remove Miauth authentication
When using the "log out" functionality of Miauth and logging back in again on forget, a new API token will be generated instead of using the old one.
This commit is contained in:
parent
77a2687d9e
commit
e7744a1964
|
@ -20,60 +20,46 @@ def get_or_create_app(instance_url, callback, website, session):
|
||||||
r.raise_for_status()
|
r.raise_for_status()
|
||||||
proto = 'http'
|
proto = 'http'
|
||||||
|
|
||||||
# check if miauth is available or we have to use legacy auth
|
# This is using the legacy authentication method, because the newer
|
||||||
miauth = r.json().get('miauth', False)
|
# Miauth method breaks the ability to log out and log back into forget.
|
||||||
|
|
||||||
app = MisskeyApp()
|
app = MisskeyApp()
|
||||||
app.instance = instance_url
|
app.instance = instance_url
|
||||||
app.protocol = proto
|
app.protocol = proto
|
||||||
app.miauth = miauth
|
|
||||||
|
|
||||||
if miauth:
|
# register the app
|
||||||
# apps do not have to be registered for miauth
|
r = session.post('{}://{}/api/app/create'.format(app.protocol, app.instance), json = {
|
||||||
app.client_secret = None
|
'name': 'forget',
|
||||||
else:
|
'description': website,
|
||||||
# register the app
|
'permission': ['read:favorites', 'write:notes'],
|
||||||
r = session.post('{}://{}/api/app/create'.format(app.protocol, app.instance), json = {
|
'callbackUrl': callback
|
||||||
'name': 'forget',
|
})
|
||||||
'description': website,
|
r.raise_for_status()
|
||||||
'permission': ['read:favorites', 'write:notes'],
|
app.client_secret = r.json()['secret']
|
||||||
'callbackUrl': callback
|
|
||||||
})
|
|
||||||
r.raise_for_status()
|
|
||||||
app.client_secret = r.json()['secret']
|
|
||||||
|
|
||||||
return app
|
return app
|
||||||
|
|
||||||
def login_url(app, callback, session):
|
def login_url(app, callback, session):
|
||||||
if app.miauth:
|
# will use the callback we gave the server in `get_or_create_app`
|
||||||
return "{}://{}/miauth/{}?name=forget&callback={}&permission=read:favorites,write:notes".format(app.protocol, app.instance, uuid4(), callback)
|
r = session.post('{}://{}/api/auth/session/generate'.format(app.protocol, app.instance), json = {
|
||||||
else:
|
'appSecret': app.client_secret
|
||||||
# will use the callback we gave the server in `get_or_create_app`
|
})
|
||||||
r = session.post('{}://{}/api/auth/session/generate'.format(app.protocol, app.instance), json = {
|
r.raise_for_status()
|
||||||
'appSecret': app.client_secret
|
# we already get the retrieval token here, but we get it again later so
|
||||||
})
|
# we do not have to store it
|
||||||
r.raise_for_status()
|
return r.json()['url']
|
||||||
# we already get the retrieval token here, but we get it again later so
|
|
||||||
# we do not have to store it
|
|
||||||
return r.json()['url']
|
|
||||||
|
|
||||||
def receive_token(token, app):
|
def receive_token(token, app):
|
||||||
session = make_session()
|
session = make_session()
|
||||||
|
|
||||||
if app.miauth:
|
r = session.post('{}://{}/api/auth/session/userkey'.format(app.protocol, app.instance), json = {
|
||||||
r = session.post('{}://{}/api/miauth/{}/check'.format(app.protocol, app.instance, token))
|
'appSecret': app.client_secret,
|
||||||
r.raise_for_status()
|
'token': token
|
||||||
|
})
|
||||||
token = r.json()['token']
|
r.raise_for_status()
|
||||||
else:
|
|
||||||
r = session.post('{}://{}/api/auth/session/userkey'.format(app.protocol, app.instance), json = {
|
token = sha256(r.json()['accessToken'].encode('utf-8') + app.client_secret.encode('utf-8')).hexdigest()
|
||||||
'appSecret': app.client_secret,
|
|
||||||
'token': token
|
|
||||||
})
|
|
||||||
r.raise_for_status()
|
|
||||||
|
|
||||||
token = sha256(r.json()['accessToken'].encode('utf-8') + app.client_secret.encode('utf-8')).hexdigest()
|
|
||||||
|
|
||||||
acc = account_from_user(r.json()['user'], app.instance)
|
acc = account_from_user(r.json()['user'], app.instance)
|
||||||
acc = db.session.merge(acc)
|
acc = db.session.merge(acc)
|
||||||
token = OAuthToken(token = token)
|
token = OAuthToken(token = token)
|
||||||
|
@ -192,7 +178,7 @@ def delete(post):
|
||||||
|
|
||||||
if r.status_code != 204:
|
if r.status_code != 204:
|
||||||
raise TemporaryError("{} {}".format(r.status_code, r.text))
|
raise TemporaryError("{} {}".format(r.status_code, r.text))
|
||||||
|
|
||||||
db.session.delete(post)
|
db.session.delete(post)
|
||||||
|
|
||||||
def suggested_instances(limit=5, min_popularity=5, blocklist=tuple()):
|
def suggested_instances(limit=5, min_popularity=5, blocklist=tuple()):
|
||||||
|
|
|
@ -36,8 +36,7 @@ def upgrade():
|
||||||
sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
|
sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
|
||||||
sa.Column('updated_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
|
sa.Column('updated_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
|
||||||
sa.Column('instance', sa.String(), nullable=False),
|
sa.Column('instance', sa.String(), nullable=False),
|
||||||
sa.Column('miauth', sa.Boolean(), nullable=False),
|
sa.Column('client_secret', sa.String(), nullable=False),
|
||||||
sa.Column('client_secret', sa.String(), nullable=True),
|
|
||||||
sa.Column('protocol', sa.Enum('http', 'https', name='enum_protocol_misskey'), nullable=False),
|
sa.Column('protocol', sa.Enum('http', 'https', name='enum_protocol_misskey'), nullable=False),
|
||||||
sa.PrimaryKeyConstraint('instance', name=op.f('pk_misskey_apps'))
|
sa.PrimaryKeyConstraint('instance', name=op.f('pk_misskey_apps'))
|
||||||
)
|
)
|
||||||
|
|
4
model.py
4
model.py
|
@ -400,9 +400,7 @@ class MisskeyApp(db.Model, TimestampMixin):
|
||||||
|
|
||||||
instance = db.Column(db.String, primary_key=True)
|
instance = db.Column(db.String, primary_key=True)
|
||||||
protocol = db.Column(db.String, nullable=False)
|
protocol = db.Column(db.String, nullable=False)
|
||||||
miauth = db.Column(db.Boolean, nullable=False)
|
client_secret = db.Column(db.String, nullable=False)
|
||||||
# only legacy auth uses client_secret
|
|
||||||
client_secret = db.Column(db.String, nullable=True)
|
|
||||||
|
|
||||||
class MisskeyInstance(db.Model):
|
class MisskeyInstance(db.Model):
|
||||||
"""
|
"""
|
||||||
|
|
Loading…
Reference in New Issue