn.t(), map()) :: Plug.Conn.t()
def generate_access_token(conn, %{
"client_id" => client_id,
@ -93,11 +113,7 @@ defmodule Mobilizon.Web.ApplicationController do
}) do
case Applications.generate_access_token(client_id, client_secret, code, redirect_uri) do
{:ok, token} ->
if redirect_uri != @out_of_band_redirect_uri do
redirect(conn, external: generate_redirect_with_query_params(redirect_uri, token))
else
json(conn, token)
end
redirect(conn, external: generate_redirect_with_query_params(redirect_uri, token))
{:error, :application_not_found} ->
send_resp(conn, 400, dgettext("errors", "No application was found with this client_id"))
@ -123,6 +139,27 @@ defmodule Mobilizon.Web.ApplicationController do
end
end
def generate_access_token(conn, %{
"client_id" => client_id,
"device_code" => device_code,
"grant_type" => "urn:ietf:params:oauth:grant-type:device_code",
"_format" => "json"
}) do
json(conn, Applications.generate_access_token(client_id, device_code))
end
def generate_access_token(conn, %{
"client_id" => client_id,
"device_code" => device_code,
"grant_type" => "urn:ietf:params:oauth:grant-type:device_code"
}) do
send_resp(
conn,
200,
URI.encode_query(Applications.generate_access_token(client_id, device_code))
)
end
@spec generate_redirect_with_query_params(String.t(), map()) :: String.t()
defp generate_redirect_with_query_params(redirect_uri, query_params) do
redirect_uri |> URI.parse() |> URI.merge("?" <> URI.encode_query(query_params)) |> to_string()

View file

@ -124,6 +124,9 @@ defmodule Mobilizon.Web.PageController do
@spec authorize(Plug.Conn.t(), any) :: Plug.Conn.t()
def authorize(conn, _params), do: render(conn, :index)
@spec auth_device(Plug.Conn.t(), any) :: Plug.Conn.t()
def auth_device(conn, _params), do: render(conn, :index)
@spec handle_collection_route(Plug.Conn.t(), collections()) :: Plug.Conn.t()
defp handle_collection_route(conn, collection) do
case get_format(conn) do

View file

@ -210,6 +210,17 @@ defmodule Mobilizon.Web.Router do
get("/oauth/authorize", ApplicationController, :authorize)
post("/oauth/token", ApplicationController, :generate_access_token)
get("/oauth/autorize_approve", PageController, :authorize)
get("/login/device", PageController, :auth_device)
end
pipeline :login do
plug(:accepts, ["html", "json"])
end
scope "/login", Mobilizon.Web do
pipe_through(:login)
post("/device/code", ApplicationController, :device_code)
end
scope "/proxy/", Mobilizon.Web do

View file

@ -0,0 +1,10 @@
defmodule Mobilizon.Storage.Repo.Migrations.AddDeviceFlowSupport do
use Ecto.Migration
def change do
alter table(:application_tokens) do
add(:status, :string, default: :pending, null: false)
add(:scope, :string)
end
end
end

View file

@ -0,0 +1,16 @@
defmodule Mobilizon.Repo.Migrations.CreateApplicationDeviceActivation do
use Ecto.Migration
def change do
create table(:application_device_activation) do
add(:user_code, :string)
add(:device_code, :string)
add(:scope, :string)
add(:expires_in, :integer)
add(:status, :string, default: "pending")
add(:user_id, references(:users, on_delete: :delete_all), null: true)
add(:application_id, references(:applications, on_delete: :delete_all), null: false)
timestamps()
end
end
end

View file

@ -143,4 +143,78 @@ defmodule Mobilizon.ApplicationsTest do
assert %Ecto.Changeset{} = Applications.change_application_token(application_token)
end
end
describe "application_device_activation" do
alias Mobilizon.Applications.ApplicationDeviceActivation
import Mobilizon.ApplicationsFixtures
@invalid_attrs %{}
test "list_application_device_activation/0 returns all application_device_activation" do
application_device_activation = application_device_activation_fixture()
assert Applications.list_application_device_activation() == [application_device_activation]
end
test "get_application_device_activation!/1 returns the application_device_activation with given id" do
application_device_activation = application_device_activation_fixture()
assert Applications.get_application_device_activation!(application_device_activation.id) ==
application_device_activation
end
test "create_application_device_activation/1 with valid data creates a application_device_activation" do
valid_attrs = %{}
assert {:ok, %ApplicationDeviceActivation{} = application_device_activation} =
Applications.create_application_device_activation(valid_attrs)
end
test "create_application_device_activation/1 with invalid data returns error changeset" do
assert {:error, %Ecto.Changeset{}} =
Applications.create_application_device_activation(@invalid_attrs)
end
test "update_application_device_activation/2 with valid data updates the application_device_activation" do
application_device_activation = application_device_activation_fixture()
update_attrs = %{}
assert {:ok, %ApplicationDeviceActivation{} = application_device_activation} =
Applications.update_application_device_activation(
application_device_activation,
update_attrs
)
end
test "update_application_device_activation/2 with invalid data returns error changeset" do
application_device_activation = application_device_activation_fixture()
assert {:error, %Ecto.Changeset{}} =
Applications.update_application_device_activation(
application_device_activation,
@invalid_attrs
)
assert application_device_activation ==
Applications.get_application_device_activation!(application_device_activation.id)
end
test "delete_application_device_activation/1 deletes the application_device_activation" do
application_device_activation = application_device_activation_fixture()
assert {:ok, %ApplicationDeviceActivation{}} =
Applications.delete_application_device_activation(application_device_activation)
assert_raise Ecto.NoResultsError, fn ->
Applications.get_application_device_activation!(application_device_activation.id)
end
end
test "change_application_device_activation/1 returns a application_device_activation changeset" do
application_device_activation = application_device_activation_fixture()
assert %Ecto.Changeset{} =
Applications.change_application_device_activation(application_device_activation)
end
end
end

View file

@ -40,4 +40,16 @@ defmodule Mobilizon.ApplicationsFixtures do
application_token
end
@doc """
Generate a application_device_activation.
"""
def application_device_activation_fixture(attrs \\ %{}) do
{:ok, application_device_activation} =
attrs
|> Enum.into(%{})
|> Mobilizon.Applications.create_application_device_activation()
application_device_activation
end
end