forked from potsda.mn/mobilizon
Introduce device flow
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
2ee329ff7b
commit
b6875f6a4b
91
js/src/components/OAuth/AuthorizeApplication.vue
Normal file
91
js/src/components/OAuth/AuthorizeApplication.vue
Normal file
|
@ -0,0 +1,91 @@
|
|||
<template>
|
||||
<h1 class="text-3xl">
|
||||
{{ t("Autorize this application to access your account?") }}
|
||||
</h1>
|
||||
|
||||
<div
|
||||
class="rounded-lg bg-mbz-warning dark:text-black shadow-xl my-6 p-4 flex items-center gap-2"
|
||||
>
|
||||
<AlertCircle :size="42" />
|
||||
<p>
|
||||
{{
|
||||
t(
|
||||
"This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust."
|
||||
)
|
||||
}}
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="rounded-lg bg-white dark:bg-zinc-900 shadow-xl my-6">
|
||||
<div class="p-4 pb-0">
|
||||
<p class="text-3xl font-bold">{{ authApplication.name }}</p>
|
||||
<p>{{ authApplication.website }}</p>
|
||||
</div>
|
||||
<div class="flex gap-3 p-4">
|
||||
<o-button @click="() => authorize()">{{ t("Authorize") }}</o-button>
|
||||
<o-button outlined tag="router-link" :to="{ name: RouteName.HOME }">{{
|
||||
t("Decline")
|
||||
}}</o-button>
|
||||
</div>
|
||||
</div>
|
||||
</template>
|
||||
|
||||
<script lang="ts" setup>
|
||||
import { useHead } from "@vueuse/head";
|
||||
import { computed } from "vue";
|
||||
import { useI18n } from "vue-i18n";
|
||||
import { useMutation } from "@vue/apollo-composable";
|
||||
import { AUTORIZE_APPLICATION } from "@/graphql/application";
|
||||
import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
|
||||
import RouteName from "@/router/name";
|
||||
import { IApplication } from "@/types/application.model";
|
||||
|
||||
const { t } = useI18n({ useScope: "global" });
|
||||
|
||||
const props = defineProps<{
|
||||
authApplication: IApplication;
|
||||
redirectURI?: string | null;
|
||||
state?: string | null;
|
||||
scope?: string | null;
|
||||
}>();
|
||||
|
||||
const { mutate: authorizeMutation, onDone: onAuthorizeMutationDone } =
|
||||
useMutation<
|
||||
{ authorizeApplication: { code: string; state: string } },
|
||||
{
|
||||
applicationClientId: string;
|
||||
redirectURI: string;
|
||||
state?: string | null;
|
||||
scope?: string | null;
|
||||
}
|
||||
>(AUTORIZE_APPLICATION);
|
||||
|
||||
const authorize = () => {
|
||||
authorizeMutation({
|
||||
applicationClientId: props.authApplication.clientId,
|
||||
redirectURI: props.redirectURI as string,
|
||||
state: props.state,
|
||||
scope: props.scope,
|
||||
});
|
||||
};
|
||||
|
||||
onAuthorizeMutationDone(({ data }) => {
|
||||
const code = data?.authorizeApplication?.code;
|
||||
const returnedState = data?.authorizeApplication?.state ?? "";
|
||||
|
||||
if (!code) return;
|
||||
|
||||
if (props.redirectURI) {
|
||||
const params = new URLSearchParams(
|
||||
Object.entries({ code, state: returnedState })
|
||||
);
|
||||
window.location.assign(
|
||||
new URL(`${props.redirectURI}?${params.toString()}`)
|
||||
);
|
||||
}
|
||||
});
|
||||
|
||||
useHead({
|
||||
title: computed(() => t("Authorize application")),
|
||||
});
|
||||
</script>
|
|
@ -3,6 +3,7 @@ import gql from "graphql-tag";
|
|||
export const AUTH_APPLICATION = gql`
|
||||
query AuthApplication($clientId: String!) {
|
||||
authApplication(clientId: $clientId) {
|
||||
id
|
||||
clientId
|
||||
name
|
||||
website
|
||||
|
@ -13,7 +14,7 @@ export const AUTH_APPLICATION = gql`
|
|||
export const AUTORIZE_APPLICATION = gql`
|
||||
mutation AuthorizeApplication(
|
||||
$applicationClientId: String!
|
||||
$redirectURI: String!
|
||||
$redirectURI: String
|
||||
$state: String
|
||||
$scope: String
|
||||
) {
|
||||
|
@ -53,3 +54,18 @@ export const REVOKED_AUTHORIZED_APPLICATION = gql`
|
|||
}
|
||||
}
|
||||
`;
|
||||
|
||||
export const DEVICE_ACTIVATION = gql`
|
||||
mutation DeviceActivation($userCode: String!) {
|
||||
deviceActivation(userCode: $userCode) {
|
||||
id
|
||||
application {
|
||||
id
|
||||
clientId
|
||||
name
|
||||
website
|
||||
}
|
||||
scope
|
||||
}
|
||||
}
|
||||
`;
|
||||
|
|
|
@ -14,6 +14,7 @@ export enum UserRouteName {
|
|||
VALIDATE = "Validate",
|
||||
LOGIN = "Login",
|
||||
OAUTH_AUTORIZE = "OAUTH_AUTORIZE",
|
||||
OAUTH_LOGIN_DEVICE = "OAUTH_LOGIN_DEVICE",
|
||||
}
|
||||
|
||||
export const userRoutes: RouteRecordRaw[] = [
|
||||
|
@ -120,4 +121,16 @@ export const userRoutes: RouteRecordRaw[] = [
|
|||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
path: "/login/device",
|
||||
name: UserRouteName.OAUTH_LOGIN_DEVICE,
|
||||
component: (): Promise<any> =>
|
||||
import("@/views/OAuth/DeviceActivationView.vue"),
|
||||
meta: {
|
||||
requiredAuth: true,
|
||||
announcer: {
|
||||
message: (): string => t("Device activation") as string,
|
||||
},
|
||||
},
|
||||
},
|
||||
];
|
||||
|
|
|
@ -26,39 +26,14 @@
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
<AuthorizeApplication
|
||||
v-if="authApplication"
|
||||
v-show="!authApplicationLoading && !authApplicationError && !resultCode"
|
||||
>
|
||||
<h1 class="text-3xl">
|
||||
{{ t("Autorize this application to access your account?") }}
|
||||
</h1>
|
||||
|
||||
<div
|
||||
class="rounded-lg bg-mbz-warning shadow-xl my-6 p-4 flex items-center gap-2"
|
||||
>
|
||||
<AlertCircle :size="42" />
|
||||
<p>
|
||||
{{
|
||||
t(
|
||||
"This application will be able to access all of your informations and post content on your behalf. Make sure you only approve applications you trust."
