X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=client%2Fsrc%2Fapp%2Fcore%2Fauth%2Fauth.service.ts;h=6fe601d8d24634275bfb0e555e3560d5aad07f3d;hb=98bd5e2256bfdeba6d5ab07f0421acfde1a0de26;hp=ef5a3808e52ab10e40a897497c08f5ef2c0ade7e;hpb=134006b0d4528c07f0022c6e75257bf9fedbfebb;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/client/src/app/core/auth/auth.service.ts b/client/src/app/core/auth/auth.service.ts
index ef5a3808e..6fe601d8d 100644
--- a/client/src/app/core/auth/auth.service.ts
+++ b/client/src/app/core/auth/auth.service.ts
@@ -1,14 +1,15 @@
 import { Hotkey, HotkeysService } from 'angular2-hotkeys'
 import { Observable, ReplaySubject, Subject, throwError as observableThrowError } from 'rxjs'
 import { catchError, map, mergeMap, share, tap } from 'rxjs/operators'
-import { HttpClient, HttpHeaders, HttpParams } from '@angular/common/http'
+import { HttpClient, HttpErrorResponse, HttpHeaders, HttpParams } from '@angular/common/http'
 import { Injectable } from '@angular/core'
 import { Router } from '@angular/router'
 import { Notifier } from '@app/core/notification/notifier.service'
-import { objectToUrlEncoded, peertubeLocalStorage } from '@root-helpers/index'
+import { logger, OAuthUserTokens, objectToUrlEncoded, peertubeLocalStorage } from '@root-helpers/index'
 import { HttpStatusCode, MyUser as UserServerModel, OAuthClientLocal, User, UserLogin, UserRefreshToken } from '@shared/models'
 import { environment } from '../../../environments/environment'
 import { RestExtractor } from '../rest/rest-extractor.service'
+import { RedirectService } from '../routing'
 import { AuthStatus } from './auth-status.model'
 import { AuthUser } from './auth-user.model'
 
@@ -34,6 +35,7 @@ export class AuthService {
 
   loginChangedSource: Observable<AuthStatus>
   userInformationLoaded = new ReplaySubject<boolean>(1)
+  tokensRefreshed = new ReplaySubject<void>(1)
   hotkeys: Hotkey[]
 
   private clientId: string = peertubeLocalStorage.getItem(AuthService.LOCAL_STORAGE_OAUTH_CLIENT_KEYS.CLIENT_ID)
@@ -43,18 +45,16 @@ export class AuthService {
   private refreshingTokenObservable: Observable<any>
 
   constructor (
+    private redirectService: RedirectService,
     private http: HttpClient,
     private notifier: Notifier,
     private hotkeysService: HotkeysService,
     private restExtractor: RestExtractor,
     private router: Router
-    ) {
+  ) {
     this.loginChanged = new Subject<AuthStatus>()
     this.loginChangedSource = this.loginChanged.asObservable()
 
-    // Return null if there is nothing to load
-    this.user = AuthUser.load()
-
     // Set HotKeys
     this.hotkeys = [
       new Hotkey('m s', (event: KeyboardEvent): boolean => {
@@ -76,33 +76,37 @@ export class AuthService {
     ]
   }
 
+  buildAuthUser (userInfo: Partial<User>, tokens: OAuthUserTokens) {
+    this.user = new AuthUser(userInfo, tokens)
+  }
+
   loadClientCredentials () {
     // Fetch the client_id/client_secret
     this.http.get<OAuthClientLocal>(AuthService.BASE_CLIENT_URL)
         .pipe(catchError(res => this.restExtractor.handleError(res)))
-        .subscribe(
-          res => {
+        .subscribe({
+          next: res => {
             this.clientId = res.client_id
             this.clientSecret = res.client_secret
 
             peertubeLocalStorage.setItem(AuthService.LOCAL_STORAGE_OAUTH_CLIENT_KEYS.CLIENT_ID, this.clientId)
             peertubeLocalStorage.setItem(AuthService.LOCAL_STORAGE_OAUTH_CLIENT_KEYS.CLIENT_SECRET, this.clientSecret)
 
-            console.log('Client credentials loaded.')
+            logger.info('Client credentials loaded.')
           },
 
-          error => {
-            let errorMessage = error.message
+          error: err => {
+            let errorMessage = err.message
 
-            if (error.status === HttpStatusCode.FORBIDDEN_403) {
-              errorMessage = $localize`Cannot retrieve OAuth Client credentials: ${error.text}.
+            if (err.status === HttpStatusCode.FORBIDDEN_403) {
+              errorMessage = $localize`Cannot retrieve OAuth Client credentials: ${err.message}.
 Ensure you have correctly configured PeerTube (config/ directory), in particular the "webserver" section.`
             }
 
             // We put a bigger timeout: this is an important message
             this.notifier.error(errorMessage, $localize`Error`, 7000)
           }
-        )
+        })
   }
 
   getRefreshToken () {
@@ -139,7 +143,14 @@ Ensure you have correctly configured PeerTube (config/ directory), in particular
     return !!this.getAccessToken()
   }
 
