No OneTemporary
Actions

Size

11 KB

Subscribers

None

View Options

	diff --git a/oauth_slack.go b/oauth_slack.go
	index 35db156..c881ab6 100644
	--- a/oauth_slack.go
	+++ b/oauth_slack.go
	@@ -1,180 +1,178 @@
	/*
	* Copyright © 2019-2020 A Bunch Tell LLC.
	*
	* This file is part of WriteFreely.
	*
	* WriteFreely is free software: you can redistribute it and/or modify
	* it under the terms of the GNU Affero General Public License, included
	* in the LICENSE file in this source code package.
	*/

	package writefreely

	import (
	"context"
	"errors"
	- "fmt"
	- "github.com/writeas/nerds/store"
	"github.com/writeas/slug"
	"net/http"
	"net/url"
	"strings"
	)

	type slackOauthClient struct {
	ClientID string
	ClientSecret string
	TeamID string
	CallbackLocation string
	HttpClient HttpClient
	}

	type slackExchangeResponse struct {
	OK bool `json:"ok"`
	AccessToken string `json:"access_token"`
	Scope string `json:"scope"`
	TeamName string `json:"team_name"`
	TeamID string `json:"team_id"`
	Error string `json:"error"`
	}

	type slackIdentity struct {
	Name string `json:"name"`
	ID string `json:"id"`
	Email string `json:"email"`
	}

	type slackTeam struct {
	Name string `json:"name"`
	ID string `json:"id"`
	}

	type slackUserIdentityResponse struct {
	OK bool `json:"ok"`
	User slackIdentity `json:"user"`
	Team slackTeam `json:"team"`
	Error string `json:"error"`
	}

	const (
	slackAuthLocation = "https://slack.com/oauth/authorize"
	slackExchangeLocation = "https://slack.com/api/oauth.access"
	slackIdentityLocation = "https://slack.com/api/users.identity"
	)

	var _ oauthClient = slackOauthClient{}

	func (c slackOauthClient) GetProvider() string {
	return "slack"
	}

	func (c slackOauthClient) GetClientID() string {
	return c.ClientID
	}

	func (c slackOauthClient) GetCallbackLocation() string {
	return c.CallbackLocation
	}

	func (c slackOauthClient) buildLoginURL(state string) (string, error) {
	u, err := url.Parse(slackAuthLocation)
	if err != nil {
	return "", err
	}
	q := u.Query()
	q.Set("client_id", c.ClientID)
	q.Set("scope", "identity.basic identity.email identity.team")
	q.Set("redirect_uri", c.CallbackLocation)
	q.Set("state", state)

	// If this param is not set, the user can select which team they
	// authenticate through and then we'd have to match the configured team
	// against the profile get. That is extra work in the post-auth phase
	// that we don't want to do.
	q.Set("team", c.TeamID)

	// The Slack OAuth docs don't explicitly list this one, but it is part of
	// the spec, so we include it anyway.
	q.Set("response_type", "code")
	u.RawQuery = q.Encode()
	return u.String(), nil
	}

	func (c slackOauthClient) exchangeOauthCode(ctx context.Context, code string) (*TokenResponse, error) {
	form := url.Values{}
	// The oauth.access documentation doesn't explicitly mention this
	// parameter, but it is part of the spec, so we include it anyway.
	// https://api.slack.com/methods/oauth.access
	form.Add("grant_type", "authorization_code")
	form.Add("redirect_uri", c.CallbackLocation)
	form.Add("code", code)
	req, err := http.NewRequest("POST", slackExchangeLocation, strings.NewReader(form.Encode()))
	if err != nil {
	return nil, err
	}
	req.WithContext(ctx)
	req.Header.Set("User-Agent", "writefreely")
	req.Header.Set("Accept", "application/json")
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.SetBasicAuth(c.ClientID, c.ClientSecret)

	resp, err := c.HttpClient.Do(req)
	if err != nil {
	return nil, err
	}
	if resp.StatusCode != http.StatusOK {
	return nil, errors.New("unable to exchange code for access token")
	}

	var tokenResponse slackExchangeResponse
	if err := limitedJsonUnmarshal(resp.Body, tokenRequestMaxLen, &tokenResponse); err != nil {
	return nil, err
	}
	if !tokenResponse.OK {
	return nil, errors.New(tokenResponse.Error)
	}
	return tokenResponse.TokenResponse(), nil
	}

