tommy/mobilizon
1
0
Fork 0
forked from potsda.mn/mobilizon
Code Pull requests Activity
mobilizon/lib/graphql/resolvers/application.ex
Thomas Citharel 9a457fb011
fix(apps): fix device flow authorization process 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2023-05-30 14:24:52 +02:00

165 lines
5 KiB
Elixir
Raw Permalink Blame History

defmodule Mobilizon.GraphQL.Resolvers.Application do
@moduledoc """
Handles the Application-related GraphQL calls.
"""
alias Mobilizon.Applications, as: ApplicationManager
alias Mobilizon.Applications.{Application, ApplicationDeviceActivation, ApplicationToken}
alias Mobilizon.GraphQL.Error
alias Mobilizon.Service.Auth.Applications
alias Mobilizon.Users.User
import Mobilizon.Web.Gettext, only: [dgettext: 2]
require Logger
@doc """
Authorize an application
"""
@spec authorize(any(), map(), Absinthe.Resolution.t()) :: {:ok, map()} | {:error, String.t()}
def authorize(
_parent,
%{client_id: client_id, redirect_uri: redirect_uri, scope: scope} = args,
%{context: %{current_user: %User{id: user_id}}}
) do
case Applications.autorize(client_id, redirect_uri, scope, user_id) do
{:ok,
%ApplicationToken{
application: %Application{client_id: client_id},
scope: scope,
authorization_code: code
}} ->
{:ok, %{code: code, state: Map.get(args, :state), client_id: client_id, scope: scope}}
{:error, %Ecto.Changeset{} = err} ->
{:error, err}
{:error, :application_not_found} ->
{:error,
dgettext(
"errors",
"No application with this client_id was found"
)}
{:error, :redirect_uri_not_in_allowed} ->
{:error,
dgettext(
"errors",
"The given redirect_uri is not in the list of allowed redirect URIs"
)}
end
end
def authorize(_parent, _args, _context) do
{:error, :unauthenticated}
end
@spec get_application(any(), map(), Absinthe.Resolution.t()) ::
{:ok, Application.t()} | {:error, :application_not_found | :unauthenticated}
def get_application(_parent, %{client_id: client_id}, %{context: %{current_user: %User{}}}) do
case ApplicationManager.get_application_by_client_id(client_id) do
%Application{} = application ->
{:ok, application}
nil ->
{:error, :application_not_found}
end
end
def get_application(_parent, _args, _resolution) do
{:error, :unauthenticated}
end
def get_user_applications(_parent, _args, %{context: %{current_user: %User{id: user_id}}}) do
{:ok, ApplicationManager.list_application_tokens_for_user_id(user_id)}
end
def get_user_applications(_parent, _args, _resolution) do
{:error, :unauthenticated}
end
def revoke_application_token(_parent, %{app_token_id: app_token_id}, %{
context: %{current_user: %User{id: user_id}}
}) do
case ApplicationManager.get_application_token(app_token_id) do
%ApplicationToken{user_id: ^user_id} = app_token ->
case Applications.revoke_application_token(app_token) do
{:ok, %{delete_app_token: app_token, delete_guardian_tokens: _delete_guardian_tokens}} ->
{:ok, %{id: app_token.id}}
{:error, _, _, _} ->
{:error, dgettext("errors", "Error while revoking token")}
end
_ ->
{:error, :application_token_not_found}
end
end
def revoke_application_token(_parent, _args, _resolution) do
{:error, :unauthenticated}
end
def activate_device(_parent, %{user_code: user_code}, %{
context: %{current_user: %User{} = user}
}) do
case Applications.activate_device(user_code, user) do
{:ok, %ApplicationDeviceActivation{} = app_device_activation} ->
{:ok, app_device_activation |> Map.from_struct() |> Map.take([:application, :id, :scope])}
{:error, :expired} ->
{:error,
%Error{
message: dgettext("errors", "The given user code has expired"),
status_code: 400,
code: :device_application_code_expired
}}
{:error, :not_found} ->
{:error, dgettext("errors", "The given user code is invalid")}
end
end
def activate_device(_parent, _args, _resolution) do
{:error, :unauthenticated}
end
@spec authorize_device_application(any(), map(), Absinthe.Resolution.t()) ::
{:ok, map()} | {:error, String.t()}
def authorize_device_application(
_parent,
%{client_id: client_id, user_code: user_code},
%{context: %{current_user: %User{}}}
) do
case Applications.autorize_device_application(client_id, user_code) do
{:ok, %ApplicationDeviceActivation{application: app}} ->
{:ok, app}
{:error, :not_confirmed} ->
{:error,
dgettext(
"errors",
"The device user code was not provided before approving the application"
)}
{:error, :not_found} ->
{:error,
dgettext(
"errors",
"The given user code is invalid"
)}
{:error, :expired} ->
{:error,
%Error{
message: dgettext("errors", "The given user code has expired"),
status_code: 400,
code: :device_application_code_expired
}}
end
end
def authorize_device_application(_parent, _args, _resolution) do
{:error, :unauthenticated}
end
end
View git blame Copy permalink