From 1097ce6d9f06a7552652c5990cee12e7b7b3cc59 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 21 Feb 2019 18:55:19 +0300 Subject: [PATCH 1/5] Auth customization support. OAuthController#create_authorization user retrieval / creation, errors handling, template & layout selection. --- lib/pleroma/web/oauth.ex | 8 +++++++ lib/pleroma/web/oauth/authenticator.ex | 22 +++++++++++++++++++ .../web/oauth/authenticator_adapter.ex | 7 ++++++ lib/pleroma/web/oauth/oauth_controller.ex | 17 +++++++------- lib/pleroma/web/web.ex | 2 ++ 5 files changed, 48 insertions(+), 8 deletions(-) create mode 100644 lib/pleroma/web/oauth/authenticator.ex create mode 100644 lib/pleroma/web/oauth/authenticator_adapter.ex diff --git a/lib/pleroma/web/oauth.ex b/lib/pleroma/web/oauth.ex index d2835a0ba..f3bac33c8 100644 --- a/lib/pleroma/web/oauth.ex +++ b/lib/pleroma/web/oauth.ex @@ -3,6 +3,14 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.OAuth do + @authenticator Application.get_env( + :pleroma, + Pleroma.Web.AuthenticatorAdapter, + Pleroma.Web.Authenticator + ) + + def authenticator, do: @authenticator + def parse_scopes(scopes, _default) when is_list(scopes) do Enum.filter(scopes, &(&1 not in [nil, ""])) end diff --git a/lib/pleroma/web/oauth/authenticator.ex b/lib/pleroma/web/oauth/authenticator.ex new file mode 100644 index 000000000..86bbc41f0 --- /dev/null +++ b/lib/pleroma/web/oauth/authenticator.ex @@ -0,0 +1,22 @@ +defmodule Pleroma.Web.Authenticator do + alias Pleroma.User + alias Comeonin.Pbkdf2 + + @behaviour Pleroma.Web.AuthenticatorAdapter + + def get_user(%Plug.Conn{} = conn) do + %{"authorization" => %{"name" => name, "password" => password}} = conn.params + + with {_, %User{} = user} <- {:user, User.get_by_nickname_or_email(name)}, + {_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do + {:ok, user} + else + error -> + {:error, error} + end + end + + def handle_error(%Plug.Conn{} = _conn, error) do + error + end +end diff --git a/lib/pleroma/web/oauth/authenticator_adapter.ex b/lib/pleroma/web/oauth/authenticator_adapter.ex new file mode 100644 index 000000000..282963b1c --- /dev/null +++ b/lib/pleroma/web/oauth/authenticator_adapter.ex @@ -0,0 +1,7 @@ +defmodule Pleroma.Web.AuthenticatorAdapter do + alias Pleroma.User + + @callback get_user(Plug.Conn.t()) :: {:ok, User.t()} | {:error, any()} + + @callback handle_error(Plug.Conn.t(), any()) :: any() +end diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 7c1a3adbd..abe6fd2f2 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do use Pleroma.Web, :controller + alias Pleroma.Web.OAuth alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Token alias Pleroma.Web.OAuth.App @@ -24,27 +25,27 @@ defmodule Pleroma.Web.OAuth.OAuthController do available_scopes = (app && app.scopes) || [] scopes = oauth_scopes(params, nil) || available_scopes - render(conn, "show.html", %{ + template = Application.get_env(:pleroma, :auth_template, "show.html") + + render(conn, template, %{ response_type: params["response_type"], client_id: params["client_id"], available_scopes: available_scopes, scopes: scopes, redirect_uri: params["redirect_uri"], - state: params["state"] + state: params["state"], + params: params }) end def create_authorization(conn, %{ "authorization" => %{ - "name" => name, - "password" => password, "client_id" => client_id, "redirect_uri" => redirect_uri } = auth_params }) do - with %User{} = user <- User.get_by_nickname_or_email(name), - true <- Pbkdf2.checkpw(password, user.password_hash), + with {_, {:ok, %User{} = user}} <- {:get_user, OAuth.authenticator().get_user(conn)}, %App{} = app <- Repo.get_by(App, client_id: client_id), true <- redirect_uri in String.split(app.redirect_uris), scopes <- oauth_scopes(auth_params, []), @@ -53,9 +54,9 @@ defmodule Pleroma.Web.OAuth.OAuthController do {:missing_scopes, false} <- {:missing_scopes, scopes == []}, {:auth_active, true} <- {:auth_active, User.auth_active?