remove Miauth authentication

When using the "log out" functionality of Miauth and logging back
in again on forget, a new API token will be generated instead of
using the old one.
This commit is contained in:
Johann150 2021-11-16 19:03:01 +01:00
parent 77a2687d9e
commit e7744a1964
No known key found for this signature in database
GPG Key ID: 9EE6577A2A06F8F1
3 changed files with 30 additions and 47 deletions

View File

@ -20,59 +20,45 @@ def get_or_create_app(instance_url, callback, website, session):
r.raise_for_status()
proto = 'http'
# check if miauth is available or we have to use legacy auth
miauth = r.json().get('miauth', False)
# This is using the legacy authentication method, because the newer
# Miauth method breaks the ability to log out and log back into forget.
app = MisskeyApp()
app.instance = instance_url
app.protocol = proto
app.miauth = miauth
if miauth:
# apps do not have to be registered for miauth
app.client_secret = None
else:
# register the app
r = session.post('{}://{}/api/app/create'.format(app.protocol, app.instance), json = {
'name': 'forget',
'description': website,
'permission': ['read:favorites', 'write:notes'],
'callbackUrl': callback
})
r.raise_for_status()
app.client_secret = r.json()['secret']
# register the app
r = session.post('{}://{}/api/app/create'.format(app.protocol, app.instance), json = {
'name': 'forget',
'description': website,
'permission': ['read:favorites', 'write:notes'],
'callbackUrl': callback
})
r.raise_for_status()
app.client_secret = r.json()['secret']
return app
def login_url(app, callback, session):
if app.miauth:
return "{}://{}/miauth/{}?name=forget&callback={}&permission=read:favorites,write:notes".format(app.protocol, app.instance, uuid4(), callback)
else:
# will use the callback we gave the server in `get_or_create_app`
r = session.post('{}://{}/api/auth/session/generate'.format(app.protocol, app.instance), json = {
'appSecret': app.client_secret
})
r.raise_for_status()
# we already get the retrieval token here, but we get it again later so
# we do not have to store it
return r.json()['url']
# will use the callback we gave the server in `get_or_create_app`
r = session.post('{}://{}/api/auth/session/generate'.format(app.protocol, app.instance), json = {
'appSecret': app.client_secret
})
r.raise_for_status()
# we already get the retrieval token here, but we get it again later so
# we do not have to store it
return r.json()['url']
def receive_token(token, app):
session = make_session()
if app.miauth:
r = session.post('{}://{}/api/miauth/{}/check'.format(app.protocol, app.instance, token))
r.raise_for_status()
r = session.post('{}://{}/api/auth/session/userkey'.format(app.protocol, app.instance), json = {
'appSecret': app.client_secret,
'token': token
})
r.raise_for_status()
token = r.json()['token']
else:
r = session.post('{}://{}/api/auth/session/userkey'.format(app.protocol, app.instance), json = {
'appSecret': app.client_secret,
'token': token
})
r.raise_for_status()
token = sha256(r.json()['accessToken'].encode('utf-8') + app.client_secret.encode('utf-8')).hexdigest()
token = sha256(r.json()['accessToken'].encode('utf-8') + app.client_secret.encode('utf-8')).hexdigest()
acc = account_from_user(r.json()['user'], app.instance)
acc = db.session.merge(acc)

View File

@ -36,8 +36,7 @@ def upgrade():
sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
sa.Column('updated_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
sa.Column('instance', sa.String(), nullable=False),
sa.Column('miauth', sa.Boolean(), nullable=False),
sa.Column('client_secret', sa.String(), nullable=True),
sa.Column('client_secret', sa.String(), nullable=False),
sa.Column('protocol', sa.Enum('http', 'https', name='enum_protocol_misskey'), nullable=False),
sa.PrimaryKeyConstraint('instance', name=op.f('pk_misskey_apps'))
)

View File

@ -400,9 +400,7 @@ class MisskeyApp(db.Model, TimestampMixin):
instance = db.Column(db.String, primary_key=True)
protocol = db.Column(db.String, nullable=False)
miauth = db.Column(db.Boolean, nullable=False)
# only legacy auth uses client_secret
client_secret = db.Column(db.String, nullable=True)
client_secret = db.Column(db.String, nullable=False)
class MisskeyInstance(db.Model):
"""