	func (c slackOauthClient) inspectOauthAccessToken(ctx context.Context, accessToken string) (*InspectResponse, error) {
	req, err := http.NewRequest("GET", slackIdentityLocation, nil)
	if err != nil {
	return nil, err
	}
	req.WithContext(ctx)
	req.Header.Set("User-Agent", "writefreely")
	req.Header.Set("Accept", "application/json")
	req.Header.Set("Authorization", "Bearer "+accessToken)

	resp, err := c.HttpClient.Do(req)
	if err != nil {
	return nil, err
	}
	if resp.StatusCode != http.StatusOK {
	return nil, errors.New("unable to inspect access token")
	}

	var inspectResponse slackUserIdentityResponse
	if err := limitedJsonUnmarshal(resp.Body, infoRequestMaxLen, &inspectResponse); err != nil {
	return nil, err
	}
	if !inspectResponse.OK {
	return nil, errors.New(inspectResponse.Error)
	}
	return inspectResponse.InspectResponse(), nil
	}

	func (resp slackUserIdentityResponse) InspectResponse() *InspectResponse {
	return &InspectResponse{
	UserID: resp.User.ID,
	- Username: fmt.Sprintf("%s-%s", slug.Make(resp.User.Name), store.GenerateRandomString("0123456789bcdfghjklmnpqrstvwxyz", 5)),
	+ Username: slug.Make(resp.User.Name),
	DisplayName: resp.User.Name,
	Email: resp.User.Email,
	}
	}

	func (resp slackExchangeResponse) TokenResponse() *TokenResponse {
	return &TokenResponse{
	AccessToken: resp.AccessToken,
	}
	}
	diff --git a/pages/signup-oauth.tmpl b/pages/signup-oauth.tmpl
	index e02b89d..8ba65b4 100644
	--- a/pages/signup-oauth.tmpl
	+++ b/pages/signup-oauth.tmpl
	@@ -1,175 +1,188 @@
	{{define "head"}}<title>Log in — {{.SiteName}}</title>
	<meta name="description" content="Log in to {{.SiteName}}.">
	<meta itemprop="description" content="Log in to {{.SiteName}}.">
	<style>input{margin-bottom:0.5em;}</style>
	<style type="text/css">
	h2 {
	font-weight: normal;
	}
	#pricing.content-container div.form-container #payment-form {
	display: block !important;
	}
	#pricing #signup-form table {
	max-width: inherit !important;
	width: 100%;
	}
	#pricing #payment-form table {
	margin-top: 0 !important;
	max-width: inherit !important;
	width: 100%;
	}
	tr.subscription {
	border-spacing: 0;
	}
	#pricing.content-container tr.subscription button {
	margin-top: 0 !important;
	margin-bottom: 0 !important;
	width: 100%;
	}
	#pricing tr.subscription td {
	padding: 0 0.5em;
	}
	#pricing table.billing > tbody > tr > td:first-child {
	vertical-align: middle !important;
	}
	.billing-section {
	display: none;
	}
	.billing-section.bill-me {
	display: table-row;
	}
	#btn-create {
	color: white !important;
	}
	#total-price {
	padding-left: 0.5em;
	}
	#alias-site.demo {
	color: #999;
	}
	#alias-site {
	text-align: left;
	margin: 0.5em 0;
	}
	form dd {
	margin: 0;
	}
	</style>
	{{end}}
	{{define "content"}}
	<div id="pricing" class="tight content-container">
	<h1>Log in to {{.SiteName}}</h1>

	{{if .Flashes}}<ul class="errors">
	{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
	</ul>{{end}}

	<div id="billing">
	<form action="/oauth/signup" method="post" style="text-align: center;margin-top:1em;" onsubmit="return disableSubmit()">
	<input type="hidden" name="access_token" value="{{ .AccessToken }}" />
	<input type="hidden" name="token_username" value="{{ .TokenUsername }}" />
	<input type="hidden" name="token_alias" value="{{ .TokenAlias }}" />
	<input type="hidden" name="token_email" value="{{ .TokenEmail }}" />
	<input type="hidden" name="token_remote_user" value="{{ .TokenRemoteUser }}" />
	<input type="hidden" name="provider" value="{{ .Provider }}" />
	<input type="hidden" name="client_id" value="{{ .ClientID }}" />
	<input type="hidden" name="signature" value="{{ .TokenHash }}" />
	{{if .InviteCode}}<input type="hidden" name="invite_code" value="{{ .InviteCode }}" />{{end}}

