sam/Foxchat.NET
sam/Foxchat.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

refactor(identity): change receiver of OauthUtils.ExpandScopes()

Browse source
This commit is contained in:
sam 2024-05-22 17:19:45 +02:00
parent 00a54f4f8b
commit 8bd118ea67
Signed by: sam
GPG key ID: B4EF20DDE721CAA1
4 changed files with 13 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Foxchat.Identity/Controllers/Oauth/PasswordAuthController.cs
View file

@ -25,7 +25,7 @@ public class PasswordAuthController(ILogger logger, IdentityContext db, IClock c
var appToken =
HttpContext.GetToken() ??
throw new UnreachableException(); // GetApplicationOrThrow already gets the token and throws if it's null
var appScopes = appToken.ExpandScopes();
var appScopes = appToken.Scopes.ExpandScopes();
if (req.Scopes.Except(appScopes).Any())
throw new ApiError.Forbidden("Cannot request token scopes that are not allowed for this token",
@ -54,7 +54,7 @@ public class PasswordAuthController(ILogger logger, IdentityContext db, IClock c
{
var app = HttpContext.GetApplicationOrThrow();
var appToken = HttpContext.GetToken() ?? throw new UnreachableException();
var appScopes = appToken.ExpandScopes();
var appScopes = appToken.Scopes.ExpandScopes();
if (req.Scopes.Except(appScopes).Any())
throw new ApiError.Forbidden("Cannot request token scopes that are not allowed for this token",

6
Foxchat.Identity/Controllers/Oauth/TokenController.cs
View file

@ -15,7 +15,7 @@ public class TokenController(ILogger logger, IdentityContext db, IClock clock) :
public async Task<IActionResult> PostToken([FromBody] PostTokenRequest req)
{
var app = await db.GetApplicationAsync(req.ClientId, req.ClientSecret);
var appScopes = app.ExpandScopes();
var appScopes = app.Scopes.ExpandScopes();
var scopes = req.Scope.Split(' ');
if (scopes.Except(appScopes).Any())
@ -25,9 +25,9 @@ public class TokenController(ILogger logger, IdentityContext db, IClock clock) :
switch (req.GrantType)
{
case "client_credentials":
case OauthUtils.ClientCredentials:
return await HandleClientCredentialsAsync(app, scopes);
case "authorization_code":
case OauthUtils.AuthorizationCode:
// TODO
break;
default:

4
Foxchat.Identity/Middleware/ClientAuthorizationMiddleware.cs
View file

@ -24,8 +24,8 @@ public class ClientAuthorizationMiddleware(
var token = ctx.GetToken();
if (token == null || token.Expires < clock.GetCurrentInstant())
throw new ApiError.Unauthorized("This endpoint requires an authenticated user.");
if (attribute.Scopes.Length > 0 && attribute.Scopes.Except(token.ExpandScopes()).Any())
throw new ApiError.Forbidden("This endpoint requires ungranted scopes.", attribute.Scopes.Except(token.ExpandScopes()));
if (attribute.Scopes.Length > 0 && attribute.Scopes.Except(token.Scopes.ExpandScopes()).Any())
throw new ApiError.Forbidden("This endpoint requires ungranted scopes.", attribute.Scopes.Except(token.Scopes.ExpandScopes()));
await next(ctx);
}

13
Foxchat.Identity/Utils/OauthUtils.cs
View file

@ -6,7 +6,10 @@ namespace Foxchat.Identity.Utils;
public static class OauthUtils
{
public static readonly string[] Scopes = ["identify", "chat_client"];
public const string ClientCredentials = "client_credentials";
public const string AuthorizationCode = "authorization_code";
public static readonly string[] Scopes = ["identify", "email", "guilds", "chat_client"];
private static readonly string[] ForbiddenSchemes = ["javascript", "file", "data", "mailto", "tel"];
private const string OobUri = "urn:ietf:wg:oauth:2.0:oob";
@ -25,11 +28,7 @@ public static class OauthUtils
}
}
public static string[] ExpandScopes(this Token token) => token.Scopes.Contains("chat_client")
public static string[] ExpandScopes(this string[] scopes) => scopes.Contains("chat_client")
? Scopes
: token.Scopes;
public static string[] ExpandScopes(this Application app) => app.Scopes.Contains("chat_client")
? Scopes
: app.Scopes;
: scopes;
}