diff options
| -rw-r--r-- | appinfo/routes.php | 1 | ||||
| -rw-r--r-- | lib/Controller/OAuthController.php | 53 | ||||
| -rw-r--r-- | src/oauth.js | 38 | ||||
| -rw-r--r-- | src/views/OAuth2Authorize.vue | 98 | ||||
| -rw-r--r-- | templates/oauth2.php | 28 | ||||
| -rw-r--r-- | webpack.common.js | 3 |
6 files changed, 210 insertions, 11 deletions
diff --git a/appinfo/routes.php b/appinfo/routes.php index 90ef2f44..861bcb93 100644 --- a/appinfo/routes.php +++ b/appinfo/routes.php @@ -70,6 +70,7 @@ return [ ['name' => 'OAuth#nodeinfo2', 'url' => '/.well-known/nodeinfo/2.0', 'verb' => 'GET'], ['name' => 'OAuth#apps', 'url' => '/api/v1/apps', 'verb' => 'POST'], ['name' => 'OAuth#authorize', 'url' => '/oauth/authorize', 'verb' => 'GET'], + ['name' => 'OAuth#authorizing', 'url' => '/oauth/authorize', 'verb' => 'POST'], ['name' => 'OAuth#token', 'url' => '/oauth/token', 'verb' => 'POST'], // Api for 3rd party diff --git a/lib/Controller/OAuthController.php b/lib/Controller/OAuthController.php index 7a295649..057641e5 100644 --- a/lib/Controller/OAuthController.php +++ b/lib/Controller/OAuthController.php @@ -45,6 +45,8 @@ use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\Response; +use OCP\AppFramework\Http\TemplateResponse; +use OCP\AppFramework\Services\IInitialState; use OCP\IRequest; use OCP\IURLGenerator; use OCP\IUserSession; @@ -59,6 +61,7 @@ class OAuthController extends Controller { private ClientService $clientService; private ConfigService $configService; private LoggerInterface $logger; + private IInitialState $initialState; public function __construct( IRequest $request, @@ -69,7 +72,8 @@ class OAuthController extends Controller { CacheActorService $cacheActorService, ClientService $clientService, ConfigService $configService, - LoggerInterface $logger + LoggerInterface $logger, + IInitialState $initialState ) { parent::__construct(Application::APP_NAME, $request); @@ -81,6 +85,7 @@ class OAuthController extends Controller { $this->clientService = $clientService; $this->configService = $configService; $this->logger = $logger; + $this->initialState = $initialState; $body = file_get_contents('php://input'); $logger->debug('[OAuthController] input: ' . $body); @@ -173,13 +178,47 @@ class OAuthController extends Controller { string $redirect_uri, string $response_type, string $scope = 'read' + ): Response { + $user = $this->userSession->getUser(); + + // check actor exists + $this->accountService->getActorFromUserId($user->getUID()); + + if ($response_type !== 'code') { + throw new ClientNotFoundException('invalid response type'); + } + + // check client exists in db + $client = $this->clientService->getFromClientId($client_id); + $this->initialState->provideInitialState('appName', $client->getAppName()); + + return new TemplateResponse(Application::APP_NAME, 'oauth2', [ + 'request' => + [ + 'clientId' => $client_id, + 'redirectUri' => $redirect_uri, + 'responseType' => $response_type, + 'scope' => $scope + ] + ]); + } + + + /** + * @NoAdminRequired + */ + public function authorizing( + string $client_id, + string $redirect_uri, + string $response_type, + string $scope = 'read' ): DataResponse { try { $user = $this->userSession->getUser(); $account = $this->accountService->getActorFromUserId($user->getUID()); if ($response_type !== 'code') { - return new DataResponse(['error' => 'invalid_type'], Http::STATUS_BAD_REQUEST); + throw new ClientNotFoundException('invalid response type'); } $client = $this->clientService->getFromClientId($client_id); @@ -205,18 +244,12 @@ class OAuthController extends Controller { // TODO : finalize result if no redirect_url return new DataResponse( - [ - 'code' => $code, - // 'access_token' => '', - // "token_type" => "Bearer", - // "scope" => "read write follow push", - // "created_at" => 1573979017 - ], Http::STATUS_OK + ['code' => $code], Http::STATUS_OK ); } catch (Exception $e) { $this->logger->notice($e->getMessage() . ' ' . get_class($e)); - return new DataResponse(['error' => $e->getMessage()], Http::STATUS_UNAUTHORIZED); + return new DataResponse(['error' => $e->getMessage()], Http::STATUS_BAD_REQUEST); } } diff --git a/src/oauth.js b/src/oauth.js new file mode 100644 index 00000000..7138183e --- /dev/null +++ b/src/oauth.js @@ -0,0 +1,38 @@ +/** + * @copyright 2022 Carl Schwan <carl@carlschwan.eu> + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +import Vue from 'vue' +import OAuth2Authorize from './views/OAuth2Authorize.vue' + +// CSP config for webpack dynamic chunk loading +// eslint-disable-next-line +__webpack_nonce__ = btoa(OC.requestToken) + +// Correct the root of the app for chunk loading +// OC.linkTo matches the apps folders +// eslint-disable-next-line +__webpack_public_path__ = OC.linkTo('social', 'js/') + +Vue.prototype.t = t +Vue.prototype.n = n +Vue.prototype.OC = OC +Vue.prototype.OCA = OCA + +new Vue({ + render: h => h(OAuth2Authorize), +}).