|
||||
)
|
||||
}}
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="rounded-lg bg-white shadow-xl my-6">
|
||||
<div class="p-4 pb-0">
|
||||
<p class="text-3xl font-bold">{{ authApplication?.name }}</p>
|
||||
<p>{{ authApplication?.website }}</p>
|
||||
</div>
|
||||
<div class="flex gap-3 p-4">
|
||||
<o-button @click="() => authorize()">{{ t("Authorize") }}</o-button>
|
||||
<o-button outlined tag="router-link" :to="{ name: RouteName.HOME }">{{
|
||||
t("Decline")
|
||||
}}</o-button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
:auth-application="authApplication"
|
||||
:redirectURI="redirectURI"
|
||||
:state="state"
|
||||
:scope="scope"
|
||||
/>
|
||||
<div v-show="authApplicationError">
|
||||
<div
|
||||
class="rounded-lg bg-mbz-danger shadow-xl my-6 p-4 flex items-center gap-2"
|
||||
|
@ -114,6 +89,7 @@ import { IApplication } from "@/types/application.model";
|
|||
import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
|
||||
import type { AbsintheGraphQLError } from "@/types/errors.model";
|
||||
import RouteName from "@/router/name";
|
||||
import AuthorizeApplication from "@/components/OAuth/AuthorizeApplication.vue";
|
||||
|
||||
const { t } = useI18n({ useScope: "global" });
|
||||
|
||||
|
|
149
js/src/views/OAuth/DeviceActivationView.vue
Normal file
149
js/src/views/OAuth/DeviceActivationView.vue
Normal file
|
@ -0,0 +1,149 @@
|
|||
<template>
|
||||
<div class="container mx-auto w-96">
|
||||
<form
|
||||
@submit.prevent="() => validateCode({ userCode: code })"
|
||||
@paste="pasteCode"
|
||||
class="rounded-lg bg-white dark:bg-zinc-900 shadow-xl my-6 p-4"
|
||||
v-if="!application"
|
||||
>
|
||||
<h1 class="text-3xl text-center">
|
||||
{{ t("Device activation") }}
|
||||
</h1>
|
||||
<p class="mb-4 text-center">
|
||||
{{ t("Enter the code displayed on your device") }}
|
||||
</p>
|
||||
|
||||
<div class="flex items-center justify-between mb-4 gap-2">
|
||||
<div
|
||||
v-for="i in Array(9).keys()"
|
||||
:key="i"
|
||||
:class="i === 4 ? 'w-6' : 'w-8'"
|
||||
>
|
||||
<span
|
||||
:id="`user-code-${i}`"
|
||||
v-if="i === 4"
|
||||
class="block text-3xl text-center"
|
||||
>-</span
|
||||
>
|
||||
<o-input
|
||||
autocapitalize="characters"
|
||||
@update:modelValue="(val: string) => inputs[i] = val.toUpperCase()"
|
||||
:useHtml5Validation="true"
|
||||
:id="`user-code-${i}`"
|
||||
:ref="(el: Element) => userCodeInputs[i] = el"
|
||||
:modelValue="inputs[i]"
|
||||
v-else
|
||||
size="large"
|
||||
style="font-size: 22px; padding: 0.5rem 0.15rem 0.5rem 0.25rem"
|
||||
required
|
||||
maxlength="1"
|
||||
pattern="[A-Z]{1}"
|
||||
:autofocus="i === 0 ? true : undefined"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div
|
||||
class="rounded-lg bg-mbz-danger shadow-xl my-6 p-4 flex items-center gap-2"
|
||||
v-if="error"
|
||||
>
|
||||
<AlertCircle :size="42" />
|
||||
<div>
|
||||
<p>{{ error }}</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="text-center">
|
||||
<o-button native-type="submit">{{ t("Continue") }}</o-button>
|
||||
</div>
|
||||
</form>
|
||||
<AuthorizeApplication v-if="application" :auth-application="application" />
|
||||
</div>
|
||||
</template>
|
||||
|
||||
<script lang="ts" setup>
|
||||
import { DEVICE_ACTIVATION } from "@/graphql/application";
|
||||
import { useMutation } from "@vue/apollo-composable";
|
||||
import { useHead } from "@vueuse/head";
|
||||
import { computed, reactive, ref, watch } from "vue";
|
||||
import { useI18n } from "vue-i18n";
|
||||
import AuthorizeApplication from "@/components/OAuth/AuthorizeApplication.vue";
|
||||
import { IApplication } from "@/types/application.model";
|
||||
import { AbsintheGraphQLErrors } from "@/types/errors.model";
|
||||
import AlertCircle from "vue-material-design-icons/AlertCircle.vue";
|
||||
|
||||
const { t } = useI18n({ useScope: "global" });
|
||||
|
||||
const {
|
||||
mutate: validateCode,
|
||||
onDone: onDeviceActivationDone,
|
||||