(user)}, {:ok, auth} <- Authorization.create_authorization(app, user, scopes) do - # Special case: Local MastodonFE. redirect_uri = if redirect_uri == "." do + # Special case: Local MastodonFE mastodon_api_url(conn, :login) else redirect_uri @@ -97,7 +98,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do |> authorize(auth_params) error -> - error + OAuth.authenticator().handle_error(conn, error) end end diff --git a/lib/pleroma/web/web.ex b/lib/pleroma/web/web.ex index 853aa2a87..4f618743d 100644 --- a/lib/pleroma/web/web.ex +++ b/lib/pleroma/web/web.ex @@ -26,6 +26,8 @@ defmodule Pleroma.Web do import Plug.Conn import Pleroma.Web.Gettext import Pleroma.Web.Router.Helpers + + plug(:put_layout, Application.get_env(:pleroma, :app_template, "app.html")) end end From afddce45b3d4d9ea61620c941838a372ca225825 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 22 Feb 2019 11:10:17 +0300 Subject: [PATCH 2/5] Minor setting name adjustment (:app_template -> :app_layout). --- lib/pleroma/web/web.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/web.ex b/lib/pleroma/web/web.ex index 4f618743d..4bf07a6ef 100644 --- a/lib/pleroma/web/web.ex +++ b/lib/pleroma/web/web.ex @@ -27,7 +27,7 @@ defmodule Pleroma.Web do import Pleroma.Web.Gettext import Pleroma.Web.Router.Helpers - plug(:put_layout, Application.get_env(:pleroma, :app_template, "app.html")) + plug(:put_layout, Application.get_env(:pleroma, :app_layout, "app.html")) end end From e82b70eb530293c3dfe8597c4100320fba96e479 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 26 Feb 2019 15:27:01 +0300 Subject: [PATCH 3/5] Database authenticator behaviour / Pleroma implementation refactoring. --- lib/pleroma/web/auth/database_authenticator.ex | 14 ++++++++++++++ .../pleroma_database_authenticator.ex} | 4 ++-- lib/pleroma/web/oauth.ex | 8 -------- lib/pleroma/web/oauth/authenticator_adapter.ex | 7 ------- lib/pleroma/web/oauth/oauth_controller.ex | 6 +++--- 5 files changed, 19 insertions(+), 20 deletions(-) create mode 100644 lib/pleroma/web/auth/database_authenticator.ex rename lib/pleroma/web/{oauth/authenticator.ex => auth/pleroma_database_authenticator.ex} (81%) delete mode 100644 lib/pleroma/web/oauth/authenticator_adapter.ex diff --git a/lib/pleroma/web/auth/database_authenticator.ex b/lib/pleroma/web/auth/database_authenticator.ex new file mode 100644 index 000000000..69024a4ba --- /dev/null +++ b/lib/pleroma/web/auth/database_authenticator.ex @@ -0,0 +1,14 @@ +defmodule Pleroma.Web.Auth.DatabaseAuthenticator do + alias Pleroma.User + + @implementation Pleroma.Config.get( + Pleroma.Web.Auth.DatabaseAuthenticator, + Pleroma.Web.Auth.PleromaDatabaseAuthenticator + ) + + @callback get_user(Plug.Conn.t()) :: {:ok, User.t()} | {:error, any()} + defdelegate get_user(plug), to: @implementation + + @callback handle_error(Plug.Conn.t(), any()) :: any() + defdelegate handle_error(plug, error), to: @implementation +end diff --git a/lib/pleroma/web/oauth/authenticator.ex b/lib/pleroma/web/auth/pleroma_database_authenticator.ex similarity index 81% rename from lib/pleroma/web/oauth/authenticator.ex rename to lib/pleroma/web/auth/pleroma_database_authenticator.ex index 86bbc41f0..79a8dcfce 100644 --- a/lib/pleroma/web/oauth/authenticator.ex +++ b/lib/pleroma/web/auth/pleroma_database_authenticator.ex @@ -1,8 +1,8 @@ -defmodule Pleroma.Web.Authenticator do +defmodule Pleroma.Web.Auth.PleromaDatabaseAuthenticator do alias Pleroma.User alias Comeonin.Pbkdf2 - @behaviour Pleroma.Web.AuthenticatorAdapter + @behaviour Pleroma.Web.Auth.DatabaseAuthenticator def get_user(%Plug.Conn{} = conn) do %{"authorization" => %{"name" => name, "password" => password}} = conn.params diff --git a/lib/pleroma/web/oauth.ex b/lib/pleroma/web/oauth.ex index f3bac33c8..d2835a0ba 100644 --- a/lib/pleroma/web/oauth.ex +++ b/lib/pleroma/web/oauth.ex @@ -3,14 +3,6 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.OAuth do - @authenticator Application.get_env( - :pleroma, - Pleroma.Web.AuthenticatorAdapter, - Pleroma.Web.Authenticator - ) - - def authenticator, do: @authenticator - def parse_scopes(scopes, _default) when is_list(scopes) do Enum.filter(scopes, &(&1 not in [nil, ""])) end diff --git a/lib/pleroma/web/oauth/authenticator_adapter.ex b/lib/pleroma/web/oauth/authenticator_adapter.ex deleted file mode 100644 index 282963b1c..000000000 --- a/lib/pleroma/web/oauth/authenticator_adapter.ex +++ /dev/null @@ -1,7 +0,0 @@ -defmodule Pleroma.Web.AuthenticatorAdapter do - alias Pleroma.User - - @callback get_user(Plug.Conn.t()) :: {:ok, User.t()} | {:error, any()} - - @callback handle_error(Plug.Conn.t(), any()) :: any() -end diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index abe6fd2f2..02c0babd2 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -5,7 +5,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do