-  login (username: string, password: string, token?: string) {
+  login (options: {
+    username: string
+    password: string
+    otpToken?: string
+    token?: string
+  }) {
+    const { username, password, token, otpToken } = options
+
     // Form url encoded
     const body = {
       client_id: this.clientId,
@@ -153,7 +164,9 @@ Ensure you have correctly configured PeerTube (config/ directory), in particular
 
     if (token) Object.assign(body, { externalAuthToken: token })
 
-    const headers = new HttpHeaders().set('Content-Type', 'application/x-www-form-urlencoded')
+    let headers = new HttpHeaders().set('Content-Type', 'application/x-www-form-urlencoded')
+    if (otpToken) headers = headers.set('x-peertube-otp', otpToken)
+
     return this.http.post<UserLogin>(AuthService.BASE_TOKEN_URL, objectToUrlEncoded(body), { headers })
                .pipe(
                  map(res => Object.assign(res, { username })),
@@ -168,20 +181,18 @@ Ensure you have correctly configured PeerTube (config/ directory), in particular
     const headers = new HttpHeaders().set('Authorization', authHeaderValue)
 
     this.http.post<{ redirectUrl?: string }>(AuthService.BASE_REVOKE_TOKEN_URL, {}, { headers })
-    .subscribe(
-      res => {
-        if (res.redirectUrl) {
-          window.location.href = res.redirectUrl
-        }
-      },
+      .subscribe({
+        next: res => {
+          if (res.redirectUrl) {
+            window.location.href = res.redirectUrl
+          }
+        },
 
-      err => console.error(err)
-    )
+        error: err => logger.error(err)
+      })
 
     this.user = null
 
-    AuthUser.flush()
-
     this.setStatus(AuthStatus.LoggedOut)
 
     this.hotkeysService.remove(this.hotkeys)
@@ -190,7 +201,7 @@ Ensure you have correctly configured PeerTube (config/ directory), in particular
   refreshAccessToken () {
     if (this.refreshingTokenObservable) return this.refreshingTokenObservable
 
-    console.log('Refreshing token...')
+    logger.info('Refreshing token...')
 
     const refreshToken = this.getRefreshToken()
 
@@ -204,23 +215,26 @@ Ensure you have correctly configured PeerTube (config/ directory), in particular
     const headers = new HttpHeaders().set('Content-Type', 'application/x-www-form-urlencoded')
 
     this.refreshingTokenObservable = this.http.post<UserRefreshToken>(AuthService.BASE_TOKEN_URL, body, { headers })
-                                         .pipe(
-                                           map(res => this.handleRefreshToken(res)),
-                                           tap(() => { this.refreshingTokenObservable = null }),
-                                           catchError(err => {
-                                             this.refreshingTokenObservable = null
-
-                                             console.error(err)
-                                             console.log('Cannot refresh token -> logout...')
-                                             this.logout()
-                                             this.router.navigate([ '/login' ])
-
-                                             return observableThrowError({
-                                               error: $localize`You need to reconnect.`
-                                             })
-                                           }),
-                                           share()
-                                         )
+      .pipe(
+        map(res => this.handleRefreshToken(res)),
+        tap(() => {
+          this.refreshingTokenObservable = null
+        }),
+        catchError(err => {
+          this.refreshingTokenObservable = null
+
+          logger.error(err)
+          logger.info('Cannot refresh token -> logout...')
+          this.logout()
+
+          this.redirectService.redirectToLogin()
+
+          return observableThrowError(() => ({
+            error: $localize`You need to reconnect.`
+          }))
+        }),
+        share()
+      )
 
     return this.refreshingTokenObservable
   }
@@ -234,14 +248,21 @@ Ensure you have correctly configured PeerTube (config/ directory), in particular
     }
 
     this.mergeUserInformation(obj)
-        .subscribe(
-          res => {
+        .subscribe({
+          next: res => {
             this.user.patch(res)
-            this.user.save()
 
             this.userInformationLoaded.next(true)
           }
-        )
+        })
+  }
+
+  isOTPMissingError (err: HttpErrorResponse) {
+    if (err.status !== HttpStatusCode.UNAUTHORIZED_401) return false
+
+    if (err.headers.get('x-peertube-otp') !== 'required; app') return false
+
+    return true
   }
 
   private mergeUserInformation (obj: UserLoginWithUsername): Observable<UserLoginWithUserInformation> {
@@ -260,7 +281,6 @@ Ensure you have correctly configured PeerTube (config/ directory), in particular
     }
 
     this.user = new AuthUser(obj, hashTokens)
-    this.user.save()
 
     this.setStatus(AuthStatus.LoggedIn)
     this.userInformationLoaded.next(true)
@@ -270,7 +290,7 @@ Ensure you have correctly configured PeerTube (config/ directory), in particular
 
   private handleRefreshToken (obj: UserRefreshToken) {
     this.user.refreshTokens(obj.access_token, obj.refresh_token)
-    this.user.save()
+    this.tokensRefreshed.next()
   }
 
   private setStatus (status: AuthStatus) {