commit
0c53d91f3b
@ -0,0 +1,10 @@
|
||||
# Configuring MongooseIM (XMPP Server) to use Pleroma for authentication
|
||||
|
||||
If you want to give your Pleroma users an XMPP (chat) account, you can configure [MongooseIM](https://github.com/esl/MongooseIM) to use your Pleroma server for user authentication, automatically giving every local user an XMPP account.
|
||||
|
||||
In general, you just have to follow the configuration described at [https://mongooseim.readthedocs.io/en/latest/authentication-backends/HTTP-authentication-module/](https://mongooseim.readthedocs.io/en/latest/authentication-backends/HTTP-authentication-module/) and do these changes to your mongooseim.cfg.
|
||||
|
||||
1. Set the auth_method to `{auth_method, http}`.
|
||||
2. Add the http auth pool like this: `{http, global, auth, [{workers, 50}], [{server, "https://yourpleromainstance.com"}]}`
|
||||
|
||||
Restart your MongooseIM server, your users should now be able to connect with their Pleroma credentials.
|
@ -0,0 +1,44 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Keys do
|
||||
# Native generation of RSA keys is only available since OTP 20+ and in default build conditions
|
||||
# We try at compile time to generate natively an RSA key otherwise we fallback on the old way.
|
||||
try do
|
||||
_ = :public_key.generate_key({:rsa, 2048, 65_537})
|
||||
|
||||
def generate_rsa_pem do
|
||||
key = :public_key.generate_key({:rsa, 2048, 65_537})
|
||||
entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
|
||||
pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
|
||||
{:ok, pem}
|
||||
end
|
||||
rescue
|
||||
_ ->
|
||||
def generate_rsa_pem do
|
||||
port = Port.open({:spawn, "openssl genrsa"}, [:binary])
|
||||
|
||||
{:ok, pem} =
|
||||
receive do
|
||||
{^port, {:data, pem}} -> {:ok, pem}
|
||||
end
|
||||
|
||||
Port.close(port)
|
||||
|
||||
if Regex.match?(~r/RSA PRIVATE KEY/, pem) do
|
||||
{:ok, pem}
|
||||
else
|
||||
:error
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def keys_from_pem(pem) do
|
||||
[private_key_code] = :public_key.pem_decode(pem)
|
||||
private_key = :public_key.pem_entry_decode(private_key_code)
|
||||
{:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key
|
||||
public_key = {:RSAPublicKey, modulus, exponent}
|
||||
{:ok, private_key, public_key}
|
||||
end
|
||||
end
|
@ -0,0 +1,41 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
|
||||
use Pleroma.Web, :controller
|
||||
alias Comeonin.Pbkdf2
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.User
|
||||
|
||||
def user_exists(conn, %{"user" => username}) do
|
||||
with %User{} <- Repo.get_by(User, nickname: username, local: true) do
|
||||
conn
|
||||
|> json(true)
|
||||
else
|
||||
_ ->
|
||||
conn
|
||||
|> put_status(:not_found)
|
||||
|> json(false)
|
||||
end
|
||||
end
|
||||
|
||||
def check_password(conn, %{"user" => username, "pass" => password}) do
|
||||
with %User{password_hash: password_hash} <-
|
||||
Repo.get_by(User, nickname: username, local: true),
|
||||
true <- Pbkdf2.checkpw(password, password_hash) do
|
||||
conn
|
||||
|> json(true)
|
||||
else
|
||||
false ->
|
||||
conn
|
||||
|> put_status(403)
|
||||
|> json(false)
|
||||
|
||||
_ ->
|
||||
conn
|
||||
|> put_status(:not_found)
|
||||
|> json(false)
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,41 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.OAuth.Token.CleanWorker do
|
||||
@moduledoc """
|
||||
The module represents functions to clean an expired oauth tokens.