onError: onDeviceActivationError,
|
||||
} = useMutation<{
|
||||
deviceActivation: { application: IApplication; id: string; scope: string };
|
||||
}>(DEVICE_ACTIVATION);
|
||||
|
||||
const inputs = reactive<string[]>([]);
|
||||
|
||||
const application = ref<IApplication | null>(null);
|
||||
|
||||
onDeviceActivationDone(({ data }) => {
|
||||
const foundApplication = data?.deviceActivation?.application;
|
||||
if (foundApplication) {
|
||||
application.value = foundApplication;
|
||||
}
|
||||
});
|
||||
|
||||
const code = computed(() => {
|
||||
return inputs.join("");
|
||||
});
|
||||
|
||||
const userCodeInputs = reactive<Record<number, Element>>([]);
|
||||
|
||||
watch(inputs, (localInputs) => {
|
||||
localInputs.forEach((input, index) => {
|
||||
if (input && index < 8) {
|
||||
if (index === 3) {
|
||||
index = 4;
|
||||
}
|
||||
(userCodeInputs[index + 1] as HTMLInputElement).focus();
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
const error = ref<string | null>(null);
|
||||
|
||||
onDeviceActivationError(
|
||||
({ graphQLErrors }: { graphQLErrors: AbsintheGraphQLErrors }) => {
|
||||
if (graphQLErrors[0].status_code === 404) {
|
||||
error.value = t("The device code is incorrect or no longer valid.");
|
||||
}
|
||||
resetInputs();
|
||||
(userCodeInputs[0] as HTMLInputElement).focus();
|
||||
setTimeout(() => {
|
||||
error.value = null;
|
||||
}, 10000);
|
||||
}
|
||||
);
|
||||
|
||||
const resetInputs = () => {
|
||||
inputs.splice(0);
|
||||
};
|
||||
|
||||
const pasteCode = (e: ClipboardEvent) => {
|
||||
let pastedCode = e.clipboardData?.getData("text").trim();
|
||||
if (!pastedCode) return;
|
||||
if (pastedCode.match(/^[A-Z]{4}-[A-Z]{4}$/)) {
|
||||
pastedCode = pastedCode.slice(0, 4) + pastedCode.slice(5);
|
||||
}
|
||||
if (pastedCode.match(/^[A-Z]{8}$/)) {
|
||||
pastedCode.split("").forEach((val, index) => {
|
||||
const realIndex = index > 3 ? index + 1 : index;
|
||||
inputs[realIndex] = val;
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
useHead({
|
||||
title: computed(() => t("Device activation")),
|
||||
});
|
||||
</script>
|
|
@ -76,11 +76,12 @@ import {
|
|||
} from "@/graphql/application";
|
||||
import { useMutation, useQuery } from "@vue/apollo-composable";
|
||||
import { useHead } from "@vueuse/head";
|
||||
import { computed } from "vue";
|
||||
import { computed, inject } from "vue";
|
||||
import { useI18n } from "vue-i18n";
|
||||
import RouteName from "../../router/name";
|
||||
import { IUser } from "@/types/current-user.model";
|
||||
import { formatDateString } from "@/filters/datetime";
|
||||
import { Notifier } from "@/plugins/notifier";
|
||||
|
||||
const { t } = useI18n({ useScope: "global" });
|
||||
|
||||
|
@ -132,6 +133,14 @@ const { mutate: revoke, onDone: onRevokedApplication } = useMutation<
|
|||
},
|
||||
});
|
||||
|
||||
const notifier = inject<Notifier>("notifier");
|
||||
|
||||
onRevokedApplication(() => {
|
||||
notifier?.success(
|
||||
t("Application was revoked")
|
||||
);
|
||||
})
|
||||
|
||||
useHead({
|
||||
title: computed(() => t("Apps")),
|
||||
});
|
||||
|
|
|
@ -4,7 +4,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Application do
|
|||
"""
|
||||
|
||||
alias Mobilizon.Applications, as: ApplicationManager
|
||||
alias Mobilizon.Applications.{Application, ApplicationToken}
|
||||
alias Mobilizon.Applications.{Application, ApplicationDeviceActivation, ApplicationToken}
|
||||
alias Mobilizon.Service.Auth.Applications
|
||||
alias Mobilizon.Users.User
|
||||
import Mobilizon.Web.Gettext, only: [dgettext: 2]
|
||||
|
@ -89,4 +89,33 @@ defmodule Mobilizon.GraphQL.Resolvers.Application do
|
|||
def revoke_application_token(_parent, _args, _resolution) do
|
||||
{:error, :unauthenticated}
|
||||
end
|
||||
|
||||
def activate_device(_parent, %{user_code: user_code}, %{
|
||||
context: %{current_user: %User{} = user}
|
||||
}) do
|
||||
with {:ok, %ApplicationDeviceActivation{} = app_device_activation} <-
