From 82255b46eb7f6abc89edf2297b2aae3aa5b9c2e1 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Thu, 28 Apr 2022 11:41:28 +0200 Subject: [PATCH 1/3] Use upstream dependencies for Ueberauth providers Allows to work properly with state_param Signed-off-by: Thomas Citharel --- mix.exs | 6 ++---- mix.lock | 4 ++-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/mix.exs b/mix.exs index 13f47615..2f304636 100644 --- a/mix.exs +++ b/mix.exs @@ -180,10 +180,8 @@ defmodule Mobilizon.Mixfile do {:ueberauth_github, "~> 0.8.1"}, {:ueberauth_facebook, "~> 0.9"}, {:ueberauth_google, "~> 0.10.1"}, - {:ueberauth_keycloak_strategy, - git: "https://github.com/tcitworld/ueberauth_keycloak.git", branch: "upgrade-deps"}, - {:ueberauth_gitlab_strategy, - git: "https://github.com/tcitworld/ueberauth_gitlab.git", branch: "upgrade-deps"}, + {:ueberauth_keycloak_strategy, "~> 0.3.0"}, + {:ueberauth_gitlab_strategy, "~> 0.4.0"}, {:ecto_shortuuid, "~> 0.1"}, {:tesla, "~> 1.4.0"}, {:sitemapper, "~> 0.6"}, diff --git a/mix.lock b/mix.lock index e82008dc..1487a67c 100644 --- a/mix.lock +++ b/mix.lock @@ -132,9 +132,9 @@ "ueberauth": {:hex, :ueberauth, "0.7.0", "9c44f41798b5fa27f872561b6f7d2bb0f10f03fdd22b90f454232d7b087f4b75", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "2efad9022e949834f16cc52cd935165049d81fa9e925690f91035c2e4b58d905"}, "ueberauth_facebook": {:hex, :ueberauth_facebook, "0.9.0", "c0b03c33903d1d23db1a13eb2d31238d64f32ee35b5bd51491e24d40168c0bff", [:mix], [{:oauth2, "~> 1.0 or ~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "f2a0fc914a194431b4578b16cba7a2cfce2298f7cfbefb3aa744283cf1eb47ff"}, "ueberauth_github": {:hex, :ueberauth_github, "0.8.1", "0be487b5afc29bc805fa5e31636f37c8f09d5159ef73fc08c4c7a98c9cfe2c18", [:mix], [{:oauth2, "~> 1.0 or ~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7.0", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "143d6130b945ea9bdbd0ef94987f40788f1d7e8090decbfc0722773155e7a74a"}, - "ueberauth_gitlab_strategy": {:git, "https://github.com/tcitworld/ueberauth_gitlab.git", "9fc5d30b5d87ff7cdef293a1c128f25777dcbe59", [branch: "upgrade-deps"]}, + "ueberauth_gitlab_strategy": {:hex, :ueberauth_gitlab_strategy, "0.4.0", "96605d304ebb87ce508eccbeb1f94da9ea1c9da20d8913771b6cf24a6cc6c633", [:mix], [{:oauth2, "~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7.0", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "e86e2e794bb063c07c05a6b1301b73f2be3ba9308d8f47ecc4d510ef9226091e"}, "ueberauth_google": {:hex, :ueberauth_google, "0.10.1", "db7bd2d99d2ff38e7449042a08d9560741b0dcaf1c31191729b97188b025465e", [:mix], [{:oauth2, "~> 1.0 or ~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7.0", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "b799f547d279bb836e1f7039fc9fbb3a9d008a695e2a25bd06bffe591a168ba1"}, - "ueberauth_keycloak_strategy": {:git, "https://github.com/tcitworld/ueberauth_keycloak.git", "d892f0f9daf9e0023319b69ac2f7c2c6edff2b14", [branch: "upgrade-deps"]}, + "ueberauth_keycloak_strategy": {:hex, :ueberauth_keycloak_strategy, "0.3.0", "262f25ae9a38886e13a954919a873ae6ea9adf73cf8875eec74b945f0b2c7b2b", [:mix], [{:oauth2, "~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "d1a0abad08cd5e39722a9899200583b03ac63fee0c264799018ef06eb989db31"}, "ueberauth_twitter": {:hex, :ueberauth_twitter, "0.4.1", "92f88b1ad50322cdda719b439bb7f93b225dc0315723117bc25c782e627c8f33", [:mix], [{:httpoison, "~> 1.