|
||||
"""
|
||||
|
||||
# 10 seconds
|
||||
@start_interval 10_000
|
||||
@interval Pleroma.Config.get(
|
||||
# 24 hours
|
||||
[:oauth2, :clean_expired_tokens_interval],
|
||||
86_400_000
|
||||
)
|
||||
@queue :background
|
||||
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
|
||||
def start_link, do: GenServer.start_link(__MODULE__, nil)
|
||||
|
||||
def init(_) do
|
||||
if Pleroma.Config.get([:oauth2, :clean_expired_tokens], false) do
|
||||
Process.send_after(self(), :perform, @start_interval)
|
||||
{:ok, nil}
|
||||
else
|
||||
:ignore
|
||||
end
|
||||
end
|
||||
|
||||
@doc false
|
||||
def handle_info(:perform, state) do
|
||||
Process.send_after(self(), :perform, @interval)
|
||||
PleromaJobQueue.enqueue(@queue, __MODULE__, [:clean])
|
||||
{:noreply, state}
|
||||
end
|
||||
|
||||
# Job Worker Callbacks
|
||||
def perform(:clean), do: Token.delete_expired_tokens()
|
||||
end
|
@ -0,0 +1,55 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.OAuth.Token.Query do
|
||||
@moduledoc """
|
||||
Contains queries for OAuth Token.
|
||||
"""
|
||||
|
||||
import Ecto.Query, only: [from: 2]
|
||||
|
||||
@type query :: Ecto.Queryable.t() | Token.t()
|
||||
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
|
||||
@spec get_by_refresh_token(query, String.t()) :: query
|
||||
def get_by_refresh_token(query \\ Token, refresh_token) do
|
||||
from(q in query, where: q.refresh_token == ^refresh_token)
|
||||
end
|
||||
|
||||
@spec get_by_token(query, String.t()) :: query
|
||||
def get_by_token(query \\ Token, token) do
|
||||
from(q in query, where: q.token == ^token)
|
||||
end
|
||||
|
||||
@spec get_by_app(query, String.t()) :: query
|
||||
def get_by_app(query \\ Token, app_id) do
|
||||
from(q in query, where: q.app_id == ^app_id)
|
||||
end
|
||||
|
||||
@spec get_by_id(query, String.t()) :: query
|
||||
def get_by_id(query \\ Token, id) do
|
||||
from(q in query, where: q.id == ^id)
|
||||
end
|
||||
|
||||
@spec get_expired_tokens(query, DateTime.t() | nil) :: query
|
||||
def get_expired_tokens(query \\ Token, date \\ nil) do
|
||||
expired_date = date || Timex.now()
|
||||
from(q in query, where: fragment("?", q.valid_until) < ^expired_date)
|
||||
end
|
||||
|
||||
@spec get_by_user(query, String.t()) :: query
|
||||
def get_by_user(query \\ Token, user_id) do
|
||||
from(q in query, where: q.user_id == ^user_id)
|
||||
end
|
||||
|
||||
@spec preload(query, any) :: query
|
||||
def preload(query \\ Token, assoc_preload \\ [])
|
||||
|
||||
def preload(query, assoc_preload) when is_list(assoc_preload) do
|
||||
from(q in query, preload: ^assoc_preload)
|
||||
end
|
||||
|
||||
def preload(query, _assoc_preload), do: query
|
||||
end
|
Binary file not shown.