|
||||
Applications.activate_device(user_code, user) do
|
||||
{:ok, app_device_activation |> Map.from_struct() |> Map.take([:application, :id, :scope])}
|
||||
end
|
||||
end
|
||||
|
||||
@spec authorize_device_application(any(), map(), Absinthe.Resolution.t()) ::
|
||||
{:ok, map()} | {:error, String.t()}
|
||||
def authorize_device_application(
|
||||
_parent,
|
||||
%{client_id: client_id, user_code: user_code},
|
||||
%{context: %{current_user: %User{id: user_id}}}
|
||||
) do
|
||||
case Applications.autorize_device_application(client_id, user_code, user_id) do
|
||||
{:ok, %Application{} = app} ->
|
||||
{:ok, app}
|
||||
|
||||
{:error, :application_not_found} ->
|
||||
{:error,
|
||||
dgettext(
|
||||
"errors",
|
||||
"No application with this client_id was found"
|
||||
)}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -7,6 +7,7 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
|
|||
|
||||
@desc "An application"
|
||||
object :auth_application do
|
||||
field(:id, :id)
|
||||
field(:name, :string)
|
||||
field(:client_id, :string)
|
||||
field(:scopes, :string)
|
||||
|
@ -27,6 +28,12 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
|
|||
field(:state, :string)
|
||||
end
|
||||
|
||||
object :application_device_activation do
|
||||
field(:id, :id)
|
||||
field(:application, :auth_application)
|
||||
field(:scope, :string)
|
||||
end
|
||||
|
||||
object :auth_application_queries do
|
||||
@desc "Get an application"
|
||||
field :auth_application, :auth_application do
|
||||
|
@ -53,9 +60,27 @@ defmodule Mobilizon.GraphQL.Schema.AuthApplicationType do
|
|||
resolve(&Application.authorize/3)
|
||||
end
|
||||
|
||||
@desc "Revoke an authorized application"
|
||||
field :revoke_application_token, :deleted_object do
|
||||
arg(:app_token_id, non_null(:string), description: "The application token's ID")
|
||||
resolve(&Application.revoke_application_token/3)
|
||||
end
|
||||
|
||||
@desc "Activate an user device"
|
||||
field :device_activation, :application_device_activation do
|
||||
arg(:user_code, non_null(:string),
|
||||
description: "The code provided by the application entered by the user"
|
||||
)
|
||||
|
||||
resolve(&Application.activate_device/3)
|
||||
end
|
||||
|
||||
@desc "Activate an user device"
|
||||
field :authorize_device_application, :auth_application do
|
||||
arg(:client_id, non_null(:string), description: "The application's client_id")
|
||||
arg(:scope, :string, description: "The scope for the authorization")
|
||||
|
||||
resolve(&Application.authorize_device_application/3)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -4,10 +4,24 @@ defmodule Mobilizon.Applications do
|
|||
"""
|
||||
|
||||
import Ecto.Query, warn: false
|
||||
import EctoEnum
|
||||
alias Ecto.Multi
|
||||
alias Mobilizon.Applications.Application
|
||||
alias Mobilizon.Storage.Repo
|
||||
|
||||
defenum(ApplicationDeviceActivationStatus, [
|
||||
"success",
|
||||
"pending",
|
||||
"incorrect_device_code",
|
||||
"access_denied"
|
||||
])
|
||||
|
||||
defenum(ApplicationTokenStatus, [
|
||||
"success",
|
||||
"pending",
|
||||
"access_denied"
|
||||
])
|
||||
|
||||
@doc """
|
||||
Returns the list of applications.
|
||||
|
||||
|
@ -255,4 +269,129 @@ defmodule Mobilizon.Applications do
|
|||
def change_application_token(%ApplicationToken{} = application_token, attrs \\ %{}) do
|
||||
ApplicationToken.changeset(application_token, attrs)
|
||||
end
|
||||
|
||||
alias Mobilizon.Applications.ApplicationDeviceActivation
|
||||
|
||||
@doc """
|
||||
Returns the list of application_device_activation.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> list_application_device_activation()
|
||||
[%ApplicationDeviceActivation{}, ...]
|
||||
|
||||
"""
|
||||
def list_application_device_activation do
|
||||
Repo.all(ApplicationDeviceActivation)
|
||||
end
|
||||
|
||||
@doc """
|
||||
Gets a single application_device_activation.
