whole buncha stuff

3 files changed, 49 insertions, 7 deletions

diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go
index d79db95ed..050c23dab 100644
--- a/internal/oauth/oauth.go
+++ b/internal/oauth/oauth.go
@@ -19,19 +19,25 @@
 package oauth
 
 import (
+	"github.com/go-pg/pg/v10"
+	"github.com/gotosocial/gotosocial/internal/api"
+	"github.com/gotosocial/gotosocial/internal/gtsmodel"
 	"github.com/gotosocial/oauth2/v4"
 	"github.com/gotosocial/oauth2/v4/errors"
 	"github.com/gotosocial/oauth2/v4/manage"
 	"github.com/gotosocial/oauth2/v4/server"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/crypto/bcrypt"
 )
 
 type API struct {
 	manager *manage.Manager
 	server  *server.Server
+	conn    *pg.DB
+	log     *logrus.Logger
 }
 
-func New(ts oauth2.TokenStore, cs oauth2.ClientStore, log *logrus.Logger) *API {
+func New(ts oauth2.TokenStore, cs oauth2.ClientStore, conn *pg.DB, log *logrus.Logger) *API {
 	manager := manage.NewDefaultManager()
 	manager.MapTokenStorage(ts)
 	manager.MapClientStorage(cs)
@@ -49,5 +55,41 @@ func New(ts oauth2.TokenStore, cs oauth2.ClientStore, log *logrus.Logger) *API {
 	return &API{
 		manager: manager,
 		server:  srv,
+		conn:    conn,
+		log:     log,
 	}
 }
+
+func (a *API) AddRoutes(s api.Server) error {
+	return nil
+}
+
+func incorrectPassword() (string, error) {
+	return "", errors.New("password/email combination was incorrect")
+}
+
+func (a *API) PasswordAuthorizationHandler(email string, password string) (userid string, err error) {
+	// first we select the user from the database based on email address, bail if no user found for that email
+	gtsUser := &gtsmodel.User{}
+	if err := a.conn.Model(gtsUser).Where("email = ?", email).Select(); err != nil {
+		a.log.Debugf("user %s was not retrievable from db during oauth authorization attempt: %s", email, err)
+		return incorrectPassword()
+	}
+
+	// make sure a password is actually set and bail if not
+	if gtsUser.EncryptedPassword == "" {
+		a.log.Warnf("encrypted password for user %s was empty for some reason", gtsUser.Email)
+		return incorrectPassword()
+	}
+
+	// compare the provided password with the encrypted one from the db, bail if they don't match
+	if err := bcrypt.CompareHashAndPassword([]byte(gtsUser.EncryptedPassword), []byte(password)); err != nil {
+		a.log.Debugf("password hash didn't match for user %s during login attempt: %s", gtsUser.Email, err)
+		return incorrectPassword()
+	}
+
+	// If we've made it this far the email/password is correct so we need the oauth client-id of the user
+	// This is, conveniently, the same as the user ID, so we can just return it.
+	userid = gtsUser.ID
+	return
+}
diff --git a/internal/oauth/pgclientstore.go b/internal/oauth/pgclientstore.go
index dda5fb3d6..22bb54f55 100644
--- a/internal/oauth/pgclientstore.go
+++ b/internal/oauth/pgclientstore.go
@@ -37,9 +37,9 @@ func NewPGClientStore(conn *pg.DB) oauth2.ClientStore {
 	return pts
 }
 
-func (pcs *pgClientStore) GetByID(ctx context.Context, id string) (oauth2.ClientInfo, error) {
+func (pcs *pgClientStore) GetByID(ctx context.Context, clientID string) (oauth2.ClientInfo, error) {
 	poc := &oauthClient{
-		ID: id,
+		ID: clientID,
 	}
 	if err := pcs.conn.WithContext(ctx).Model(poc).Where("id = ?", poc.ID).Select(); err != nil {
 		return nil, err
diff --git a/internal/oauth/pgclientstore_test.go b/internal/oauth/pgclientstore_test.go
index 3f8de064d..d6a76981f 100644
--- a/internal/oauth/pgclientstore_test.go
+++ b/internal/oauth/pgclientstore_test.go
@@ -13,10 +13,10 @@ import (
 
 type PgClientStoreTestSuite struct {
 	suite.Suite
-	conn           *pg.DB
-	testClientID      string
-	testClientSecret  string
-	testClientDomain  string
+	conn             *pg.DB
+	testClientID     string
+	testClientSecret string
+	testClientDomain string
 	testClientUserID string
 }