@ -0,0 +1,20 @@
|
||||
defmodule Pleroma.KeysTest do
|
||||
use Pleroma.DataCase
|
||||
|
||||
alias Pleroma.Keys
|
||||
|
||||
test "generates an RSA private key pem" do
|
||||
{:ok, key} = Keys.generate_rsa_pem()
|
||||
|
||||
assert is_binary(key)
|
||||
assert Regex.match?(~r/RSA/, key)
|
||||
end
|
||||
|
||||
test "returns a public and private key from a pem" do
|
||||
pem = File.read!("test/fixtures/private_key.pem")
|
||||
{:ok, private, public} = Keys.keys_from_pem(pem)
|
||||
|
||||
assert elem(private, 0) == :RSAPrivateKey
|
||||
assert elem(public, 0) == :RSAPublicKey
|
||||
end
|
||||
end
|
@ -0,0 +1,52 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.FallbackTest do
|
||||
use Pleroma.Web.ConnCase
|
||||
import Pleroma.Factory
|
||||
|
||||
test "GET /registration/:token", %{conn: conn} do
|
||||
assert conn
|
||||
|> get("/registration/foo")
|
||||
|> html_response(200) =~ "<!--server-generated-meta-->"
|
||||
end
|
||||
|
||||
test "GET /:maybe_nickname_or_id", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
|
||||
assert conn
|
||||
|> get("/foo")
|
||||
|> html_response(200) =~ "<!--server-generated-meta-->"
|
||||
|
||||
refute conn
|
||||
|> get("/" <> user.nickname)
|
||||
|> html_response(200) =~ "<!--server-generated-meta-->"
|
||||
end
|
||||
|
||||
test "GET /api*path", %{conn: conn} do
|
||||
assert conn
|
||||
|> get("/api/foo")
|
||||
|> json_response(404) == %{"error" => "Not implemented"}
|
||||
end
|
||||
|
||||
test "GET /*path", %{conn: conn} do
|
||||
assert conn
|
||||
|> get("/foo")
|
||||
|> html_response(200) =~ "<!--server-generated-meta-->"
|
||||
|
||||
assert conn
|
||||
|> get("/foo/bar")
|
||||
|> html_response(200) =~ "<!--server-generated-meta-->"
|
||||
end
|
||||
|
||||
test "OPTIONS /*path", %{conn: conn} do
|
||||
assert conn
|
||||
|> options("/foo")
|
||||
|> response(204) == ""
|
||||
|
||||
assert conn
|
||||
|> options("/foo/bar")
|
||||
|> response(204) == ""
|
||||
end
|
||||
end
|
@ -0,0 +1,59 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.MongooseIMController do
|
||||
use Pleroma.Web.ConnCase
|
||||
import Pleroma.Factory
|
||||
|
||||
test "/user_exists", %{conn: conn} do
|
||||
_user = insert(:user, nickname: "lain")
|
||||
_remote_user = insert(:user, nickname: "alice", local: false)
|
||||
|
||||
res =
|
||||
conn
|
||||
|> get(mongoose_im_path(conn, :user_exists), user: "lain")
|
||||
|> json_response(200)
|
||||
|
||||
assert res == true
|
||||
|
||||
res =
|
||||
conn
|
||||
|> get(mongoose_im_path(conn, :user_exists), user: "alice")
|
||||
|> json_response(404)
|
||||
|
||||
assert res == false
|
||||
|
||||
res =
|
||||
conn
|
||||
|> get(mongoose_im_path(conn, :user_exists), user: "bob")
|
||||
|> json_response(404)
|
||||
|
||||
assert res == false
|
||||
end
|
||||
|
||||
test "/check_password", %{conn: conn} do
|
||||
user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("cool"))
|
||||
|
||||
res =
|
||||
conn
|
||||
|> get(mongoose_im_path(conn, :check_password), user: user.nickname, pass: "cool")
|
||||
|> json_response(200)
|
||||
|
||||
assert res == true
|
||||
|
||||
res =
|
||||
conn
|
||||
|> get(mongoose_im_path(conn, :check_password), user: user.nickname, pass: "uncool")
|
||||
|> json_response(403)
|
||||
|
||||
assert res == false
|
||||
|
||||
res =
|
||||
conn
|
||||
|> get(mongoose_im_path(conn, :check_password), user: "nobody", pass: "cool")
|
||||
|> json_response(404)
|
||||
|
||||
assert res == false
|
||||
end
|
||||
end
|
Loading…
Reference in new issue