$mount('#social-oauth2') diff --git a/src/views/OAuth2Authorize.vue b/src/views/OAuth2Authorize.vue new file mode 100644 index 00000000..01041d5a --- /dev/null +++ b/src/views/OAuth2Authorize.vue @@ -0,0 +1,98 @@ +<!-- + - @copyright 2022 Carl Schwan <carl@carlschwan.eu> + - @license GNU AGPL version 3 or any later version + - + - This program is free software: you can redistribute it and/or modify + - it under the terms of the GNU Affero General Public License as + - published by the Free Software Foundation, either version 3 of the + - License, or (at your option) any later version. + - + - This program is distributed in the hope that it will be useful, + - but WITHOUT ANY WARRANTY; without even the implied warranty of + - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + - GNU Affero General Public License for more details. + - + - You should have received a copy of the GNU Affero General Public License + - along with this program. If not, see <http://www.gnu.org/licenses/>. + --> + +<template> + <div class="wrapper"> + <form class="guest-box" method="post"> + <h1>{{ t('social', 'Authorization required') }}</h1> + <p> + {{ t('social', '{appDisplayName} would like permission to access your account. It is a third party application.', {appDisplayName: appName}) }} + <b>{{ t('social', 'If you do not trust it, then you should not authorize it.') }}</b> + </p> + <input type="hidden" + name="requesttoken" + :value="OC.requestToken"> + <div class="button-row"> + <NcButton type="primary" nativeType="submit"> + {{ t('social', 'Authorize') }} + </NcButton> + <NcButton type="error" :href="homeUrl"> + {{ t('social', 'Deny') }} + </NcButton> + </div> + </form> + </div> +</template> + +<script> +import NcButton from '@nextcloud/vue/dist/Components/NcButton.js' +import { loadState } from '@nextcloud/initial-state' +import { generateUrl } from '@nextcloud/router' + +export default { + name: 'OAuth2Authorize', + components: { + NcButton, + }, + data() { + return { + appName: loadState('social', 'appName'), + } + }, + computed: { + homeUrl() { + return generateUrl('/apps/social/') + }, + }, +} +</script> + +<style lang="scss" scopped> +.wrapper { + display: flex; + flex-direction: column; + justify-content: center; + align-items: center; + width: 100%; +} +.guest-box { + color: var(--color-main-text); + background-color: var(--color-main-background); + padding: 1rem; + border-radius: var(--border-radius-large); + box-shadow: 0 0 10px var(--color-box-shadow); + display: inline-block; + max-width: 600px; + + h1 { + font-weight: bold; + text-align: center; + font-size: 20px; + margin-bottom: 12px; + line-height: 140%; + } + + .button-row { + display: flex; + gap: 1rem; + flex-direction: row; + margin-top: 1rem; + justify-content: end; + } +} +</style> diff --git a/templates/oauth2.php b/templates/oauth2.php new file mode 100644 index 00000000..9cb80a07 --- /dev/null +++ b/templates/oauth2.php @@ -0,0 +1,28 @@ +<?php +/** + * @copyright Copyright (c) 2019 Julius Härtl <jus@bitgrid.net> + * + * @author Jonas Sulzer <jonas@violoncello.ch> + * @author Julius Härtl <jus@bitgrid.net> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +\OCP\Util::addScript('social', 'social-oauth'); +?> + +<div id="social-oauth2"></div> diff --git a/webpack.common.js b/webpack.common.js index dcacd5d9..48fef45f 100644 --- a/webpack.common.js +++ b/webpack.common.js @@ -8,7 +8,8 @@ webpackConfig.entry = { social: path.join(__dirname, 'src', 'main.js'), ostatus: path.join(__dirname, 'src', 'ostatus.js'), profilePage: path.join(__dirname, 'src', 'profile.js'), - dashboard: path.join(__dirname, 'src', 'dashboard.js'), + dashboard: path.join(__dirname, 'src', 'dashboard.js'), + oauth: path.join(__dirname, 'src', 'oauth.js'), } module.exports = webpackConfig |