|
|
|
@ -167,17 +167,37 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
|
|
|
|
|
|
|
|
|
defp handle_create_authorization_error(
|
|
|
|
|
%Plug.Conn{} = conn,
|
|
|
|
|
{:auth_active, false},
|
|
|
|
|
{:account_status, :confirmation_pending},
|
|
|
|
|
%{"authorization" => _} = params
|
|
|
|
|
) do
|
|
|
|
|
# Per https://github.com/tootsuite/mastodon/blob/
|
|
|
|
|
# 51e154f5e87968d6bb115e053689767ab33e80cd/app/controllers/api/base_controller.rb#L76
|
|
|
|
|
conn
|
|
|
|
|
|> put_flash(:error, dgettext("errors", "Your login is missing a confirmed e-mail address"))
|
|
|
|
|
|> put_status(:forbidden)
|
|
|
|
|
|> authorize(params)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
defp handle_create_authorization_error(
|
|
|
|
|
%Plug.Conn{} = conn,
|
|
|
|
|
{:account_status, :password_reset_pending},
|
|
|
|
|
%{"authorization" => _} = params
|
|
|
|
|
) do
|
|
|
|
|
conn
|
|
|
|
|
|> put_flash(:error, dgettext("errors", "Password reset is required"))
|
|
|
|
|
|> put_status(:forbidden)
|
|
|
|
|
|> authorize(params)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
defp handle_create_authorization_error(
|
|
|
|
|
%Plug.Conn{} = conn,
|
|
|
|
|
{:account_status, :deactivated},
|
|
|
|
|
%{"authorization" => _} = params
|
|
|
|
|
) do
|
|
|
|
|
conn
|
|
|
|
|
|> put_flash(:error, dgettext("errors", "Your account is currently disabled"))
|
|
|
|
|
|> put_status(:forbidden)
|
|
|
|
|
|> authorize(params)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
defp handle_create_authorization_error(%Plug.Conn{} = conn, error, %{"authorization" => _}) do
|
|
|
|
|
Authenticator.handle_error(conn, error)
|
|
|
|
|
end
|
|
|
|
@ -218,46 +238,14 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
|
|
|
|
) do
|
|
|
|
|
with {:ok, %User{} = user} <- Authenticator.get_user(conn),
|
|
|
|
|
{:ok, app} <- Token.Utils.fetch_app(conn),
|
|
|
|
|
{:auth_active, true} <- {:auth_active, User.auth_active?(user)},
|
|
|
|
|
{:user_active, true} <- {:user_active, !user.deactivated},
|
|
|
|
|
{:password_reset_pending, false} <-
|
|
|
|
|
{:password_reset_pending, user.password_reset_pending},
|
|
|
|
|
{:account_status, :active} <- {:account_status, User.account_status(user)},
|
|
|
|
|
{:ok, scopes} <- validate_scopes(app, params),
|
|
|
|
|
{:ok, auth} <- Authorization.create_authorization(app, user, scopes),
|
|
|
|
|
{:ok, token} <- Token.exchange_token(app, auth) do
|
|
|
|
|
json(conn, Token.Response.build(user, token))
|
|
|
|
|
else
|
|
|
|
|
{:auth_active, false} ->
|
|
|
|
|
# Per https://github.com/tootsuite/mastodon/blob/
|
|
|
|
|
# 51e154f5e87968d6bb115e053689767ab33e80cd/app/controllers/api/base_controller.rb#L76
|
|
|
|
|
render_error(
|
|
|
|
|
conn,
|
|
|
|
|
:forbidden,
|
|
|
|
|
"Your login is missing a confirmed e-mail address",
|
|
|
|
|
%{},
|
|
|
|
|
"missing_confirmed_email"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
{:user_active, false} ->
|
|
|
|
|
render_error(
|
|
|
|
|
conn,
|
|
|
|
|
:forbidden,
|
|
|
|
|
"Your account is currently disabled",
|
|
|
|
|
%{},
|
|
|
|
|
"account_is_disabled"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
{:password_reset_pending, true} ->
|
|
|
|
|
render_error(
|
|
|
|
|
conn,
|
|
|
|
|
:forbidden,
|
|
|
|
|
"Password reset is required",
|
|
|
|
|
%{},
|
|
|
|
|
"password_reset_required"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
_error ->
|
|
|
|
|
render_invalid_credentials_error(conn)
|
|
|
|
|
error ->
|
|
|
|
|
handle_token_exchange_error(conn, error)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
@ -286,6 +274,43 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
|
|
|
|
# Bad request
|
|
|
|
|
def token_exchange(%Plug.Conn{} = conn, params), do: bad_request(conn, params)
|
|
|
|
|
|
|
|
|
|
defp handle_token_exchange_error(%Plug.Conn{} = conn, {:account_status, :deactivated}) do
|
|
|
|
|
render_error(
|
|
|
|
|
conn,
|
|
|
|
|
:forbidden,
|
|
|
|
|
"Your account is currently disabled",
|
|
|
|
|
%{},
|
|
|
|
|
"account_is_disabled"
|
|
|
|
|
)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
defp handle_token_exchange_error(
|
|
|
|
|
%Plug.Conn{} = conn,
|
|
|
|
|
{:account_status, :password_reset_pending}
|
|
|
|
|
) do
|
|
|
|
|
render_error(
|
|
|
|
|
conn,
|
|
|
|
|
:forbidden,
|
|
|
|
|
"Password reset is required",
|
|
|
|
|
%{},
|
|
|
|
|
"password_reset_required"
|
|
|
|
|
)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
defp handle_token_exchange_error(%Plug.Conn{} = conn, {:account_status, :confirmation_pending}) do
|
|
|
|
|
render_error(
|
|
|
|
|
conn,
|
|
|
|
|
:forbidden,
|
|
|
|
|
"Your login is missing a confirmed e-mail address",
|
|
|
|
|
%{},
|
|
|
|
|
"missing_confirmed_email"
|
|
|
|
|
)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
defp handle_token_exchange_error(%Plug.Conn{} = conn, _error) do
|
|
|
|
|
render_invalid_credentials_error(conn)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def token_revoke(%Plug.Conn{} = conn, %{"token" => _token} = params) do
|
|
|
|
|
with {:ok, app} <- Token.Utils.fetch_app(conn),
|
|
|
|
|
{:ok, _token} <- RevokeToken.revoke(app, params) do
|
|
|
|
@ -472,7 +497,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
|
|
|
|
%App{} = app <- Repo.get_by(App, client_id: client_id),
|
|
|
|
|
true <- redirect_uri in String.split(app.redirect_uris),
|
|
|
|
|
{:ok, scopes} <- validate_scopes(app, auth_attrs),
|
|
|
|
|
{:auth_active, true} <- {:auth_active, User.auth_active?(user)} do
|
|
|
|
|
{:account_status, :active} <- {:account_status, User.account_status(user)} do
|
|
|
|
|
Authorization.create_authorization(app, user, scopes)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|