IndieAuth support (#1811)
* Able to authenticate user against IndieAuth. For #1273 * WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272 * Add migration to remove access tokens from user * Add authenticated bool to user for display purposes * Add indieauth modal and auth flair to display names. For #1273 * Validate URLs and display errors * Renames, cleanups * Handle relative auth endpoint paths. Add error handling for missing redirects. * Disallow using display names in use by registered users. Closes #1810 * Verify code verifier via code challenge on callback * Use relative path to authorization_endpoint * Post-rebase fixes * Use a timestamp instead of a bool for authenticated * Propertly handle and display error in modal * Use auth'ed timestamp to derive authenticated flag to display in chat * don't redirect unless a URL is present avoids redirecting to `undefined` if there was an error * improve error message if owncast server URL isn't set * fix IndieAuth PKCE implementation use SHA256 instead of SHA1, generates a longer code verifier (must be 43-128 chars long), fixes URL-safe SHA256 encoding * return real profile data for IndieAuth response * check the code verifier in the IndieAuth server * Linting * Add new chat settings modal anad split up indieauth ui * Remove logging error * Update the IndieAuth modal UI. For #1273 * Add IndieAuth repsonse error checking * Disable IndieAuth client if server URL is not set. * Add explicit error messages for specific error types * Fix bad logic * Return OAuth-keyed error responses for indieauth server * Display IndieAuth error in plain text with link to return to main page * Remove redundant check * Add additional detail to error * Hide IndieAuth details behind disclosure details * Break out migration into two steps because some people have been runing dev in production * Add auth option to user dropdown Co-authored-by: Aaron Parecki <aaron@parecki.com>
This commit is contained in:
Gabe Kangas
26
db/query.sql
26
db/query.sql
@@ -78,3 +78,29 @@ SELECT destination FROM notifications WHERE channel = $1;
|
||||
|
||||
-- name: RemoveNotificationDestinationForChannel :exec
|
||||
DELETE FROM notifications WHERE channel = $1 AND destination = $2;
|
||||
-- name: AddAuthForUser :exec
|
||||
INSERT INTO auth(user_id, token, type) values($1, $2, $3);
|
||||
|
||||
-- name: GetUserByAuth :one
|
||||
SELECT users.id, display_name, display_color, users.created_at, disabled_at, previous_names, namechanged_at, authenticated_at, scopes FROM auth, users WHERE token = $1 AND auth.type = $2 AND users.id = auth.user_id;
|
||||
|
||||
-- name: AddAccessTokenForUser :exec
|
||||
INSERT INTO user_access_tokens(token, user_id) values($1, $2);
|
||||
|
||||
-- name: GetUserByAccessToken :one
|
||||
SELECT users.id, display_name, display_color, users.created_at, disabled_at, previous_names, namechanged_at, authenticated_at, scopes FROM users, user_access_tokens WHERE token = $1 AND users.id = user_id;
|
||||
|
||||
-- name: GetUserDisplayNameByToken :one
|
||||
SELECT display_name FROM users, user_access_tokens WHERE token = $1 AND users.id = user_id AND disabled_at = NULL;
|
||||
|
||||
-- name: SetAccessTokenToOwner :exec
|
||||
UPDATE user_access_tokens SET user_id = $1 WHERE token = $2;
|
||||
|
||||
-- name: SetUserAsAuthenticated :exec
|
||||
UPDATE users SET authenticated_at = CURRENT_TIMESTAMP WHERE id = $1;
|
||||
|
||||
-- name: IsDisplayNameAvailable :one
|
||||
SELECT count(*) FROM users WHERE display_name = $1 AND authenticated_at is not null AND disabled_at is NULL;
|
||||
|
||||
-- name: ChangeDisplayName :exec
|
||||
UPDATE users SET display_name = $1, previous_names = previous_names || $2, namechanged_at = $3 WHERE id = $4;
|
||||
|
||||
Reference in New Issue
Block a user