AkkomaGang/akkoma
AkkomaGang/akkoma
17
70
Fork 118
Code Issues 148 Pull requests 15 Projects 2 Releases 24 Packages Wiki Activity

Fix OAuth consumer mode #668

Merged
floatingghost merged 4 commits from :develop into develop 2024-02-02 10:05:42 +00:00
Conversation 1 Commits 4 Files changed 5 +8 -10
1 changed files with 8 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit eb0dbf6b79 - Show all commits

fix oauth consumer mode

Prev Next 
the previous code passed a state parameter to ueberauth with info
about where to go after the user logged in, etc.
since ueberauth 0.7, this parameter is ignored and oauth state is used
for actual CSRF reasons.

we now set a cookie with the state we need to keep track of, and read
it once the callback happens.
Aria 2023-12-17 19:27:36 +00:00
commit eb0dbf6b79

18
lib/pleroma/web/o_auth/o_auth_controller.ex
View file

@ -443,13 +443,10 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|> Map.put("scope", scope)
|> Jason.encode!()
params =
auth_attrs
|> Map.drop(~w(scope scopes client_id redirect_uri))
|> Map.put("state", state)
# Handing the request to Ueberauth
redirect(conn, to: ~p"/oauth/#{provider}?#{params}")
conn
|> put_resp_cookie("akkoma_oauth_state", state)
|> redirect(to: ~p"/oauth/#{provider}")
end
def request(%Plug.Conn{} = conn, params) do
@ -468,7 +465,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
end
def callback(%Plug.Conn{assigns: %{ueberauth_failure: failure}} = conn, params) do
params = callback_params(params)
params = callback_params(conn, params)
messages = for e <- Map.get(failure, :errors, []), do: e.message
message = Enum.join(messages, "; ")
@ -481,7 +478,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
end
def callback(%Plug.Conn{} = conn, params) do
params = callback_params(params)
params = callback_params(conn, params)
with {:ok, registration} <- Authenticator.get_registration(conn) do
auth_attrs = Map.take(params, ~w(client_id redirect_uri scope scopes state))
@ -511,8 +508,9 @@ defmodule Pleroma.Web.OAuth.OAuthController do
end
end
defp callback_params(%{"state" => state} = params) do
Map.merge(params, Jason.decode!(state))
defp callback_params(%Plug.Conn{} = conn, params) do
fetch_cookies(conn)
Map.merge(params, Jason.decode!(Map.get(conn.req_cookies, "akkoma_oauth_state", "{}")))
end
def registration_details(%Plug.Conn{} = conn, %{"authorization" => auth_attrs}) do