|
||||
|
||||
Raises `Ecto.NoResultsError` if the Application device activation does not exist.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> get_application_device_activation!(123)
|
||||
%ApplicationDeviceActivation{}
|
||||
|
||||
iex> get_application_device_activation!(456)
|
||||
** (Ecto.NoResultsError)
|
||||
|
||||
"""
|
||||
def get_application_device_activation!(id), do: Repo.get!(ApplicationDeviceActivation, id)
|
||||
|
||||
def get_application_device_activation(id), do: Repo.get(ApplicationDeviceActivation, id)
|
||||
|
||||
def get_application_device_activation_by_user_code(user_code),
|
||||
do: Repo.get_by(ApplicationDeviceActivation, user_code: user_code)
|
||||
|
||||
def get_application_device_activation(client_id, device_code) do
|
||||
ApplicationDeviceActivation
|
||||
|> join(:left, [ada], a in assoc(ada, :application))
|
||||
|> where([_, a], a.client_id == ^client_id)
|
||||
|> where([ada], ada.device_code == ^device_code)
|
||||
|> select([ada], ada)
|
||||
|> Repo.one()
|
||||
end
|
||||
|
||||
@doc """
|
||||
Creates a application_device_activation.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> create_application_device_activation(%{field: value})
|
||||
{:ok, %ApplicationDeviceActivation{}}
|
||||
|
||||
iex> create_application_device_activation(%{field: bad_value})
|
||||
{:error, %Ecto.Changeset{}}
|
||||
|
||||
"""
|
||||
def create_application_device_activation(attrs \\ %{}) do
|
||||
%ApplicationDeviceActivation{}
|
||||
|> ApplicationDeviceActivation.changeset(attrs)
|
||||
|> Repo.insert()
|
||||
end
|
||||
|
||||
@doc """
|
||||
Updates a application_device_activation.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> update_application_device_activation(application_device_activation, %{field: new_value})
|
||||
{:ok, %ApplicationDeviceActivation{}}
|
||||
|
||||
iex> update_application_device_activation(application_device_activation, %{field: bad_value})
|
||||
{:error, %Ecto.Changeset{}}
|
||||
|
||||
"""
|
||||
def update_application_device_activation(
|
||||
%ApplicationDeviceActivation{} = application_device_activation,
|
||||
attrs
|
||||
) do
|
||||
application_device_activation
|
||||
|> ApplicationDeviceActivation.changeset(attrs)
|
||||
|> Repo.update()
|
||||
|> case do
|
||||
{:ok, application_device_activation} ->
|
||||
{:ok, Repo.preload(application_device_activation, :application)}
|
||||
|
||||
error ->
|
||||
error
|
||||
end
|
||||
end
|
||||
|
||||
@doc """
|
||||
Deletes a application_device_activation.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> delete_application_device_activation(application_device_activation)
|
||||
{:ok, %ApplicationDeviceActivation{}}
|
||||
|
||||
iex> delete_application_device_activation(application_device_activation)
|
||||
{:error, %Ecto.Changeset{}}
|
||||
|
||||
"""
|
||||
def delete_application_device_activation(
|
||||
%ApplicationDeviceActivation{} = application_device_activation
|
||||
) do
|
||||
Repo.delete(application_device_activation)
|
||||
end
|
||||
|
||||
@doc """
|
||||
Returns an `%Ecto.Changeset{}` for tracking application_device_activation changes.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> change_application_device_activation(application_device_activation)
|
||||
%Ecto.Changeset{data: %ApplicationDeviceActivation{}}
|
||||
|
||||
"""
|
||||
def change_application_device_activation(
|
||||
%ApplicationDeviceActivation{} = application_device_activation,
|
||||
attrs \\ %{}
|
||||
) do
|
||||
ApplicationDeviceActivation.changeset(application_device_activation, attrs)
|
||||
end
|
||||
end
|
||||
|
|
32
lib/mobilizon/applications/application_device_activation.ex
Normal file
32
lib/mobilizon/applications/application_device_activation.ex
Normal file
|
@ -0,0 +1,32 @@
|
|||
defmodule Mobilizon.Applications.ApplicationDeviceActivation do
|
||||
@moduledoc """
|
||||
Module representing a application device activation
|
||||
"""
|
||||
use Ecto.Schema
|
||||
import Ecto.Changeset
|
||||
alias Mobilizon.Applications.{Application, ApplicationDeviceActivationStatus}
|
||||
alias Mobilizon.Users.User
|
||||
|
||||
schema "application_device_activation" do
|
||||
field(:user_code, :string)
|
||||
field(:device_code, :string)
|
||||
field(:scope, :string)
|
||||
field(:expires_in, :integer)
|
||||
field(:status, ApplicationDeviceActivationStatus, default: :pending)
|
||||
belongs_to(:user, User)
|
||||
belongs_to(:application, Application)
|
||||
|
||||
timestamps()
|
||||
end
|
||||
|
||||
@required_attrs [:user_code, :device_code, :expires_in, :application_id]
|
||||
@optional_attrs [:status, :user_id]
|
||||
@attrs @required_attrs ++ @optional_attrs
|
||||
|
||||
@doc false
|
||||
def changeset(application_device_activation, attrs) do
|
||||
application_device_activation
|
||||
|> cast(attrs, @attrs)
|
||||
|> validate_required(@required_attrs)
|
||||
end
|
||||
end
|
|
@ -4,16 +4,20 @@ defmodule Mobilizon.Applications.ApplicationToken do
|
|||
"""
|
||||
use Ecto.Schema
|
||||
import Ecto.Changeset
|
||||
alias Mobilizon.Applications.{Application, ApplicationTokenStatus}
|
||||
alias Mobilizon.Users.User
|
||||
|
||||
schema "application_tokens" do
|
||||
belongs_to(:user, Mobilizon.Users.User)
|
||||
