reuse tokens on exchange as well
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending

This commit is contained in:
FloatingGhost 2022-08-23 14:05:14 +01:00
parent 1b2a95429b
commit d44ddcbef3

View file

@ -59,27 +59,30 @@ def authorize(%Plug.Conn{assigns: %{token: %Token{}}} = conn, %{"force_login" =>
# after user already authorized to MastodonFE. # after user already authorized to MastodonFE.
# So we have to check client and token. # So we have to check client and token.
def authorize( def authorize(
%Plug.Conn{assigns: %{token: %Token{} = token}} = conn, %Plug.Conn{assigns: %{token: %Token{} = token, user: %User{} = user}} = conn,
%{"client_id" => client_id} = params %{"client_id" => client_id} = params
) do ) do
with %Token{} = t <- Repo.get_by(Token, token: token.token) |> Repo.preload(:app), with %Token{} = t <- Repo.get_by(Token, token: token.token) |> Repo.preload(:app),
^client_id <- t.app.client_id do ^client_id <- t.app.client_id do
handle_existing_authorization(conn, params) handle_existing_authorization(conn, params)
else else
_ -> do_authorize(conn, params) _ ->
maybe_reuse_token(conn, params, user.id)
end end
end end
def authorize(%Plug.Conn{} = conn, params) do def authorize(%Plug.Conn{} = conn, params) do
# if we have a user in the session, attempt to authenticate as them # if we have a user in the session, attempt to authenticate as them
# otherwise show the login form # otherwise show the login form
with user_id <- AuthHelper.get_session_user(conn), maybe_reuse_token(conn, params, AuthHelper.get_session_user(conn))
false <- is_nil(user_id), end
%User{} = user <- User.get_cached_by_id(user_id),
defp maybe_reuse_token(conn, params, user_id) when is_binary(user_id) do
with %User{} = user <- User.get_cached_by_id(user_id),
%App{} = app <- Repo.get_by(App, client_id: params["client_id"]), %App{} = app <- Repo.get_by(App, client_id: params["client_id"]),
{:ok, %Token{} = token} <- Token.get_preeexisting_by_app_and_user(app, user), {:ok, %Token{} = token} <- Token.get_preeexisting_by_app_and_user(app, user),
{:ok, %Authorization{} = auth} <- Authorization.get_preeexisting_by_app_and_user(app, user) do {:ok, %Authorization{} = auth} <-
IO.inspect(params) Authorization.get_preeexisting_by_app_and_user(app, user) do
conn conn
|> assign(:token, token) |> assign(:token, token)
|> after_create_authorization(auth, %{"authorization" => params}) |> after_create_authorization(auth, %{"authorization" => params})
@ -88,6 +91,8 @@ def authorize(%Plug.Conn{} = conn, params) do
end end
end end
defp maybe_reuse_token(conn, params, _user), do: do_authorize(conn, params)
defp do_authorize(%Plug.Conn{} = conn, params) do defp do_authorize(%Plug.Conn{} = conn, params) do
app = Repo.get_by(App, client_id: params["client_id"]) app = Repo.get_by(App, client_id: params["client_id"])
available_scopes = (app && app.scopes) || [] available_scopes = (app && app.scopes) || []
@ -283,16 +288,30 @@ def token_exchange(
end end
def token_exchange(%Plug.Conn{} = conn, %{"grant_type" => "authorization_code"} = params) do def token_exchange(%Plug.Conn{} = conn, %{"grant_type" => "authorization_code"} = params) do
with {:ok, app} <- IO.inspect(Token.Utils.fetch_app(conn)), with {:ok, app} <- Token.Utils.fetch_app(conn),
fixed_token = Token.Utils.fix_padding(params["code"]), fixed_token = Token.Utils.fix_padding(params["code"]),
{:ok, auth} <- Authorization.get_by_token(app, fixed_token), {:ok, auth} <- Authorization.get_by_token(app, fixed_token),
%User{} = user <- User.get_cached_by_id(auth.user_id), %User{} = user <- User.get_cached_by_id(auth.user_id) do
{:ok, token} <- IO.inspect(Token.exchange_token(app, auth)) do if auth.used do
# reuse token, we already have a valid one
with {:ok, token} <- Token.get_preeexisting_by_app_and_user(app, user) do
after_token_exchange(conn, %{user: user, token: token}) after_token_exchange(conn, %{user: user, token: token})
else else
error -> error ->
handle_token_exchange_error(conn, error) handle_token_exchange_error(conn, error)
end end
else
with {:ok, token} <- Token.exchange_token(app, auth) do
after_token_exchange(conn, %{user: user, token: token})
else
error ->
handle_token_exchange_error(conn, error)
end
end
else
error ->
handle_token_exchange_error(conn, error)
end
end end
def token_exchange( def token_exchange(