logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma 
commit: 7456338ed3d0b36327c3f9b153630d36cd044bb9
parent: c23bd05737c38c407f998d3aa48c5c3d191f0c56
Author: kaniini <nenolod@gmail.com>
Date:   Mon, 18 Feb 2019 04:02:41 +0000

Merge branch 'feature/add-oauth-tokens-endpoint' into 'develop'

Add OAuth tokens endpoint

See merge request pleroma/pleroma!805

Diffstat:


Mlib/pleroma/web/oauth/token.ex20+++++++++++++++++++-


Mlib/pleroma/web/router.ex3+++


Mlib/pleroma/web/twitter_api/twitter_api_controller.ex18++++++++++++++++++


Alib/pleroma/web/twitter_api/views/token_view.ex21+++++++++++++++++++++


Mtest/support/factory.ex13+++++++++++++


Mtest/web/twitter_api/twitter_api_controller_test.exs35+++++++++++++++++++++++++++++++++++


6 files changed, 109 insertions(+), 1 deletion(-)

diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex
@@ -47,9 +47,27 @@ defmodule Pleroma.Web.OAuth.Token do
 
   def delete_user_tokens(%User{id: user_id}) do
     from(
-      t in Pleroma.Web.OAuth.Token,
+      t in Token,
       where: t.user_id == ^user_id
     )
     |> Repo.delete_all()
   end
+
+  def delete_user_token(%User{id: user_id}, token_id) do
+    from(
+      t in Token,
+      where: t.user_id == ^user_id,
+      where: t.id == ^token_id
+    )
+    |> Repo.delete_all()
+  end
+
+  def get_user_tokens(%User{id: user_id}) do
+    from(
+      t in Token,
+      where: t.user_id == ^user_id
+    )
+    |> Repo.all()
+    |> Repo.preload(:app)
+  end
 end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
@@ -392,6 +392,9 @@ defmodule Pleroma.Web.Router do
     get("/qvitter/mutes", TwitterAPI.Controller, :raw_empty_array)
 
     get("/externalprofile/show", TwitterAPI.Controller, :external_profile)
+
+    get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens)
+    delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token)
   end
 
   pipeline :ap_relay do
diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@@ -8,6 +8,10 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
 
   alias Ecto.Changeset
+  alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView, ActivityView, NotificationView, TokenView}
+  alias Pleroma.Web.CommonAPI
+  alias Pleroma.{Repo, Activity, Object, User, Notification}
+  alias Pleroma.Web.OAuth.Token
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Web.CommonAPI
@@ -545,6 +549,20 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
     end
   end
 
+  def oauth_tokens(%{assigns: %{user: user}} = conn, _params) do
+    with oauth_tokens <- Token.get_user_tokens(user) do
+      conn
+      |> put_view(TokenView)
+      |> render("index.json", %{tokens: oauth_tokens})
+    end
+  end
+
+  def revoke_token(%{assigns: %{user: user}} = conn, %{"id" => id} = _params) do
+    Token.delete_user_token(user, id)
+
+    json_reply(conn, 201, "")
+  end
+
   def blocks(%{assigns: %{user: user}} = conn, _params) do
     with blocked_users <- User.blocked_users(user) do
       conn
diff --git a/lib/pleroma/web/twitter_api/views/token_view.ex b/lib/pleroma/web/twitter_api/views/token_view.ex
@@ -0,0 +1,21 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.TwitterAPI.TokenView do
+  use Pleroma.Web, :view
+
+  def render("index.json", %{tokens: tokens}) do
+    tokens
+    |> render_many(Pleroma.Web.TwitterAPI.TokenView, "show.json")
+    |> Enum.filter(&Enum.any?/1)
+  end
+
+  def render("show.json", %{token: token_entry}) do
+    %{
+      id: token_entry.id,
+      valid_until: token_entry.valid_until,
+      app_name: token_entry.app.client_name
+    }
+  end
+end
diff --git a/test/support/factory.ex b/test/support/factory.ex
@@ -227,4 +227,17 @@ defmodule Pleroma.Factory do
       unreachable_since: nil
     }
   end
+
+  def oauth_token_factory do
+    user = insert(:user)
+    oauth_app = insert(:oauth_app)
+
+    %Pleroma.Web.OAuth.Token{
+      token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(),
+      refresh_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(),
+      user_id: user.id,
+      app_id: oauth_app.id,
+      valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10)
+    }
+  end
 end
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -13,6 +13,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
   alias Pleroma.Object
   alias Pleroma.Notification
   alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.OAuth.Token
   alias Pleroma.Web.TwitterAPI.UserView
   alias Pleroma.Web.TwitterAPI.NotificationView
   alias Pleroma.Web.CommonAPI
@@ -1915,4 +1916,38 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
                ActivityRepresenter.to_map(activity, %{user: user, for: user})
     end
   end
+
+  describe "GET /api/oauth_tokens" do
+    setup do
+      token = insert(:oauth_token) |> Repo.preload(:user)
+
+      %{token: token}
+    end
+
+    test "renders list", %{token: token} do
+      response =
+        build_conn()
+        |> assign(:user, token.user)
+        |> get("/api/oauth_tokens")
+
+      keys =
+        json_response(response, 200)
+        |> hd()
+        |> Map.keys()
+
+      assert keys -- ["id", "app_name", "valid_until"] == []
+    end
+
+    test "revoke token", %{token: token} do
+      response =
+        build_conn()
+        |> assign(:user, token.user)
+        |> delete("/api/oauth_tokens/#{token.id}")
+
+      tokens = Token.get_user_tokens(token.user)
+
+      assert tokens == []
+      assert response.status == 201
+    end
+  end
 end