whole buncha stuff
This commit is contained in:
tsmethurst
@ -19,19 +19,25 @@
|
||||
package oauth
|
||||
|
||||
import (
|
||||
"github.com/go-pg/pg/v10"
|
||||
"github.com/gotosocial/gotosocial/internal/api"
|
||||
"github.com/gotosocial/gotosocial/internal/gtsmodel"
|
||||
"github.com/gotosocial/oauth2/v4"
|
||||
"github.com/gotosocial/oauth2/v4/errors"
|
||||
"github.com/gotosocial/oauth2/v4/manage"
|
||||
"github.com/gotosocial/oauth2/v4/server"
|
||||
"github.com/sirupsen/logrus"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
type API struct {
|
||||
manager *manage.Manager
|
||||
server *server.Server
|
||||
conn *pg.DB
|
||||
log *logrus.Logger
|
||||
}
|
||||
|
||||
func New(ts oauth2.TokenStore, cs oauth2.ClientStore, log *logrus.Logger) *API {
|
||||
func New(ts oauth2.TokenStore, cs oauth2.ClientStore, conn *pg.DB, log *logrus.Logger) *API {
|
||||
manager := manage.NewDefaultManager()
|
||||
manager.MapTokenStorage(ts)
|
||||
manager.MapClientStorage(cs)
|
||||
@ -49,5 +55,41 @@ func New(ts oauth2.TokenStore, cs oauth2.ClientStore, log *logrus.Logger) *API {
|
||||
return &API{
|
||||
manager: manager,
|
||||
server: srv,
|
||||
conn: conn,
|
||||
log: log,
|
||||
}
|
||||
}
|
||||
|
||||
func (a *API) AddRoutes(s api.Server) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func incorrectPassword() (string, error) {
|
||||
return "", errors.New("password/email combination was incorrect")
|
||||
}
|
||||
|
||||
func (a *API) PasswordAuthorizationHandler(email string, password string) (userid string, err error) {
|
||||
// first we select the user from the database based on email address, bail if no user found for that email
|
||||
gtsUser := >smodel.User{}
|
||||
if err := a.conn.Model(gtsUser).Where("email = ?", email).Select(); err != nil {
|
||||
a.log.Debugf("user %s was not retrievable from db during oauth authorization attempt: %s", email, err)
|
||||
return incorrectPassword()
|
||||
}
|
||||
|
||||
// make sure a password is actually set and bail if not
|
||||
if gtsUser.EncryptedPassword == "" {
|
||||
a.log.Warnf("encrypted password for user %s was empty for some reason", gtsUser.Email)
|
||||
return incorrectPassword()
|
||||
}
|
||||
|
||||
// compare the provided password with the encrypted one from the db, bail if they don't match
|
||||
if err := bcrypt.CompareHashAndPassword([]byte(gtsUser.EncryptedPassword), []byte(password)); err != nil {
|
||||
a.log.Debugf("password hash didn't match for user %s during login attempt: %s", gtsUser.Email, err)
|
||||
return incorrectPassword()
|
||||
}
|
||||
|
||||
// If we've made it this far the email/password is correct so we need the oauth client-id of the user
|
||||
// This is, conveniently, the same as the user ID, so we can just return it.
|
||||
userid = gtsUser.ID
|
||||
return
|
||||
}
|
||||
|
||||
@ -37,9 +37,9 @@ func NewPGClientStore(conn *pg.DB) oauth2.ClientStore {
|
||||
return pts
|
||||
}
|
||||
|
||||
func (pcs *pgClientStore) GetByID(ctx context.Context, id string) (oauth2.ClientInfo, error) {
|
||||
func (pcs *pgClientStore) GetByID(ctx context.Context, clientID string) (oauth2.ClientInfo, error) {
|
||||
poc := &oauthClient{
|
||||
ID: id,
|
||||
ID: clientID,
|
||||
}
|
||||
if err := pcs.conn.WithContext(ctx).Model(poc).Where("id = ?", poc.ID).Select(); err != nil {
|
||||
return nil, err
|
||||
|
||||
@ -13,10 +13,10 @@ import (
|
||||
|
||||
type PgClientStoreTestSuite struct {
|
||||
suite.Suite
|
||||
conn *pg.DB
|
||||
testClientID string
|
||||
testClientSecret string
|
||||
testClientDomain string
|
||||
conn *pg.DB
|
||||
testClientID string
|
||||
testClientSecret string
|
||||
testClientDomain string
|
||||
testClientUserID string
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user