use Pleroma.Web, :controller - alias Pleroma.Web.OAuth + alias Pleroma.Web.Auth.DatabaseAuthenticator alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Token alias Pleroma.Web.OAuth.App @@ -45,7 +45,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do "redirect_uri" => redirect_uri } = auth_params }) do - with {_, {:ok, %User{} = user}} <- {:get_user, OAuth.authenticator().get_user(conn)}, + with {_, {:ok, %User{} = user}} <- {:get_user, DatabaseAuthenticator.get_user(conn)}, %App{} = app <- Repo.get_by(App, client_id: client_id), true <- redirect_uri in String.split(app.redirect_uris), scopes <- oauth_scopes(auth_params, []), @@ -98,7 +98,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do |> authorize(auth_params) error -> - OAuth.authenticator().handle_error(conn, error) + DatabaseAuthenticator.handle_error(conn, error) end end From e98d34e5fb569b52166f74a1fc255310938d657c Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 26 Feb 2019 16:26:54 +0300 Subject: [PATCH 4/5] Added missing copyright headers. --- lib/pleroma/web/auth/database_authenticator.ex | 4 ++++ lib/pleroma/web/auth/pleroma_database_authenticator.ex | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/lib/pleroma/web/auth/database_authenticator.ex b/lib/pleroma/web/auth/database_authenticator.ex index 69024a4ba..02a16b634 100644 --- a/lib/pleroma/web/auth/database_authenticator.ex +++ b/lib/pleroma/web/auth/database_authenticator.ex @@ -1,3 +1,7 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + defmodule Pleroma.Web.Auth.DatabaseAuthenticator do alias Pleroma.User diff --git a/lib/pleroma/web/auth/pleroma_database_authenticator.ex b/lib/pleroma/web/auth/pleroma_database_authenticator.ex index 79a8dcfce..39aa1a586 100644 --- a/lib/pleroma/web/auth/pleroma_database_authenticator.ex +++ b/lib/pleroma/web/auth/pleroma_database_authenticator.ex @@ -1,3 +1,7 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + defmodule Pleroma.Web.Auth.PleromaDatabaseAuthenticator do alias Pleroma.User alias Comeonin.Pbkdf2 From b6f915313f59223002a0eff88c1eefb00ca5c8f3 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 28 Feb 2019 13:00:54 +0300 Subject: [PATCH 5/5] Made auth customization be runtime-configurable. --- lib/pleroma/web/auth/database_authenticator.ex | 14 ++++++++------ lib/pleroma/web/oauth/oauth_controller.ex | 2 +- lib/pleroma/web/web.ex | 6 +++++- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/lib/pleroma/web/auth/database_authenticator.ex b/lib/pleroma/web/auth/database_authenticator.ex index 02a16b634..e78068b03 100644 --- a/lib/pleroma/web/auth/database_authenticator.ex +++ b/lib/pleroma/web/auth/database_authenticator.ex @@ -5,14 +5,16 @@ defmodule Pleroma.Web.Auth.DatabaseAuthenticator do alias Pleroma.User - @implementation Pleroma.Config.get( - Pleroma.Web.Auth.DatabaseAuthenticator, - Pleroma.Web.Auth.PleromaDatabaseAuthenticator - ) + def implementation do + Pleroma.Config.get( + Pleroma.Web.Auth.DatabaseAuthenticator, + Pleroma.Web.Auth.PleromaDatabaseAuthenticator + ) + end @callback get_user(Plug.Conn.t()) :: {:ok, User.t()} | {:error, any()} - defdelegate get_user(plug), to: @implementation + def get_user(plug), do: implementation().get_user(plug) @callback handle_error(Plug.Conn.t(), any()) :: any() - defdelegate handle_error(plug, error), to: @implementation + def handle_error(plug, error), do: implementation().handle_error(plug, error) end diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 02c0babd2..5c2b0507c 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -25,7 +25,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do available_scopes = (app && app.scopes) || [] scopes = oauth_scopes(params, nil) || available_scopes - template = Application.get_env(:pleroma, :auth_template, "show.html") + template = Pleroma.Config.get(:auth_template, "show.html") render(conn, template, %{ response_type: params["response_type"], diff --git a/lib/pleroma/web/web.ex b/lib/pleroma/web/web.ex index 4bf07a6ef..66813e4dd 100644 --- a/lib/pleroma/web/web.ex +++ b/lib/pleroma/web/web.ex @@ -27,7 +27,11 @@ defmodule Pleroma.Web do import Pleroma.Web.Gettext import Pleroma.Web.Router.Helpers - plug(:put_layout, Application.get_env(:pleroma, :app_layout, "app.html")) + plug(:set_put_layout) + + defp set_put_layout(conn, _) do + put_layout(conn, Pleroma.Config.get(:app_layout, "app.html")) + end end end