feat: don't depend on an external service for urn:ietf:wg:oauth:2.0:oob (#9602)

Co-authored-by: GeopJr <evan@geopjr.dev>
Co-committed-by: GeopJr <evan@geopjr.dev>
This commit is contained in:
GeopJr 2023-02-11 20:08:12 +00:00 committed by Kainoa Kanter
parent 572f97771f
commit ccba7fc9db
3 changed files with 15 additions and 6 deletions

View file

@ -1294,6 +1294,7 @@ _auth:
pleaseGoBack: "Please go back to the application" pleaseGoBack: "Please go back to the application"
callback: "Returning to the application" callback: "Returning to the application"
denied: "Access denied" denied: "Access denied"
copyAsk: "Please paste the following authorization code to the application"
_antennaSources: _antennaSources:
all: "All posts" all: "All posts"
homeTimeline: "Posts from followed users" homeTimeline: "Posts from followed users"

View file

@ -58,10 +58,7 @@ export function apiAuthMastodon(router: Router): void {
} }
const scopeArr = Array.from(pushScope); const scopeArr = Array.from(pushScope);
let red = body.redirect_uris; const red = body.redirect_uris;
if (red === "urn:ietf:wg:oauth:2.0:oob") {
red = "https://thedesk.top/hello.html";
}
const appData = await client.registerApp(body.client_name, { const appData = await client.registerApp(body.client_name, {
scopes: scopeArr, scopes: scopeArr,
redirect_uris: red, redirect_uris: red,

View file

@ -16,7 +16,11 @@
</div> </div>
<div v-if="state == 'accepted'" class="accepted"> <div v-if="state == 'accepted'" class="accepted">
<h1>{{ session.app.isAuthorized ? i18n.t('already-authorized') : i18n.ts.allowed }}</h1> <h1>{{ session.app.isAuthorized ? i18n.t('already-authorized') : i18n.ts.allowed }}</h1>
<p v-if="session.app.callbackUrl">{{ i18n.ts._auth.callback }}<MkEllipsis/></p> <p v-if="session.app.callbackUrl && !auth_code">{{ i18n.ts._auth.callback }}<MkEllipsis/></p>
<MkKeyValue v-if="session.app.callbackUrl && auth_code" :copy="auth_code">
<template #key>{{ i18n.ts._auth.copyAsk }}</template>
<template #value>{{ auth_code }}</template>
</MkKeyValue>
<p v-if="!session.app.callbackUrl">{{ i18n.ts._auth.pleaseGoBack }}</p> <p v-if="!session.app.callbackUrl">{{ i18n.ts._auth.pleaseGoBack }}</p>
</div> </div>
<div v-if="state == 'fetch-session-error'" class="error"> <div v-if="state == 'fetch-session-error'" class="error">
@ -32,6 +36,7 @@
import { defineComponent } from 'vue'; import { defineComponent } from 'vue';
import XForm from './auth.form.vue'; import XForm from './auth.form.vue';
import MkSignin from '@/components/MkSignin.vue'; import MkSignin from '@/components/MkSignin.vue';
import MkKeyValue from '@/components/MkKeyValue.vue';
import * as os from '@/os'; import * as os from '@/os';
import { login } from '@/account'; import { login } from '@/account';
import { i18n } from '@/i18n'; import { i18n } from '@/i18n';
@ -40,6 +45,7 @@ export default defineComponent({
components: { components: {
XForm, XForm,
MkSignin, MkSignin,
MkKeyValue
}, },
props: ['token'], props: ['token'],
data() { data() {
@ -48,6 +54,7 @@ export default defineComponent({
session: null, session: null,
fetching: true, fetching: true,
i18n, i18n,
auth_code: null
}; };
}, },
mounted() { mounted() {
@ -82,7 +89,11 @@ export default defineComponent({
if (this.session.app.callbackUrl) { if (this.session.app.callbackUrl) {
const url = new URL(this.session.app.callbackUrl); const url = new URL(this.session.app.callbackUrl);
if (['javascript:', 'file:', 'data:', 'mailto:', 'tel:'].includes(url.protocol)) throw new Error('invalid url'); if (['javascript:', 'file:', 'data:', 'mailto:', 'tel:'].includes(url.protocol)) throw new Error('invalid url');
location.href = `${this.session.app.callbackUrl}?token=${this.session.token}&code=${this.session.token}&state=${getUrlParams().state || ''}`; if (this.session.app.callbackUrl === "urn:ietf:wg:oauth:2.0:oob") {
this.auth_code = this.session.token;
} else {
location.href = `${this.session.app.callbackUrl}?token=${this.session.token}&code=${this.session.token}&state=${getUrlParams().state || ''}`;
}
} }
}, onLogin(res) { }, onLogin(res) {
login(res.i); login(res.i);