Introduce application tokens

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

lib/web/controllers/application_controller.ex

@@ -0,0 +1,130 @@
+defmodule Mobilizon.Web.ApplicationController do
+  use Mobilizon.Web, :controller
+
+  alias Mobilizon.Applications.Application
+  alias Mobilizon.Service.Auth.Applications
+  plug(:put_layout, false)
+  import Mobilizon.Web.Gettext, only: [dgettext: 2]
+
+  @out_of_band_redirect_uri "urn:ietf:wg:oauth:2.0:oob"
+
+  @doc """
+  Create an application
+  """
+  @spec create_application(Plug.Conn.t(), map()) :: Plug.Conn.t()
+  def create_application(conn, %{"name" => name, "redirect_uris" => redirect_uris} = args) do
+    case Applications.create(
+           name,
+           redirect_uris,
+           Map.get(args, "scopes"),
+           Map.get(args, "website")
+         ) do
+      {:ok, %Application{} = app} ->
+        json(
+          conn,
+          Map.take(app, [:name, :website, :redirect_uris, :client_id, :client_secret, :scope])
+        )
+
+      {:error, _error} ->
+        send_resp(
+          conn,
+          500,
+          dgettext(
+            "errors",
+            "Impossible to create application."
+          )
+        )
+    end
+  end
+
+  def create_application(conn, _args) do
+    send_resp(
+      conn,
+      400,
+      dgettext(
+        "errors",
+        "Both name and redirect_uri parameters are required to create an application"
+      )
+    )
+  end
+
+  @doc """
+  Authorize
+  """
+  @spec authorize(Plug.Conn.t(), map()) :: Plug.Conn.t()
+  def authorize(
+        conn,
+        _args
+      ) do
+    conn = fetch_query_params(conn)
+
+    client_id = conn.query_params["client_id"]
+    redirect_uri = conn.query_params["redirect_uri"]
+    state = conn.query_params["state"]
+
+    if is_binary(client_id) and is_binary(redirect_uri) and is_binary(state) do
+      redirect(conn,
+        to:
+          Routes.page_path(conn, :authorize,
+            client_id: client_id,
+            redirect_uri: redirect_uri,
+            scope: conn.query_params["scope"],
+            state: state
+          )
+      )
+    else
+      send_resp(
+        conn,
+        400,
+        dgettext(
+          "errors",
+          "You need to specify client_id, redirect_uri and state to autorize an application"
+        )
+      )
+    end
+  end
+
+  @spec generate_access_token(Plug.Conn.t(), map()) :: Plug.Conn.t()
+  def generate_access_token(conn, %{
+        "client_id" => client_id,
+        "client_secret" => client_secret,
+        "code" => code,
+        "redirect_uri" => redirect_uri
+      }) do
+    case Applications.generate_access_token(client_id, client_secret, code, redirect_uri) do
+      {:ok, token} ->
+        if redirect_uri != @out_of_band_redirect_uri do
+          redirect(conn, external: generate_redirect_with_query_params(redirect_uri, token))
+        else
+          json(conn, token)
+        end
+
+      {:error, :application_not_found} ->
+        send_resp(conn, 400, dgettext("errors", "No application was found with this client_id"))
+
+      {:error, :redirect_uri_not_in_allowed} ->
+        send_resp(conn, 400, dgettext("errors", "This redirect URI is not allowed"))
+
+      {:error, :invalid_or_expired} ->
+        send_resp(conn, 400, dgettext("errors", "The provided code is invalid or expired"))
+
+      {:error, :invalid_client_id} ->
+        send_resp(
+          conn,
+          400,
+          dgettext("errors", "The provided client_id does not match the provided code")
+        )
+
+      {:error, :invalid_client_secret} ->
+        send_resp(conn, 400, dgettext("errors", "The provided client_secret is invalid"))
+
+      {:error, :user_not_found} ->
+        send_resp(conn, 400, dgettext("errors", "The user for this code was not found"))
+    end
+  end
+
+  @spec generate_redirect_with_query_params(String.t(), map()) :: String.t()
+  defp generate_redirect_with_query_params(redirect_uri, query_params) do
+    redirect_uri |> URI.parse() |> URI.merge("?" <> URI.encode_query(query_params)) |> to_string()
+  end
+end