diff options
author | Abhiseck Paira <abhiseckpaira@disroot.org> | 2022-01-13 20:07:42 +0530 |
---|---|---|
committer | Abhiseck Paira <abhiseckpaira@disroot.org> | 2022-01-13 20:07:42 +0530 |
commit | 9ca02d048fdb70c1edec189ddf87265dfb4c80b2 (patch) | |
tree | b210d42390afb59f8feb412632594eab6aa829c5 /lisp | |
parent | 03365c8fbaac2c71e6bbfed731ae88d551175c2c (diff) |
re-implement user auth and token generation mechanism
Refactor `mastodon-auth--generate-token' to work with new user
authentication and token generation mechanism. This enables mastodon.el
to work with 2FA and also not to handle password directly.
In this implementation mastodon-auth--generate-token gets authorization
code from the user and sends post request to mastodon server. Ask for
authorization code from the user using two helper functions:
* mastodon-auth--ask-authorization-code: Explain to the user what the
user needs to do to get the authorization code. Store this explanation
message in variable `mastodon-auth--explanation'.
* mastodon-auth--get-browser-login-url: Return a appropriate query
string appended to url to the caller, which is needed by the user to
access the authorization code.
Diffstat (limited to 'lisp')
-rw-r--r-- | lisp/mastodon-auth.el | 46 |
1 files changed, 36 insertions, 10 deletions
diff --git a/lisp/mastodon-auth.el b/lisp/mastodon-auth.el index 74d4404..8a058f3 100644 --- a/lisp/mastodon-auth.el +++ b/lisp/mastodon-auth.el @@ -61,17 +61,32 @@ if you are happy with unencryped storage use e.g. \"~/authinfo\"." (defvar mastodon-auth--acct-alist nil "Alist of account accts (name@domain) keyed by instance url.") -(defun mastodon-auth--generate-token () - "Make POST to generate auth token. +(defun mastodon-auth--get-browser-login-url () + "Return properly formed browser login url." + (mastodon-http-append-query-string + (concat mastodon-instance-url "/oauth/authorize/") + `(("response_type" "code") + ("redirect_uri" ,mastodon-client-redirect-uri) + ("scope" ,mastodon-client-scopes) + ("client_id" ,(plist-get (mastodon-client) :client_id))))) + +(defvar mastodon-auth--explanation + (format + (concat "A URL has been copied to your clipboard.\n" + "Open this URL in a javascript capable browser.\n" + "Login to your account (%s) and authorize \"mastodon.el\".\n" + "Paste Authorization Code here: ") + (mastodon-client-form-user-from-vars))) + +(defun mastodon-auth--ask-authorization-code () + "Ask authorization code and return it." + (let ((url (mastodon-auth--get-browser-login-url)) + authorization-code) + (kill-new url) + (setq authorization-code (read-string mastodon-auth--explanation)) + authorization-code)) -If no auth-sources file, runs -`mastodon-auth--generate-token-no-storing-credentials'. If -auth-sources file exists, runs -`mastodon-auth--generate-token-and-store'." - (if (or (null mastodon-auth-source-file) - (string= "" mastodon-auth-source-file)) - (mastodon-auth--generate-token-no-storing-credentials) - (mastodon-auth--generate-token-and-store))) +(defun mastodon-auth--generate-token () (defun mastodon-auth--generate-token-no-storing-credentials () "Make POST to generate auth token, without using auth-sources file." @@ -115,6 +130,17 @@ Reads and/or stores secrets in `MASTODON-AUTH-SOURCE-FILE'." :unauthenticated) (when (functionp (plist-get credentials-plist :save-function)) (funcall (plist-get credentials-plist :save-function)))))) + "Generate access_token for the user. Return response buffer." + (let ((authorization-code (mastodon-auth--ask-authorization-code))) + (mastodon-http--post + (concat mastodon-instance-url "/oauth/token") + `(("grant_type" . "authorization_code") + ("client_secret" . ,(plist-get (mastodon-client) :client_secret)) + ("client_id" . ,(plist-get (mastodon-client) :client_id)) + ("code" . ,authorization-code) + ("redirect_uri" . ,mastodon-client-redirect-uri)) + nil + :unauthenticated))) (defun mastodon-auth--get-token () "Make a request to generate an auth token and return JSON response." |