hamlab/mobilizon-frontend
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Introduce device flow

Browse Source 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
2023-02-21 14:50:09 +01:00
parent 2ee329ff7b
commit b6875f6a4b
19 changed files with 833 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
lib/service/auth/applications.ex
View File

@@ -3,8 +3,10 @@ defmodule Mobilizon.Service.Auth.Applications do
Module to handle applications management
"""
alias Mobilizon.Applications
alias Mobilizon.Applications.{Application, ApplicationToken}
alias Mobilizon.Applications.{Application, ApplicationDeviceActivation, ApplicationToken}
alias Mobilizon.Service.Auth.Authenticator
alias Mobilizon.Users.User
alias Mobilizon.Web.Router.Helpers, as: Routes
@app_access_tokens_ttl {8, :hour}
@app_refresh_tokens_ttl {26, :week}
@@ -58,6 +60,15 @@ defmodule Mobilizon.Service.Auth.Applications do
end
end
def autorize_device_application(client_id, user_code) do
case Applications.get_application_device_activation(client_id, user_code) do
%ApplicationDeviceActivation{status: :confirmed} = app_device_activation ->
Applications.update_application_device_activation(app_device_activation, %{
status: :success
})
end
end
@spec generate_access_token(String.t(), String.t(), String.t(), String.t()) ::
{:ok, access_token_details()}
| {:error,
@@ -118,6 +129,126 @@ defmodule Mobilizon.Service.Auth.Applications do
end
end
def generate_access_token(client_id, device_code) do
case Applications.get_application_device_activation(client_id, device_code) do
%ApplicationDeviceActivation{status: :success, scope: scope, user_id: user_id} =
app_device_activation ->
if device_activation_expired?(app_device_activation) do
{:error, :expired}
else
%Application{id: app_id} = Applications.get_application_by_client_id(client_id)
{:ok, %ApplicationToken{} = app_token} =
Applications.create_application_token(%{
user_id: user_id,
application_id: app_id,
authorization_code: nil,
scope: scope
})
{:ok, access_token} =
Authenticator.generate_access_token(app_token, @app_access_tokens_ttl)
{:ok, refresh_token} =
Authenticator.generate_refresh_token(app_token, @app_refresh_tokens_ttl)
{:ok,
%{
access_token: access_token,
expires_in: ttl_to_seconds(@app_access_tokens_ttl),
refresh_token: refresh_token,
refresh_token_expires_in: ttl_to_seconds(@app_refresh_tokens_ttl),
scope: scope,
token_type: "bearer"
}}
end
%ApplicationDeviceActivation{status: :incorrect_device_code} ->
{:error, :incorrect_device_code}
%ApplicationDeviceActivation{status: :access_denied} ->
{:error, :access_denied}
err ->
require Logger
Logger.error(inspect(err))
{:error, :incorrect_device_code}
end
end
@chars "ABCDEFGHIJKLMNOPQRSTUVWXYZ" |> String.split("", trim: true)
defp string_of_length(length) do
1..length
|> Enum.reduce([], fn _i, acc ->
[Enum.random(@chars) | acc]
end)
|> Enum.join("")
end
@expires_in 900
@interval 5
@spec register_device_code(String.t(), String.t() | nil) ::
{:ok, ApplicationDeviceActivation.t()}
| {:error, Ecto.Changeset.t()}
def register_device_code(client_id, scope) do
%Application{} = application = Applications.get_application_by_client_id(client_id)
device_code = string_of_length(40)
user_code = string_of_length(8)
verification_uri = Routes.page_url(Mobilizon.Web.Endpoint, :auth_device)
expires_in = @expires_in
interval = @interval
case Applications.create_application_device_activation(%{
device_code: device_code,
user_code: user_code,
expires_in: expires_in,
application_id: application.id,
scope: scope
}) do
{:ok, %ApplicationDeviceActivation{} = application_device_activation} ->
{:ok,
application_device_activation
|> Map.from_struct()
|> Map.take([:device_code, :user_code, :expires_in])
|> Map.update!(:user_code, &user_code_displayed/1)
|> Map.merge(%{
interval: interval,
verification_uri: verification_uri
})}
{:error, %Ecto.Changeset{} = err} ->
{:error, err}
end
end
@spec activate_device(String.t(), User.t()) ::
{:ok, ApplicationDeviceActivation.t()}
| {:error, Ecto.Changeset.t()}
| {:error, :not_found}
| {:error, :expired}
def activate_device(user_code, user) do
case Applications.get_application_device_activation_by_user_code(user_code) do
%ApplicationDeviceActivation{} = app_device_activation ->
if device_activation_expired?(app_device_activation) do
{:error, :expired}
else
Applications.update_application_device_activation(app_device_activation, %{
status: :confirmed,
user_id: user.id
})
end
_ ->
{:error, :not_found}
end
end
defp user_code_displayed(user_code) do
String.slice(user_code, 0..3) <> "-" <> String.slice(user_code, 4..7)
end
def revoke_application_token(%ApplicationToken{} = app_token) do
Applications.revoke_application_token(app_token)
end
@@ -127,4 +258,13 @@ defmodule Mobilizon.Service.Auth.Applications do
defp ttl_to_seconds({value, :minute}), do: value * 60
defp ttl_to_seconds({value, :hour}), do: value * 3600
defp ttl_to_seconds({value, :week}), do: value * 604_800
@spec device_activation_expired?(ApplicationDeviceActivation.t()) :: boolean()
defp device_activation_expired?(%ApplicationDeviceActivation{
inserted_at: inserted_at,
expires_in: expires_in
}) do
NaiveDateTime.compare(NaiveDateTime.add(inserted_at, expires_in), NaiveDateTime.utc_now()) ==
:gt
end
end