	<dl class="billing">
	<label>
	<dt>Display Name</dt>
	<dd>
	<input type="text" style="width: 100%; box-sizing: border-box;" name="alias" placeholder="Name"{{ if .Alias }} value="{{.Alias}}"{{ end }} />
	</dd>
	</label>
	<label>
	<dt>Username</dt>
	<dd>
	<input type="text" id="username" name="username" style="width: 100%; box-sizing: border-box;" placeholder="Username" value="{{.LoginUsername}}" /><br />
	{{if .Federation}}<p id="alias-site" class="demo">@<strong>your-username</strong>@{{.FriendlyHost}}</p>{{else}}<p id="alias-site" class="demo">{{.FriendlyHost}}/<strong>your-username</strong></p>{{end}}
	</dd>
	</label>
	<label>
	<dt>Email</dt>
	<dd>
	<input type="text" name="email" style="width: 100%; box-sizing: border-box;" placeholder="Email"{{ if .Email }} value="{{.Email}}"{{ end }} />
	</dd>
	</label>
	<dt>
	<input type="submit" id="btn-login" value="Login" />
	</dt>
	</dl>
	</form>
	</div>

	<script type="text/javascript" src="/js/h.js"></script>
	<script type="text/javascript">
	// Copied from signup.tmpl
	// NOTE: this element is named "alias" on signup.tmpl and "username" here
	var $alias = H.getEl('username');

	function disableSubmit() {
	// Validate input
	if (!aliasOK) {
	var $a = $alias;
	$a.el.className = 'error';
	$a.el.focus();
	$a.el.scrollIntoView();
	return false;
	}

	var $btn = document.getElementById("btn-login");
	$btn.value = "Logging in...";
	$btn.disabled = true;
	return true;
	}

	// Copied from signup.tmpl
	var $aliasSite = document.getElementById('alias-site');
	var aliasOK = true;
	var typingTimer;
	var doneTypingInterval = 750;
	-var doneTyping = function() {
	+var doneTyping = function(genID) {
	// Check on username
	var alias = $alias.el.value;
	if (alias != "") {
	var params = {
	username: alias
	};
	var http = new XMLHttpRequest();
	http.open("POST", '/api/alias', true);

	// Send the proper header information along with the request
	http.setRequestHeader("Content-type", "application/json");

	http.onreadystatechange = function() {
	if (http.readyState == 4) {
	data = JSON.parse(http.responseText);
	if (http.status == 200) {
	aliasOK = true;
	$alias.removeClass('error');
	$aliasSite.className = $aliasSite.className.replace(/(?:^\|\s)demo(?!\S)/g, '');
	$aliasSite.className = $aliasSite.className.replace(/(?:^\|\s)error(?!\S)/g, '');
	$aliasSite.innerHTML = '{{ if .Federation }}@<strong>' + data.data + '</strong>@{{.FriendlyHost}}{{ else }}{{.FriendlyHost}}/<strong>' + data.data + '</strong>/{{ end }}';
	} else {
	+ if (genID === true) {
	+ $alias.el.value = alias + "-" + randStr(4);
	+ doneTyping();
	+ return;
	+ }
	aliasOK = false;
	$alias.setClass('error');
	$aliasSite.className = 'error';
	$aliasSite.textContent = data.error_msg;
	}
	}
	}
	http.send(JSON.stringify(params));
	} else {
	$aliasSite.className += ' demo';
	$aliasSite.innerHTML = '{{ if .Federation }}@<strong>your-username</strong>@{{.FriendlyHost}}{{ else }}{{.FriendlyHost}}/<strong>your-username</strong>/{{ end }}';
	}
	};
	$alias.on('keyup input', function() {
	clearTimeout(typingTimer);
	typingTimer = setTimeout(doneTyping, doneTypingInterval);
	});
	-doneTyping();
	+function randStr(len) {
	+ var res = '';
	+ var chars = '23456789bcdfghjklmnpqrstvwxyz';
	+ for (var i=0; i<len; i++) {
	+ res += chars.charAt(Math.floor(Math.random() * chars.length));
	+ }
	+ return res;
	+}
	+doneTyping(true);
	</script>
	{{end}}

File Metadata

Mime Type: text/x-diff
Expires: Sun, Nov 24, 10:51 PM (1 d, 2 h)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 3106443

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions