From 2e4ddebcda955e3cb2252c75cc1222a5147c5168 Mon Sep 17 00:00:00 2001 From: Paulus Schoutsen Date: Mon, 9 Jul 2018 18:24:49 +0200 Subject: [PATCH] Use IndieAuth for client ID (#1427) * Use IndieAuth for client ID * Lint --- src/auth/ha-auth-flow.js | 14 ++++++-------- src/auth/ha-pick-auth-provider.js | 7 +------ src/common/auth/fetch_token.js | 4 +--- src/common/auth/refresh_token.js | 4 +--- src/entrypoints/authorize.js | 19 ++++++++++++++----- src/entrypoints/core.js | 10 +++++++--- 6 files changed, 30 insertions(+), 28 deletions(-) diff --git a/src/auth/ha-auth-flow.js b/src/auth/ha-auth-flow.js index 70d3652700..e2770eee22 100644 --- a/src/auth/ha-auth-flow.js +++ b/src/auth/ha-auth-flow.js @@ -35,7 +35,6 @@ class HaAuthFlow extends EventsMixin(PolymerElement) { return { authProvider: Object, clientId: String, - clientSecret: String, redirectUri: String, oauth2State: String, _state: { @@ -54,10 +53,8 @@ class HaAuthFlow extends EventsMixin(PolymerElement) { fetch('/auth/login_flow', { method: 'POST', - headers: { - Authorization: `Basic ${btoa(`${this.clientId}:${this.clientSecret}`)}` - }, body: JSON.stringify({ + client_id: this.clientId, handler: [this.authProvider.type, this.authProvider.id], redirect_uri: this.redirectUri, }) @@ -89,12 +86,13 @@ class HaAuthFlow extends EventsMixin(PolymerElement) { } this._state = 'loading'; + const postData = Object.assign({}, this._stepData, { + client_id: this.clientId, + }); + fetch(`/auth/login_flow/${this._step.flow_id}`, { method: 'POST', - headers: { - Authorization: `Basic ${btoa(`${this.clientId}:${this.clientSecret}`)}` - }, - body: JSON.stringify(this._stepData) + body: JSON.stringify(postData) }).then((response) => { if (!response.ok) throw new Error(); return response.json(); diff --git a/src/auth/ha-pick-auth-provider.js b/src/auth/ha-pick-auth-provider.js index 7be58e73c8..41001ac776 100644 --- a/src/auth/ha-pick-auth-provider.js +++ b/src/auth/ha-pick-auth-provider.js @@ -45,17 +45,12 @@ class HaPickAuthProvider extends EventsMixin(PolymerElement) { }, authProviders: Array, clientId: String, - clientSecret: String, }; } connectedCallback() { super.connectedCallback(); - fetch('/auth/providers', { - headers: { - Authorization: `Basic ${btoa(`${this.clientId}:${this.clientSecret}`)}` - } - }).then((response) => { + fetch('/auth/providers').then((response) => { if (!response.ok) throw new Error(); return response.json(); }).then((authProviders) => { diff --git a/src/common/auth/fetch_token.js b/src/common/auth/fetch_token.js index 17c47fa8a7..6fe6933598 100644 --- a/src/common/auth/fetch_token.js +++ b/src/common/auth/fetch_token.js @@ -1,12 +1,10 @@ export default function fetchToken(clientId, code) { const data = new FormData(); + data.append('client_id', clientId); data.append('grant_type', 'authorization_code'); data.append('code', code); return fetch('/auth/token', { method: 'POST', - headers: { - authorization: `Basic ${btoa(clientId)}` - }, body: data, }).then((resp) => { if (!resp.ok) throw new Error('Unable to fetch tokens'); diff --git a/src/common/auth/refresh_token.js b/src/common/auth/refresh_token.js index d7d20e4a97..dabfbd358b 100644 --- a/src/common/auth/refresh_token.js +++ b/src/common/auth/refresh_token.js @@ -1,12 +1,10 @@ export default function refreshAccessToken(clientId, refreshToken) { const data = new FormData(); + data.append('client_id', clientId); data.append('grant_type', 'refresh_token'); data.append('refresh_token', refreshToken); return fetch('/auth/token', { method: 'POST', - headers: { - authorization: `Basic ${btoa(clientId)}` - }, body: data, }).then((resp) => { if (!resp.ok) throw new Error('Unable to fetch tokens'); diff --git a/src/entrypoints/authorize.js b/src/entrypoints/authorize.js index 833732bfaa..3fcde70c4a 100644 --- a/src/entrypoints/authorize.js +++ b/src/entrypoints/authorize.js @@ -19,11 +19,22 @@ class HaAuthorize extends PolymerElement {
+

Logging in to [[clientId]].

+ + +
`; @@ -36,7 +47,6 @@ class HaAuthorize extends PolymerElement { value: null, }, clientId: String, - clientSecret: String, redirectUri: String, oauth2State: String, }; @@ -53,7 +63,6 @@ class HaAuthorize extends PolymerElement { } const props = {}; if (query.client_id) props.clientId = query.client_id; - if (query.client_secret) props.clientSecret = query.client_secret; if (query.redirect_uri) props.redirectUri = query.redirect_uri; if (query.state) props.oauth2State = query.state; this.setProperties(props); diff --git a/src/entrypoints/core.js b/src/entrypoints/core.js index 7d28e3b807..c6b314eaf5 100644 --- a/src/entrypoints/core.js +++ b/src/entrypoints/core.js @@ -28,19 +28,23 @@ const init = window.createHassConnection = function (password, accessToken) { }); }; +function clientId() { + return `${location.protocol}//${location.host}/`; +} + function redirectLogin() { - document.location = `${__PUBLIC_PATH__}authorize.html?response_type=code&client_id=${window.clientId}&redirect_uri=/`; + document.location = `${__PUBLIC_PATH__}authorize.html?response_type=code&client_id=${encodeURIComponent(clientId())}&redirect_uri=${encodeURIComponent(location.toString())}`; } window.refreshToken = () => - refreshToken_(window.clientId, window.tokens.refresh_token).then((accessTokenResp) => { + refreshToken_(clientId(), window.tokens.refresh_token).then((accessTokenResp) => { window.tokens.access_token = accessTokenResp.access_token; localStorage.tokens = JSON.stringify(window.tokens); return accessTokenResp.access_token; }, () => redirectLogin()); function resolveCode(code) { - fetchToken(window.clientId, code).then((tokens) => { + fetchToken(clientId(), code).then((tokens) => { localStorage.tokens = JSON.stringify(tokens); // Refresh the page and have tokens in place. document.location = location.pathname;