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:oauther, "~> 1.1", [hex: :oauther, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "83ca8ea3e1a3f976f1adbebfb323b9ebf53af453fbbf57d0486801a303b16065"}, "unicode_util_compat": {:hex, :unicode_util_compat, "0.7.0", "bc84380c9ab48177092f43ac89e4dfa2c6d62b40b8bd132b1059ecc7232f9a78", [:rebar3], [], "hexpm", "25eee6d67df61960cf6a794239566599b09e17e668d3700247bc498638152521"}, "unsafe": {:hex, :unsafe, "1.0.1", "a27e1874f72ee49312e0a9ec2e0b27924214a05e3ddac90e91727bc76f8613d8", [:mix], [], "hexpm", "6c7729a2d214806450d29766abc2afaa7a2cbecf415be64f36a6691afebb50e5"}, From f997f573bac4d40584b191929dc5d0496f02b0ce Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Thu, 28 Apr 2022 11:44:07 +0200 Subject: [PATCH 2/3] Use a session for state parameter in Ueberauth callback controller Signed-off-by: Thomas Citharel --- lib/web/controllers/auth_controller.ex | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/web/controllers/auth_controller.ex b/lib/web/controllers/auth_controller.ex index 49a12b5a..f1ba410e 100644 --- a/lib/web/controllers/auth_controller.ex +++ b/lib/web/controllers/auth_controller.ex @@ -7,6 +7,14 @@ defmodule Mobilizon.Web.AuthController do require Logger plug(:put_layout, false) + config = Application.get_env(:mobilizon, Mobilizon.Web.Endpoint, []) + + plug(Plug.Session, + store: :cookie, + key: "_auth_callback", + signing_salt: Keyword.get(config, :secret_key_base) + ) + plug(Ueberauth) @spec request(Plug.Conn.t(), map()) :: Plug.Conn.t() From c91e8f6bf3455e387c0e1d702a56258b694a0cc8 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Thu, 28 Apr 2022 11:43:05 +0200 Subject: [PATCH 3/3] Fix being an administrator when using 3rd-party auth provider Signed-off-by: Thomas Citharel --- js/src/views/User/ProviderValidation.vue | 2 +- lib/web/views/auth_view.ex | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/js/src/views/User/ProviderValidation.vue b/js/src/views/User/ProviderValidation.vue index d2d49a52..3f41e8f2 100644 --- a/js/src/views/User/ProviderValidation.vue +++ b/js/src/views/User/ProviderValidation.vue @@ -46,7 +46,7 @@ export default class ProviderValidate extends Vue { id: userId, email: userEmail, isLoggedIn: true, - role: ICurrentUserRole.USER, + role: userRole, }, }); const { data } = await this.$apollo.query<{ loggedUser: IUser }>({ diff --git a/lib/web/views/auth_view.ex b/lib/web/views/auth_view.ex index 9ec29ff2..eeedd2ca 100644 --- a/lib/web/views/auth_view.ex +++ b/lib/web/views/auth_view.ex @@ -20,7 +20,7 @@ defmodule Mobilizon.Web.AuthView do Tag.tag(:meta, name: "auth-refresh-token", content: refresh_token), Tag.tag(:meta, name: "auth-user-id", content: user_id), Tag.tag(:meta, name: "auth-user-email", content: user_email), - Tag.tag(:meta, name: "auth-user-role", content: user_role), + Tag.tag(:meta, name: "auth-user-role", content: String.upcase(to_string(user_role))), Tag.tag(:meta, name: "auth-user-actor-id", content: user_actor_id) ]