Unify Mastodon Login with OAuth login.

This removes duplication in the login code.

lib/pleroma/web/mastodon_api/mastodon_api_controller.ex

@@ -985,9 +985,30 @@ def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _para
     end
   end
 
+  def login(conn, %{"code" => code}) do
+    with {:ok, app} <- get_or_make_app(),
+         %Authorization{} = auth <- Repo.get_by(Authorization, token: code, app_id: app.id),
+         {:ok, token} <- Token.exchange_token(app, auth) do
+
+      conn
+      |> put_session(:oauth_token, token.token)
+      |> redirect(to: "/web/getting-started")
+    end
+  end
+
   def login(conn, _) do
-    conn
+    with {:ok, app} <- get_or_make_app() do
-    |> render(MastodonView, "login.html", %{error: false})
+      path =
+        o_auth_path(conn, :authorize,
+          response_type: "code",
+          client_id: app.client_id,
+          redirect_uri: ".",
+          scope: app.scopes
+        )
+
+      conn
+      |> redirect(to: path)
+    end
   end
 
   defp get_or_make_app() do
@@ -1006,22 +1027,6 @@ defp get_or_make_app() do
     end
   end
 
-  def login_post(conn, %{"authorization" => %{"name" => name, "password" => password}}) do
-    with %User{} = user <- User.get_by_nickname_or_email(name),
-         true <- Pbkdf2.checkpw(password, user.password_hash),
-         {:ok, app} <- get_or_make_app(),
-         {:ok, auth} <- Authorization.create_authorization(app, user),
-         {:ok, token} <- Token.exchange_token(app, auth) do
-      conn
-      |> put_session(:oauth_token, token.token)
-      |> redirect(to: "/web/getting-started")
-    else
-      _e ->
-        conn
-        |> render(MastodonView, "login.html", %{error: "Wrong username or password"})
-    end
-  end
-
   def logout(conn, _) do
     conn
     |> clear_session

lib/pleroma/web/oauth/oauth_controller.ex

@@ -33,25 +33,35 @@ def create_authorization(conn, %{
          true <- Pbkdf2.checkpw(password, user.password_hash),
          %App{} = app <- Repo.get_by(App, client_id: client_id),
          {:ok, auth} <- Authorization.create_authorization(app, user) do
-      if redirect_uri == "urn:ietf:wg:oauth:2.0:oob" do
+      # Special case: Local MastodonFE.
-        render(conn, "results.html", %{
+      redirect_uri =
-          auth: auth
+        if redirect_uri == "." do
-        })
+          mastodon_api_url(conn, :login)
-      else
+        else
-        connector = if String.contains?(redirect_uri, "?"), do: "&", else: "?"
+          redirect_uri
-        url = "#{redirect_uri}#{connector}"
+        end
-        url_params = %{:code => auth.token}
 
-        url_params =
+      cond do
-          if params["state"] do
+        redirect_uri == "urn:ietf:wg:oauth:2.0:oob" ->
-            Map.put(url_params, :state, params["state"])
+          render(conn, "results.html", %{
-          else
+            auth: auth
-            url_params
+          })
-          end
 
-        url = "#{url}#{Plug.Conn.Query.encode(url_params)}"
+        true ->
+          connector = if String.contains?(redirect_uri, "?"), do: "&", else: "?"
+          url = "#{redirect_uri}#{connector}"
+          url_params = %{:code => auth.token}
 
-        redirect(conn, external: url)
+          url_params =
+            if params["state"] do
+              Map.put(url_params, :state, params["state"])
+            else
+              url_params
+            end
+
+          url = "#{url}#{Plug.Conn.Query.encode(url_params)}"
+
+          redirect(conn, external: url)
       end
     end
   end

lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex

@@ -1,11 +0,0 @@
-<h2>Login to Mastodon Frontend</h2>
-<%= if @error do %>
-  <h2><%= @error %></h2>
-<% end %>
-<%= form_for @conn, mastodon_api_path(@conn, :login), [as: "authorization"], fn f -> %>
-<%= text_input f, :name, placeholder: "Username or email" %>
-<br>
-<%= password_input f, :password, placeholder: "Password" %>
-<br>
-<%= submit "Log in" %>
-<% end %>