OAuth consumer: tests fix, comments, Keycloak config notes.
This commit is contained in:
parent
e4babb1c9f
commit
3eefb274f4
@ -17,6 +17,8 @@ config :pleroma, Pleroma.Captcha,
|
|||||||
# Print only warnings and errors during test
|
# Print only warnings and errors during test
|
||||||
config :logger, level: :warn
|
config :logger, level: :warn
|
||||||
|
|
||||||
|
config :pleroma, :auth, oauth_consumer_strategies: []
|
||||||
|
|
||||||
config :pleroma, Pleroma.Upload, filters: [], link_name: false
|
config :pleroma, Pleroma.Upload, filters: [], link_name: false
|
||||||
|
|
||||||
config :pleroma, Pleroma.Uploaders.Local, uploads: "test/uploads"
|
config :pleroma, Pleroma.Uploaders.Local, uploads: "test/uploads"
|
||||||
|
@ -514,7 +514,7 @@ Authentication / authorization settings.
|
|||||||
|
|
||||||
* `auth_template`: authentication form template. By default it's `show.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/show.html.eex`.
|
* `auth_template`: authentication form template. By default it's `show.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/show.html.eex`.
|
||||||
* `oauth_consumer_template`: OAuth consumer mode authentication form template. By default it's `consumer.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/consumer.html.eex`.
|
* `oauth_consumer_template`: OAuth consumer mode authentication form template. By default it's `consumer.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/consumer.html.eex`.
|
||||||
* `oauth_consumer_strategies`: the list of enabled OAuth consumer strategies; by default it's set by OAUTH_CONSUMER_STRATEGIES environment variable. Each entry in this space-delimited string should be of format `<strategy>` or `<strategy>:<dependency>` (e.g. `twitter` or `keycloak:ueberauth_keycloak_strategy` in case dependency is named differently than `ueberauth_<strategy>`).
|
* `oauth_consumer_strategies`: the list of enabled OAuth consumer strategies; by default it's set by `OAUTH_CONSUMER_STRATEGIES` environment variable. Each entry in this space-delimited string should be of format `<strategy>` or `<strategy>:<dependency>` (e.g. `twitter` or `keycloak:ueberauth_keycloak_strategy` in case dependency is named differently than `ueberauth_<strategy>`).
|
||||||
|
|
||||||
## OAuth consumer mode
|
## OAuth consumer mode
|
||||||
|
|
||||||
@ -567,6 +567,24 @@ config :ueberauth, Ueberauth,
|
|||||||
providers: [
|
providers: [
|
||||||
microsoft: {Ueberauth.Strategy.Microsoft, [callback_params: []]}
|
microsoft: {Ueberauth.Strategy.Microsoft, [callback_params: []]}
|
||||||
]
|
]
|
||||||
|
|
||||||
|
# Keycloak
|
||||||
|
# Note: make sure to add `keycloak:ueberauth_keycloak_strategy` entry to `OAUTH_CONSUMER_STRATEGIES` environment variable
|
||||||
|
keycloak_url = "https://publicly-reachable-keycloak-instance.org:8080"
|
||||||
|
|
||||||
|
config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
|
||||||
|
client_id: System.get_env("KEYCLOAK_CLIENT_ID"),
|
||||||
|
client_secret: System.get_env("KEYCLOAK_CLIENT_SECRET"),
|
||||||
|
site: keycloak_url,
|
||||||
|
authorize_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/auth",
|
||||||
|
token_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/token",
|
||||||
|
userinfo_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/userinfo",
|
||||||
|
token_method: :post
|
||||||
|
|
||||||
|
config :ueberauth, Ueberauth,
|
||||||
|
providers: [
|
||||||
|
keycloak: {Ueberauth.Strategy.Keycloak, [uid_field: :email]}
|
||||||
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
## OAuth 2.0 provider - :oauth2
|
## OAuth 2.0 provider - :oauth2
|
||||||
|
@ -24,6 +24,14 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Gets or creates Pleroma.Registration record from Ueberauth assigns.
|
||||||
|
Note: some strategies (like `keycloak`) might need extra configuration to fill `uid` from callback response —
|
||||||
|
see [`docs/config.md`](docs/config.md).
|
||||||
|
"""
|
||||||
|
def get_registration(%Plug.Conn{assigns: %{ueberauth_auth: %{uid: nil}}}),
|
||||||
|
do: {:error, :missing_uid}
|
||||||
|
|
||||||
def get_registration(%Plug.Conn{
|
def get_registration(%Plug.Conn{
|
||||||
assigns: %{ueberauth_auth: %{provider: provider, uid: uid} = auth}
|
assigns: %{ueberauth_auth: %{provider: provider, uid: uid} = auth}
|
||||||
}) do
|
}) do
|
||||||
@ -51,9 +59,10 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do
|
|||||||
|
|
||||||
def get_registration(%Plug.Conn{} = _conn), do: {:error, :missing_credentials}
|
def get_registration(%Plug.Conn{} = _conn), do: {:error, :missing_credentials}
|
||||||
|
|
||||||
|
@doc "Creates Pleroma.User record basing on params and Pleroma.Registration record."
|
||||||
def create_from_registration(
|
def create_from_registration(
|
||||||
%Plug.Conn{params: %{"authorization" => registration_attrs}},
|
%Plug.Conn{params: %{"authorization" => registration_attrs}},
|
||||||
registration
|
%Registration{} = registration
|
||||||
) do
|
) do
|
||||||
nickname = value([registration_attrs["nickname"], Registration.nickname(registration)])
|
nickname = value([registration_attrs["nickname"], Registration.nickname(registration)])
|
||||||
email = value([registration_attrs["email"], Registration.email(registration)])
|
email = value([registration_attrs["email"], Registration.email(registration)])
|
||||||
|
@ -17,6 +17,8 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
|||||||
alias Pleroma.Web.OAuth.Token.Strategy.Revoke, as: RevokeToken
|
alias Pleroma.Web.OAuth.Token.Strategy.Revoke, as: RevokeToken
|
||||||
alias Pleroma.Web.OAuth.Scopes
|
alias Pleroma.Web.OAuth.Scopes
|
||||||
|
|
||||||
|
require Logger
|
||||||
|
|
||||||
if Pleroma.Config.oauth_consumer_enabled?(), do: plug(Ueberauth)
|
if Pleroma.Config.oauth_consumer_enabled?(), do: plug(Ueberauth)
|
||||||
|
|
||||||
plug(:fetch_session)
|
plug(:fetch_session)
|
||||||
@ -318,7 +320,9 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
|||||||
|> registration_details(%{"authorization" => registration_params})
|
|> registration_details(%{"authorization" => registration_params})
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
_ ->
|
error ->
|
||||||
|
Logger.debug(inspect(["OAUTH_ERROR", error, conn.assigns]))
|
||||||
|
|
||||||
conn
|
conn
|
||||||
|> put_flash(:error, "Failed to set up user account.")
|
|> put_flash(:error, "Failed to set up user account.")
|
||||||
|> redirect(external: redirect_uri(conn, params["redirect_uri"]))
|
|> redirect(external: redirect_uri(conn, params["redirect_uri"]))
|
||||||
|
Loading…
Reference in New Issue
Block a user