You've already forked immich
mirror of
https://github.com/immich-app/immich.git
synced 2025-08-09 23:17:29 +02:00
feat: add oauth2 code verifier
* fix: ensure oauth state param matches before finishing oauth flow Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> * chore: upgrade openid-client to v6 Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> * feat: use PKCE for oauth2 on supported clients Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> * feat: use state and PKCE in mobile app Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> * fix: remove obsolete oauth repository init Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> * fix: rewrite callback url if mobile redirect url is enabled Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> * fix: propagate oidc client error cause when oauth callback fails Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> * fix: adapt auth service tests to required state and PKCE params Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> * fix: update sdk types Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> * fix: adapt oauth e2e test to work with PKCE Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> * fix: allow insecure (http) oauth clients Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> --------- Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com> Co-authored-by: Jason Rasmussen <jason@rasm.me>
This commit is contained in:
Tin Pecirep
committed by
Zack Pollard
Zack Pollard
parent
13d6bd67b1
commit
b7a0cf2470
43
mobile/openapi/lib/model/o_auth_callback_dto.dart
generated
43
mobile/openapi/lib/model/o_auth_callback_dto.dart
generated
@ -14,25 +14,36 @@ class OAuthCallbackDto {
|
||||
/// Returns a new [OAuthCallbackDto] instance.
|
||||
OAuthCallbackDto({
|
||||
required this.url,
|
||||
required this.state,
|
||||
required this.codeVerifier,
|
||||
});
|
||||
|
||||
String url;
|
||||
String state;
|
||||
String codeVerifier;
|
||||
|
||||
@override
|
||||
bool operator ==(Object other) => identical(this, other) || other is OAuthCallbackDto &&
|
||||
other.url == url;
|
||||
bool operator ==(Object other) =>
|
||||
identical(this, other) ||
|
||||
other is OAuthCallbackDto &&
|
||||
other.url == url &&
|
||||
other.state == state &&
|
||||
other.codeVerifier == codeVerifier;
|
||||
|
||||
@override
|
||||
int get hashCode =>
|
||||
// ignore: unnecessary_parenthesis
|
||||
(url.hashCode);
|
||||
// ignore: unnecessary_parenthesis
|
||||
(url.hashCode) + (state.hashCode) + (codeVerifier.hashCode);
|
||||
|
||||
@override
|
||||
String toString() => 'OAuthCallbackDto[url=$url]';
|
||||
String toString() =>
|
||||
'OAuthCallbackDto[url=$url, state=$state, codeVerifier=$codeVerifier]';
|
||||
|
||||
Map<String, dynamic> toJson() {
|
||||
final json = <String, dynamic>{};
|
||||
json[r'url'] = this.url;
|
||||
json[r'url'] = this.url;
|
||||
json[r'state'] = this.state;
|
||||
json[r'codeVerifier'] = this.codeVerifier;
|
||||
return json;
|
||||
}
|
||||
|
||||
@ -46,12 +57,17 @@ class OAuthCallbackDto {
|
||||
|
||||
return OAuthCallbackDto(
|
||||
url: mapValueOfType<String>(json, r'url')!,
|
||||
state: mapValueOfType<String>(json, r'state')!,
|
||||
codeVerifier: mapValueOfType<String>(json, r'codeVerifier')!,
|
||||
);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
static List<OAuthCallbackDto> listFromJson(dynamic json, {bool growable = false,}) {
|
||||
static List<OAuthCallbackDto> listFromJson(
|
||||
dynamic json, {
|
||||
bool growable = false,
|
||||
}) {
|
||||
final result = <OAuthCallbackDto>[];
|
||||
if (json is List && json.isNotEmpty) {
|
||||
for (final row in json) {
|
||||
@ -79,13 +95,19 @@ class OAuthCallbackDto {
|
||||
}
|
||||
|
||||
// maps a json object with a list of OAuthCallbackDto-objects as value to a dart map
|
||||
static Map<String, List<OAuthCallbackDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
|
||||
static Map<String, List<OAuthCallbackDto>> mapListFromJson(
|
||||
dynamic json, {
|
||||
bool growable = false,
|
||||
}) {
|
||||
final map = <String, List<OAuthCallbackDto>>{};
|
||||
if (json is Map && json.isNotEmpty) {
|
||||
// ignore: parameter_assignments
|
||||
json = json.cast<String, dynamic>();
|
||||
for (final entry in json.entries) {
|
||||
map[entry.key] = OAuthCallbackDto.listFromJson(entry.value, growable: growable,);
|
||||
map[entry.key] = OAuthCallbackDto.listFromJson(
|
||||
entry.value,
|
||||
growable: growable,
|
||||
);
|
||||
}
|
||||
}
|
||||
return map;
|
||||
@ -94,6 +116,7 @@ class OAuthCallbackDto {
|
||||
/// The list of required keys that must be present in a JSON.
|
||||
static const requiredKeys = <String>{
|
||||
'url',
|
||||
'state',
|
||||
'codeVerifier',
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
43
mobile/openapi/lib/model/o_auth_config_dto.dart
generated
43
mobile/openapi/lib/model/o_auth_config_dto.dart
generated
@ -14,25 +14,36 @@ class OAuthConfigDto {
|
||||
/// Returns a new [OAuthConfigDto] instance.
|
||||
OAuthConfigDto({
|
||||
required this.redirectUri,
|
||||
required this.state,
|
||||
required this.codeChallenge,
|
||||
});
|
||||
|
||||
String redirectUri;
|
||||
String state;
|
||||
String codeChallenge;
|
||||
|
||||
@override
|
||||
bool operator ==(Object other) => identical(this, other) || other is OAuthConfigDto &&
|
||||
other.redirectUri == redirectUri;
|
||||
bool operator ==(Object other) =>
|
||||
identical(this, other) ||
|
||||
other is OAuthConfigDto &&
|
||||
other.redirectUri == redirectUri &&
|
||||
other.state == state &&
|
||||
other.codeChallenge == codeChallenge;
|
||||
|
||||
@override
|
||||
int get hashCode =>
|
||||
// ignore: unnecessary_parenthesis
|
||||
(redirectUri.hashCode);
|
||||
// ignore: unnecessary_parenthesis
|
||||
(redirectUri.hashCode) + (state.hashCode) + (codeChallenge.hashCode);
|
||||
|
||||
@override
|
||||
String toString() => 'OAuthConfigDto[redirectUri=$redirectUri]';
|
||||
String toString() =>
|
||||
'OAuthConfigDto[redirectUri=$redirectUri, state=$state, codeChallenge=$codeChallenge]';
|
||||
|
||||
Map<String, dynamic> toJson() {
|
||||
final json = <String, dynamic>{};
|
||||
json[r'redirectUri'] = this.redirectUri;
|
||||
json[r'redirectUri'] = this.redirectUri;
|
||||
json[r'state'] = this.state;
|
||||
json[r'codeChallenge'] = this.codeChallenge;
|
||||
return json;
|
||||
}
|
||||
|
||||
@ -46,12 +57,17 @@ class OAuthConfigDto {
|
||||
|
||||
return OAuthConfigDto(
|
||||
redirectUri: mapValueOfType<String>(json, r'redirectUri')!,
|
||||
state: mapValueOfType<String>(json, r'state')!,
|
||||
codeChallenge: mapValueOfType<String>(json, r'codeChallenge')!,
|
||||
);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
static List<OAuthConfigDto> listFromJson(dynamic json, {bool growable = false,}) {
|
||||
static List<OAuthConfigDto> listFromJson(
|
||||
dynamic json, {
|
||||
bool growable = false,
|
||||
}) {
|
||||
final result = <OAuthConfigDto>[];
|
||||
if (json is List && json.isNotEmpty) {
|
||||
for (final row in json) {
|
||||
@ -79,13 +95,19 @@ class OAuthConfigDto {
|
||||
}
|
||||
|
||||
// maps a json object with a list of OAuthConfigDto-objects as value to a dart map
|
||||
static Map<String, List<OAuthConfigDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
|
||||
static Map<String, List<OAuthConfigDto>> mapListFromJson(
|
||||
dynamic json, {
|
||||
bool growable = false,
|
||||
}) {
|
||||
final map = <String, List<OAuthConfigDto>>{};
|
||||
if (json is Map && json.isNotEmpty) {
|
||||
// ignore: parameter_assignments
|
||||
json = json.cast<String, dynamic>();
|
||||
for (final entry in json.entries) {
|
||||
map[entry.key] = OAuthConfigDto.listFromJson(entry.value, growable: growable,);
|
||||
map[entry.key] = OAuthConfigDto.listFromJson(
|
||||
entry.value,
|
||||
growable: growable,
|
||||
);
|
||||
}
|
||||
}
|
||||
return map;
|
||||
@ -94,6 +116,7 @@ class OAuthConfigDto {
|
||||
/// The list of required keys that must be present in a JSON.
|
||||
static const requiredKeys = <String>{
|
||||
'redirectUri',
|
||||
'state',
|
||||
'codeChallenge',
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user