belongs_to(:application, Mobilizon.Applications.Application)
|
||||
belongs_to(:user, User)
|
||||
belongs_to(:application, Application)
|
||||
field(:authorization_code, :string)
|
||||
field(:status, ApplicationTokenStatus)
|
||||
field(:scope, :string)
|
||||
|
||||
timestamps()
|
||||
end
|
||||
|
||||
@required_attrs [:user_id, :application_id]
|
||||
@required_attrs [:user_id, :application_id, :scope]
|
||||
@optional_attrs [:authorization_code]
|
||||
@attrs @required_attrs ++ @optional_attrs
|
||||
|
||||
|
|
|
@ -3,8 +3,10 @@ defmodule Mobilizon.Service.Auth.Applications do
|
|||
Module to handle applications management
|
||||
"""
|
||||
alias Mobilizon.Applications
|
||||
alias Mobilizon.Applications.{Application, ApplicationToken}
|
||||
alias Mobilizon.Applications.{Application, ApplicationDeviceActivation, ApplicationToken}
|
||||
alias Mobilizon.Service.Auth.Authenticator
|
||||
alias Mobilizon.Users.User
|
||||
alias Mobilizon.Web.Router.Helpers, as: Routes
|
||||
|
||||
@app_access_tokens_ttl {8, :hour}
|
||||
@app_refresh_tokens_ttl {26, :week}
|
||||
|
@ -58,6 +60,15 @@ defmodule Mobilizon.Service.Auth.Applications do
|
|||
end
|
||||
end
|
||||
|
||||
def autorize_device_application(client_id, user_code) do
|
||||
case Applications.get_application_device_activation(client_id, user_code) do
|
||||
%ApplicationDeviceActivation{status: :confirmed} = app_device_activation ->
|
||||
Applications.update_application_device_activation(app_device_activation, %{
|
||||
status: :success
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
@spec generate_access_token(String.t(), String.t(), String.t(), String.t()) ::
|
||||
{:ok, access_token_details()}
|
||||
| {:error,
|
||||
|
@ -118,6 +129,126 @@ defmodule Mobilizon.Service.Auth.Applications do
|
|||
end
|
||||
end
|
||||
|
||||
def generate_access_token(client_id, device_code) do
|
||||
case Applications.get_application_device_activation(client_id, device_code) do
|
||||
%ApplicationDeviceActivation{status: :success, scope: scope, user_id: user_id} =
|
||||
app_device_activation ->
|
||||
if device_activation_expired?(app_device_activation) do
|
||||
{:error, :expired}
|
||||
else
|
||||
%Application{id: app_id} = Applications.get_application_by_client_id(client_id)
|
||||
|
||||
{:ok, %ApplicationToken{} = app_token} =
|
||||
Applications.create_application_token(%{
|
||||
user_id: user_id,
|
||||
application_id: app_id,
|
||||
authorization_code: nil,
|
||||
scope: scope
|
||||
})
|
||||
|
||||
{:ok, access_token} =
|
||||
Authenticator.generate_access_token(app_token, @app_access_tokens_ttl)
|
||||
|
||||
{:ok, refresh_token} =
|
||||
Authenticator.generate_refresh_token(app_token, @app_refresh_tokens_ttl)
|
||||
|
||||
{:ok,
|
||||
%{
|
||||
access_token: access_token,
|
||||
expires_in: ttl_to_seconds(@app_access_tokens_ttl),
|
||||
refresh_token: refresh_token,
|
||||
refresh_token_expires_in: ttl_to_seconds(@app_refresh_tokens_ttl),
|
||||
scope: scope,
|
||||
token_type: "bearer"
|
||||
}}
|
||||
end
|
||||
|
||||
%ApplicationDeviceActivation{status: :incorrect_device_code} ->
|
||||
{:error, :incorrect_device_code}
|
||||
|
||||
%ApplicationDeviceActivation{status: :access_denied} ->
|
||||
{:error, :access_denied}
|
||||
|
||||
err ->
|
||||
require Logger
|
||||
Logger.error(inspect(err))
|
||||
{:error, :incorrect_device_code}
|
||||
end
|
||||
end
|
||||
|
||||
@chars "ABCDEFGHIJKLMNOPQRSTUVWXYZ" |> String.split("", trim: true)
|
||||
|
||||
defp string_of_length(length) do
|
||||
1..length
|
||||
|> Enum.reduce([], fn _i, acc ->
|
||||
[Enum.random(@chars) | acc]
|
||||
end)
|
||||
|> Enum.join("")
|
||||
end
|
||||
|
||||
@expires_in 900
|
||||
@interval 5
|
||||
|
||||
@spec register_device_code(String.t(), String.t() | nil) ::
|
||||
{:ok, ApplicationDeviceActivation.t()}
|
||||
| {:error, Ecto.Changeset.t()}
|
||||
def register_device_code(client_id, scope) do
|
||||
%Application{} = application = Applications.get_application_by_client_id(client_id)
|
||||
device_code = string_of_length(40)
|
||||
user_code = string_of_length(8)
|
||||
verification_uri = Routes.page_url(Mobilizon.Web.Endpoint, :auth_device)
|
||||
expires_in = @expires_in
|
||||
interval = @interval
|
||||
|
||||
case Applications.create_application_device_activation(%{
|
||||
device_code: device_code,
|
||||
user_code: user_code,
|
||||
expires_in: expires_in,
|
||||
application_id: application.id,
|
||||
scope: scope
|
||||
}) do
|
||||
{:ok, %ApplicationDeviceActivation{} = application_device_activation} ->
|
||||
{:ok,
|
||||
application_device_activation
|
||||
|> Map.from_struct()
|
||||
|> Map.take([:device_code, :user_code, :expires_in])
|
||||
|> Map.update!(:user_code, &user_code_displayed/1)
|
||||
|> Map.merge(%{
|
||||
interval: interval,
|
||||
verification_uri: verification_uri
|
||||
})}
|
||||
|
||||
{:error, %Ecto.Changeset{} = err} ->
|
||||
{:error, err}
|
||||
end
|
||||
end
|
||||
|
||||
@spec activate_device(String.t(), User.t()) ::
|
||||
{:ok, ApplicationDeviceActivation.t()}
|
||||
| {:error, Ecto.Changeset.t()}
|
||||
| {:error, :not_found}
|
||||
| {:error, :expired}
|
||||
def activate_device(user_code, user) do
|
||||
case Applications.get_application_device_activation_by_user_code(user_code) do
