aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAbhiseck Paira <abhiseckpaira@disroot.org>2022-01-13 20:07:42 +0530
committerAbhiseck Paira <abhiseckpaira@disroot.org>2022-01-13 20:07:42 +0530
commit9ca02d048fdb70c1edec189ddf87265dfb4c80b2 (patch)
treeb210d42390afb59f8feb412632594eab6aa829c5
parent03365c8fbaac2c71e6bbfed731ae88d551175c2c (diff)
re-implement user auth and token generation mechanism
Refactor `mastodon-auth--generate-token' to work with new user authentication and token generation mechanism. This enables mastodon.el to work with 2FA and also not to handle password directly. In this implementation mastodon-auth--generate-token gets authorization code from the user and sends post request to mastodon server. Ask for authorization code from the user using two helper functions: * mastodon-auth--ask-authorization-code: Explain to the user what the user needs to do to get the authorization code. Store this explanation message in variable `mastodon-auth--explanation'. * mastodon-auth--get-browser-login-url: Return a appropriate query string appended to url to the caller, which is needed by the user to access the authorization code.
-rw-r--r--lisp/mastodon-auth.el46
1 files changed, 36 insertions, 10 deletions
diff --git a/lisp/mastodon-auth.el b/lisp/mastodon-auth.el
index 74d4404..8a058f3 100644
--- a/lisp/mastodon-auth.el
+++ b/lisp/mastodon-auth.el
@@ -61,17 +61,32 @@ if you are happy with unencryped storage use e.g. \"~/authinfo\"."
(defvar mastodon-auth--acct-alist nil
"Alist of account accts (name@domain) keyed by instance url.")
-(defun mastodon-auth--generate-token ()
- "Make POST to generate auth token.
+(defun mastodon-auth--get-browser-login-url ()
+ "Return properly formed browser login url."
+ (mastodon-http-append-query-string
+ (concat mastodon-instance-url "/oauth/authorize/")
+ `(("response_type" "code")
+ ("redirect_uri" ,mastodon-client-redirect-uri)
+ ("scope" ,mastodon-client-scopes)
+ ("client_id" ,(plist-get (mastodon-client) :client_id)))))
+
+(defvar mastodon-auth--explanation
+ (format
+ (concat "A URL has been copied to your clipboard.\n"
+ "Open this URL in a javascript capable browser.\n"
+ "Login to your account (%s) and authorize \"mastodon.el\".\n"
+ "Paste Authorization Code here: ")
+ (mastodon-client-form-user-from-vars)))
+
+(defun mastodon-auth--ask-authorization-code ()
+ "Ask authorization code and return it."
+ (let ((url (mastodon-auth--get-browser-login-url))
+ authorization-code)
+ (kill-new url)
+ (setq authorization-code (read-string mastodon-auth--explanation))
+ authorization-code))
-If no auth-sources file, runs
-`mastodon-auth--generate-token-no-storing-credentials'. If
-auth-sources file exists, runs
-`mastodon-auth--generate-token-and-store'."
- (if (or (null mastodon-auth-source-file)
- (string= "" mastodon-auth-source-file))
- (mastodon-auth--generate-token-no-storing-credentials)
- (mastodon-auth--generate-token-and-store)))
+(defun mastodon-auth--generate-token ()
(defun mastodon-auth--generate-token-no-storing-credentials ()
"Make POST to generate auth token, without using auth-sources file."
@@ -115,6 +130,17 @@ Reads and/or stores secrets in `MASTODON-AUTH-SOURCE-FILE'."
:unauthenticated)
(when (functionp (plist-get credentials-plist :save-function))
(funcall (plist-get credentials-plist :save-function))))))
+ "Generate access_token for the user. Return response buffer."
+ (let ((authorization-code (mastodon-auth--ask-authorization-code)))
+ (mastodon-http--post
+ (concat mastodon-instance-url "/oauth/token")
+ `(("grant_type" . "authorization_code")
+ ("client_secret" . ,(plist-get (mastodon-client) :client_secret))
+ ("client_id" . ,(plist-get (mastodon-client) :client_id))
+ ("code" . ,authorization-code)
+ ("redirect_uri" . ,mastodon-client-redirect-uri))
+ nil
+ :unauthenticated)))
(defun mastodon-auth--get-token ()
"Make a request to generate an auth token and return JSON response."