From 5fa03dd551464c9fef385b1df73b947d28f2a560 Mon Sep 17 00:00:00 2001 From: flashwave Date: Tue, 30 Jul 2024 13:08:22 +0000 Subject: [PATCH] Removed mentions of "device" from the UI and URLs. While the intention of the extension specification to OAuth2 for device codes is indeed intended for handling authorisation on devices where the user cannot use any input method on the device, it's also very useful for when we want to authorise older devices where there are other difficulties, such as outdated or intentionally omitted root certificates making it only possible to use plain HTTP, or just other sorts of applications where having to make a web UI just for receiving the authorisation code to complete the token request would be a bother, for me such a case would be bots like Satori. It essentially just replaces three-legged authorisation from OAuth 1.0a but without the needlessly complex annoying aspects of OAuth 1.0a. Beyond that I'm also just sick of entering my ridiculously long, randomly generated password letter by letter on the inaccurate touch screen of the Nintendo 3DS. --- assets/oauth2.js/main.js | 6 ++-- assets/oauth2.js/{device => }/verify.js | 44 +++++++++++++++-------- hanyuu.cfg.example | 4 +-- src/OAuth2/OAuth2Routes.php | 20 +++++------ templates/oauth2/{device => }/verify.twig | 8 ++--- 5 files changed, 48 insertions(+), 34 deletions(-) rename assets/oauth2.js/{device => }/verify.js (74%) rename templates/oauth2/{device => }/verify.twig (83%) diff --git a/assets/oauth2.js/main.js b/assets/oauth2.js/main.js index 457b19c..182ba17 100644 --- a/assets/oauth2.js/main.js +++ b/assets/oauth2.js/main.js @@ -1,4 +1,4 @@ -#include device/verify.js +#include verify.js (() => { const authoriseButtons = document.querySelectorAll('.js-authorise-action'); @@ -32,6 +32,6 @@ }; } - if(location.pathname === '/oauth2/device/verify') - HanyuuOAuth2DeviceVerify(); + if(location.pathname === '/oauth2/verify') + HanyuuOAuth2Verify(); })(); diff --git a/assets/oauth2.js/device/verify.js b/assets/oauth2.js/verify.js similarity index 74% rename from assets/oauth2.js/device/verify.js rename to assets/oauth2.js/verify.js index eb29ac1..32bd210 100644 --- a/assets/oauth2.js/device/verify.js +++ b/assets/oauth2.js/verify.js @@ -4,7 +4,7 @@ #include header/header.js #include header/user.jsx -const HanyuuOAuth2DeviceVerify = () => { +const HanyuuOAuth2Verify = () => { const queryParams = new URLSearchParams(window.location.search); const loading = new HanyuuOAuth2Loading('.js-loading'); const header = new HanyuuOAuth2Header; @@ -18,27 +18,34 @@ const HanyuuOAuth2DeviceVerify = () => { let userCode = ''; let userHeader; - const verifyDeviceRequest = async approve => { - return await $x.post('/oauth2/device/verify', { type: 'json' }, { + const verifyAuthsRequest = async approve => { + return await $x.post('/oauth2/verify', { type: 'json' }, { _csrfp: HanyuuCSRFP.getToken(), code: userCode, approve: approve === true ? 'yes' : 'no', }); }; - const handleVerifyDeviceResponse = result => { + const handleVerifyAuthsResponse = result => { const response = result.body(); - if(!response || typeof response.error === 'string') { + if(!response) { + alert('Request to verify endpoint failed. Please try again.'); + loading.visible = false; + fAuths.classList.remove('hidden'); + return; + } + + if(typeof response.error === 'string') { // TODO: nicer errors if(response.error === 'auth') alert('You are not logged in.'); else if(response.error === 'csrf') alert('Request verification failed, please refresh and try again.'); else if(response.error === 'code') - alert('This code is not associated with any device authorisation request.'); + alert('This code is not associated with any authorisation request.'); else if(response.error === 'approval') - alert('The device authorisation request associated with this code is not pending approval.'); + alert('The authorisation request associated with this code is not pending approval.'); else if(response.error === 'invalid') alert('Invalid approval state specified.'); else @@ -65,8 +72,8 @@ const HanyuuOAuth2DeviceVerify = () => { if(userHeader) userHeader.guiseVisible = false; - verifyDeviceRequest(ev.submitter.value === 'yes') - .then(handleVerifyDeviceResponse); + verifyAuthsRequest(ev.submitter.value === 'yes') + .then(handleVerifyAuthsResponse); }; const fCode = document.querySelector('.js-verify-code'); @@ -78,20 +85,27 @@ const HanyuuOAuth2DeviceVerify = () => { loading.visible = true; fCode.classList.add('hidden'); - $x.get(`/oauth2/device/resolve?csrfp=${encodeURIComponent(HanyuuCSRFP.getToken())}&code=${encodeURIComponent(eUserCode.value)}`, { type: 'json' }) + $x.get(`/oauth2/resolve-request?csrfp=${encodeURIComponent(HanyuuCSRFP.getToken())}&code=${encodeURIComponent(eUserCode.value)}`, { type: 'json' }) .then(result => { const response = result.body(); - if(!response || typeof response.error === 'string') { + if(!response) { + alert('Request to resolve endpoint failed. Please try again.'); + loading.visible = false; + fCode.classList.remove('hidden'); + return; + } + + if(typeof response.error === 'string') { // TODO: nicer errors if(response.error === 'auth') alert('You are not logged in.'); else if(response.error === 'csrf') alert('Request verification failed, please refresh and try again.'); else if(response.error === 'code') - alert('This code is not associated with any device authorisation request.'); + alert('This code is not associated with any authorisation request.'); else if(response.error === 'approval') - alert('The device authorisation request associated with this code is not pending approval.'); + alert('The authorisation request associated with this code is not pending approval.'); else alert(`An unknown error occurred: ${response.error}`); @@ -100,7 +114,7 @@ const HanyuuOAuth2DeviceVerify = () => { return; } - userCode = response.device.code; + userCode = response.req.code; userHeader = new HanyuuOAuth2UserHeader(response.user); header.setElement(userHeader); @@ -109,7 +123,7 @@ const HanyuuOAuth2DeviceVerify = () => { if(userHeader) userHeader.guiseVisible = false; - verifyDeviceRequest(true).then(handleVerifyDeviceResponse); + verifyAuthsRequest(true).then(handleVerifyAuthsResponse); return; } diff --git a/hanyuu.cfg.example b/hanyuu.cfg.example index 6730e75..09a87e2 100644 --- a/hanyuu.cfg.example +++ b/hanyuu.cfg.example @@ -7,7 +7,7 @@ site:name Hanyuu misuzu:endpoint http://msz.local misuzu:secret beans -oauth2:device:verification_uri https://hau.local/oauth2/device -oauth2:device:verification_uri_complete https://hau.local/oauth2/device?code=%s +oauth2:device:verification_uri https://hau.local/oauth2/verify +oauth2:device:verification_uri_complete https://hau.local/oauth2/verify?code=%s csrfp:secret change this please diff --git a/src/OAuth2/OAuth2Routes.php b/src/OAuth2/OAuth2Routes.php index 1a8cf46..2c723f1 100644 --- a/src/OAuth2/OAuth2Routes.php +++ b/src/OAuth2/OAuth2Routes.php @@ -378,8 +378,8 @@ final class OAuth2Routes extends RouteHandler { ]; } - #[HttpGet('/oauth2/device/verify')] - public function getDeviceVerify($response, $request) { + #[HttpGet('/oauth2/verify')] + public function getVerify($response, $request) { $authInfo = ($this->getAuthInfo)(); if(!isset($authInfo->user)) return $this->templating->render('oauth2/login', [ @@ -388,13 +388,13 @@ final class OAuth2Routes extends RouteHandler { $csrfp = new CSRFP(($this->getCSRFPSecret)(), $authInfo->session->token); - return $this->templating->render('oauth2/device/verify', [ + return $this->templating->render('oauth2/verify', [ 'csrfp_token' => $csrfp->createToken(), ]); } - #[HttpPost('/oauth2/device/verify')] - public function postDeviceVerify($response, $request) { + #[HttpPost('/oauth2/verify')] + public function postVerify($response, $request) { if(!$request->isFormContent()) return 400; @@ -432,8 +432,8 @@ final class OAuth2Routes extends RouteHandler { ]; } - #[HttpGet('/oauth2/device/resolve')] - public function getDeviceResolve($response, $request) { + #[HttpGet('/oauth2/resolve-request')] + public function getResolveRequest($response, $request) { // TODO: RATE LIMITING $authInfo = ($this->getAuthInfo)(); @@ -462,7 +462,7 @@ final class OAuth2Routes extends RouteHandler { } $result = [ - 'device' => [ + 'req' => [ 'code' => $deviceInfo->getUserCode(), ], 'app' => [ @@ -493,8 +493,8 @@ final class OAuth2Routes extends RouteHandler { return $result; } - #[HttpPost('/oauth2/device/authorise')] - public function postDeviceAuthorise($response, $request) { + #[HttpPost('/oauth2/request-authorise')] + public function postRequestAuthorise($response, $request) { $response->setHeader('Cache-Control', 'no-store'); if(!$request->isFormContent()) { diff --git a/templates/oauth2/device/verify.twig b/templates/oauth2/verify.twig similarity index 83% rename from templates/oauth2/device/verify.twig rename to templates/oauth2/verify.twig index e4f3f87..fe5bbb1 100644 --- a/templates/oauth2/device/verify.twig +++ b/templates/oauth2/verify.twig @@ -1,8 +1,8 @@ {% extends 'oauth2/master.twig' %} {% set body_header_class = 'devicehead' %} -{% set body_header_text = 'Device authorisation' %} -{% set body_title = 'Device Authorisation Request' %} +{% set body_header_text = 'Code authorisation' %} +{% set body_title = 'Authorisation Request' %} {% block body_content %}
@@ -41,7 +41,7 @@
Approved!
-

You have approved the device authorisation request. You should now be signed in on the target device or application.

+

You have approved the authorisation request. You should now be signed in on the target device or application.

@@ -51,7 +51,7 @@
Denied!
-

You have denied the device authorisation request. Please return to the target device or application and follow displayed instructions.

+

You have denied the authorisation request. Please return to the target device or application and follow displayed instructions.