|
||||
%ApplicationDeviceActivation{} = app_device_activation ->
|
||||
if device_activation_expired?(app_device_activation) do
|
||||
{:error, :expired}
|
||||
else
|
||||
Applications.update_application_device_activation(app_device_activation, %{
|
||||
status: :confirmed,
|
||||
user_id: user.id
|
||||
})
|
||||
end
|
||||
|
||||
_ ->
|
||||
{:error, :not_found}
|
||||
end
|
||||
end
|
||||
|
||||
defp user_code_displayed(user_code) do
|
||||
String.slice(user_code, 0..3) <> "-" <> String.slice(user_code, 4..7)
|
||||
end
|
||||
|
||||
def revoke_application_token(%ApplicationToken{} = app_token) do
|
||||
Applications.revoke_application_token(app_token)
|
||||
end
|
||||
|
@ -127,4 +258,13 @@ defmodule Mobilizon.Service.Auth.Applications do
|
|||
defp ttl_to_seconds({value, :minute}), do: value * 60
|
||||
defp ttl_to_seconds({value, :hour}), do: value * 3600
|
||||
defp ttl_to_seconds({value, :week}), do: value * 604_800
|
||||
|
||||
@spec device_activation_expired?(ApplicationDeviceActivation.t()) :: boolean()
|
||||
defp device_activation_expired?(%ApplicationDeviceActivation{
|
||||
inserted_at: inserted_at,
|
||||
expires_in: expires_in
|
||||
}) do
|
||||
NaiveDateTime.compare(NaiveDateTime.add(inserted_at, expires_in), NaiveDateTime.utc_now()) ==
|
||||
:gt
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
defmodule Mobilizon.Web.ApplicationController do
|
||||
use Mobilizon.Web, :controller
|
||||
|
||||
alias Mobilizon.Applications.Application
|
||||
alias Mobilizon.Applications.{Application, ApplicationDeviceActivation}
|
||||
alias Mobilizon.Service.Auth.Applications
|
||||
plug(:put_layout, false)
|
||||
import Mobilizon.Web.Gettext, only: [dgettext: 2]
|
||||
|
||||
@out_of_band_redirect_uri "urn:ietf:wg:oauth:2.0:oob"
|
||||
require Logger
|
||||
|
||||
@doc """
|
||||
Create an application
|
||||
|
@ -84,6 +83,27 @@ defmodule Mobilizon.Web.ApplicationController do
|
|||
end
|
||||
end
|
||||
|
||||
def device_code(conn, %{"client_id" => client_id} = args) do
|
||||
case Applications.register_device_code(client_id, Map.get(args, "scope")) do
|
||||
{:ok, res} when is_map(res) ->
|
||||
case get_format(conn) do
|
||||
"json" ->
|
||||
json(conn, res)
|
||||
|
||||
_ ->
|
||||
send_resp(conn, 200, URI.encode_query(res))
|
||||
end
|
||||
|
||||
{:error, %Ecto.Changeset{} = err} ->
|
||||
Logger.error(inspect(err))
|
||||
send_resp(conn, 500, "Unable to produce device code")
|
||||
end
|
||||
end
|
||||
|
||||
def device_code(conn, _args) do
|
||||
send_resp(conn, 400, "You need to send to send at least client_id to obtain a device code")
|
||||
end
|
||||
|
||||
@spec generate_access_token(Plug.Conn.t(), map()) :: Plug.Conn.t()
|
||||
def generate_access_token(conn, %{
|
||||
"client_id" => client_id,
|
||||
|
@ -93,11 +113,7 @@ defmodule Mobilizon.Web.ApplicationController do
|
|||
}) do
|
||||
case Applications.generate_access_token(client_id, client_secret, code, redirect_uri) do
|
||||
{:ok, token} ->
|
||||
if redirect_uri != @out_of_band_redirect_uri do
|
||||
redirect(conn, external: generate_redirect_with_query_params(redirect_uri, token))
|
||||
else
|
||||
json(conn, token)
|
||||
end
|
||||
redirect(conn, external: generate_redirect_with_query_params(redirect_uri, token))
|
||||
|
||||
{:error, :application_not_found} ->
|
||||
send_resp(conn, 400, dgettext("errors", "No application was found with this client_id"))
|
||||
|
@ -123,6 +139,27 @@ defmodule Mobilizon.Web.ApplicationController do
|
|||
end
|
||||
end
|
||||
|
||||
def generate_access_token(conn, %{
|
||||
"client_id" => client_id,
|
||||
"device_code" => device_code,
|
||||
"grant_type" => "urn:ietf:params:oauth:grant-type:device_code",
|
||||
"_format" => "json"
|
||||
}) do
|
||||
json(conn, Applications.generate_access_token(client_id, device_code))
|
||||
end
|
||||
|
||||
def generate_access_token(conn, %{
|
||||
"client_id" => client_id,
|
||||
"device_code" => device_code,
|
||||
"grant_type" => "urn:ietf:params:oauth:grant-type:device_code"
|
||||
}) do
|
||||
send_resp(
|
||||
conn,
|
||||
200,
|
||||
URI.encode_query(Applications.generate_access_token(client_id, device_code))
|
||||
)
|
||||
end
|
||||
|
||||
@spec generate_redirect_with_query_params(String.t(), map()) :: String.t()
|
||||
defp generate_redirect_with_query_params(redirect_uri, query_params) do
|
||||
redirect_uri |> URI.parse() |> URI.merge("?" <> URI.encode_query(query_params)) |> to_string()
|
||||
|
|
|
@ -124,6 +124,9 @@ defmodule Mobilizon.Web.PageController do
|
|||
@spec authorize(Plug.Conn.t(), any) :: Plug.Conn.t()
|
||||
def authorize(conn, _params), do: render(conn, :index)
|
||||
|
||||
@spec auth_device(Plug.Conn.t(), any) :: Plug.Conn.t()
|
||||
def auth_device(conn, _params), do: render(conn, :index)
|
||||
|
||||
@spec handle_collection_route(Plug.Conn.t(), collections()) :: Plug.Conn.t()
|
||||
defp handle_collection_route(conn, collection) do
|
||||
case get_format(conn) do
|
||||
|
|
|
@ -210,6 +210,17 @@ defmodule Mobilizon.Web.Router do
|
|||
get("/oauth/authorize", ApplicationController, :authorize)
|
||||
post("/oauth/token", ApplicationController, :generate_access_token)
|
||||
get("/oauth/autorize_approve", PageController, :authorize)
|
||||
get("/login/device", PageController, :auth_device)
|
||||
end
|
||||
|
||||
pipeline :login do
|
||||
plug(:accepts, ["html", "json"])
|
||||
end
|
||||
|
||||
scope "/login", Mobilizon.Web do
|
||||
pipe_through(:login)
|
||||
|
||||
post("/device/code", ApplicationController, :device_code)
|
||||
end
|
||||
|
||||
scope "/proxy/", Mobilizon.Web do
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
defmodule Mobilizon.Storage.Repo.Migrations.AddDeviceFlowSupport do
|
||||
use Ecto.Migration
|
||||
|
||||
def change do
|
||||
alter table(:application_tokens) do
|
||||
add(:status, :string, default: :pending, null: false)
|
||||
add(:scope, :string)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,16 @@
|
|||
defmodule Mobilizon.Repo.Migrations.CreateApplicationDeviceActivation do
|
||||
use Ecto.Migration
|
||||
|
||||
def change do
|
||||
create table(:application_device_activation) do
|
||||
add(:user_code, :string)
|
||||
add(:device_code, :string)
|
||||
add(:scope, :string)
|
||||
add(:expires_in, :integer)
|
||||
add(:status, :string, default: "pending")
|
||||
add(:user_id, references(:users, on_delete: :delete_all), null: true)
|
||||
add(:application_id, references(:applications, on_delete: :delete_all), null: false)
|
||||
timestamps()
|
||||
end
|
||||
end
|
||||
end
|
|
@ -143,4 +143,78 @@ defmodule Mobilizon.ApplicationsTest do
|
|||
assert %Ecto.Changeset{} = Applications.change_application_token(application_token)
|
||||
end
|
||||
end
|
||||
|
||||
describe "application_device_activation" do
|
||||
alias Mobilizon.Applications.ApplicationDeviceActivation
|
||||
|
||||
import Mobilizon.ApplicationsFixtures
|
||||
|
||||
@invalid_attrs %{}
|
||||
|
||||
test "list_application_device_activation/0 returns all application_device_activation" do
|
||||
application_device_activation = application_device_activation_fixture()
|
||||
assert Applications.list_application_device_activation() == [application_device_activation]
|
||||
end
|
||||
|
||||
test "get_application_device_activation!/1 returns the application_device_activation with given id" do
|
||||
application_device_activation = application_device_activation_fixture()
|
||||
|
||||
assert Applications.get_application_device_activation!(application_device_activation.id) ==
|
||||
application_device_activation
|
||||
end
|
||||
|
||||
test "create_application_device_activation/1 with valid data creates a application_device_activation" do
|
||||
valid_attrs = %{}
|
||||
|
||||
assert {:ok, %ApplicationDeviceActivation{} = application_device_activation} =
|
||||
Applications.create_application_device_activation(valid_attrs)
|
||||
end
|
||||
|
||||
test "create_application_device_activation/1 with invalid data returns error changeset" do
|
||||
assert {:error, %Ecto.Changeset{}} =
|
||||
Applications.create_application_device_activation(@invalid_attrs)
|
||||
end
|
||||
|
||||
test "update_application_device_activation/2 with valid data updates the application_device_activation" do
|
||||
application_device_activation = application_device_activation_fixture()
|
||||
update_attrs = %{}
|
||||
|
||||
assert {:ok, %ApplicationDeviceActivation{} = application_device_activation} =
|
||||
Applications.update_application_device_activation(
|
||||
application_device_activation,
|
||||
update_attrs
|
||||
)
|
||||
end
|
||||
|
||||
test "update_application_device_activation/2 with invalid data returns error changeset" do
|
||||
application_device_activation = application_device_activation_fixture()
|
||||
|
||||
assert {:error, %Ecto.Changeset{}} =
|
||||
Applications.update_application_device_activation(
|
||||
application_device_activation,
|
||||
@invalid_attrs
|
||||
)
|
||||
|
||||
assert application_device_activation ==
|
||||
Applications.get_application_device_activation!(application_device_activation.id)
|
||||
end
|
||||
|
||||
test "delete_application_device_activation/1 deletes the application_device_activation" do
|
||||
application_device_activation = application_device_activation_fixture()
|
||||
|
||||
assert {:ok, %ApplicationDeviceActivation{}} =
|
||||
Applications.delete_application_device_activation(application_device_activation)
|
||||
|
||||
assert_raise Ecto.NoResultsError, fn ->
|
||||
Applications.get_application_device_activation!(application_device_activation.id)
|
||||
end
|
||||
end
|
||||
|
||||
test "change_application_device_activation/1 returns a application_device_activation changeset" do
|
||||
application_device_activation = application_device_activation_fixture()
|
||||
|
||||
assert %Ecto.Changeset{} =
|
||||
Applications.change_application_device_activation(application_device_activation)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -40,4 +40,16 @@ defmodule Mobilizon.ApplicationsFixtures do
|
|||
|
||||
application_token
|
||||
end
|
||||
|
||||
@doc """
|
||||
Generate a application_device_activation.
|
||||
"""
|
||||
def application_device_activation_fixture(attrs \\ %{}) do
|
||||
{:ok, application_device_activation} =
|
||||
attrs
|
||||
|> Enum.into(%{})
|
||||
|> Mobilizon.Applications.create_application_device_activation()
|
||||
|
||||
application_device_activation
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue