From 82255b46eb7f6abc89edf2297b2aae3aa5b9c2e1 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Thu, 28 Apr 2022 11:41:28 +0200
Subject: [PATCH 1/3] Use upstream dependencies for Ueberauth providers

Allows to work properly with state_param

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 mix.exs  | 6 ++----
 mix.lock | 4 ++--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/mix.exs b/mix.exs
index 13f47615b..2f304636e 100644
--- a/mix.exs
+++ b/mix.exs
@@ -180,10 +180,8 @@ defmodule Mobilizon.Mixfile do
       {:ueberauth_github, "~> 0.8.1"},
       {:ueberauth_facebook, "~> 0.9"},
       {:ueberauth_google, "~> 0.10.1"},
-      {:ueberauth_keycloak_strategy,
-       git: "https://github.com/tcitworld/ueberauth_keycloak.git", branch: "upgrade-deps"},
-      {:ueberauth_gitlab_strategy,
-       git: "https://github.com/tcitworld/ueberauth_gitlab.git", branch: "upgrade-deps"},
+      {:ueberauth_keycloak_strategy, "~> 0.3.0"},
+      {:ueberauth_gitlab_strategy, "~> 0.4.0"},
       {:ecto_shortuuid, "~> 0.1"},
       {:tesla, "~> 1.4.0"},
       {:sitemapper, "~> 0.6"},
diff --git a/mix.lock b/mix.lock
index e82008dc6..1487a67c5 100644
--- a/mix.lock
+++ b/mix.lock
@@ -132,9 +132,9 @@
   "ueberauth": {:hex, :ueberauth, "0.7.0", "9c44f41798b5fa27f872561b6f7d2bb0f10f03fdd22b90f454232d7b087f4b75", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "2efad9022e949834f16cc52cd935165049d81fa9e925690f91035c2e4b58d905"},
   "ueberauth_facebook": {:hex, :ueberauth_facebook, "0.9.0", "c0b03c33903d1d23db1a13eb2d31238d64f32ee35b5bd51491e24d40168c0bff", [:mix], [{:oauth2, "~> 1.0 or ~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "f2a0fc914a194431b4578b16cba7a2cfce2298f7cfbefb3aa744283cf1eb47ff"},
   "ueberauth_github": {:hex, :ueberauth_github, "0.8.1", "0be487b5afc29bc805fa5e31636f37c8f09d5159ef73fc08c4c7a98c9cfe2c18", [:mix], [{:oauth2, "~> 1.0 or ~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7.0", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "143d6130b945ea9bdbd0ef94987f40788f1d7e8090decbfc0722773155e7a74a"},
-  "ueberauth_gitlab_strategy": {:git, "https://github.com/tcitworld/ueberauth_gitlab.git", "9fc5d30b5d87ff7cdef293a1c128f25777dcbe59", [branch: "upgrade-deps"]},
+  "ueberauth_gitlab_strategy": {:hex, :ueberauth_gitlab_strategy, "0.4.0", "96605d304ebb87ce508eccbeb1f94da9ea1c9da20d8913771b6cf24a6cc6c633", [:mix], [{:oauth2, "~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7.0", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "e86e2e794bb063c07c05a6b1301b73f2be3ba9308d8f47ecc4d510ef9226091e"},
   "ueberauth_google": {:hex, :ueberauth_google, "0.10.1", "db7bd2d99d2ff38e7449042a08d9560741b0dcaf1c31191729b97188b025465e", [:mix], [{:oauth2, "~> 1.0 or ~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7.0", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "b799f547d279bb836e1f7039fc9fbb3a9d008a695e2a25bd06bffe591a168ba1"},
-  "ueberauth_keycloak_strategy": {:git, "https://github.com/tcitworld/ueberauth_keycloak.git", "d892f0f9daf9e0023319b69ac2f7c2c6edff2b14", [branch: "upgrade-deps"]},
+  "ueberauth_keycloak_strategy": {:hex, :ueberauth_keycloak_strategy, "0.3.0", "262f25ae9a38886e13a954919a873ae6ea9adf73cf8875eec74b945f0b2c7b2b", [:mix], [{:oauth2, "~> 2.0", [hex: :oauth2, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "d1a0abad08cd5e39722a9899200583b03ac63fee0c264799018ef06eb989db31"},
   "ueberauth_twitter": {:hex, :ueberauth_twitter, "0.4.1", "92f88b1ad50322cdda719b439bb7f93b225dc0315723117bc25c782e627c8f33", [:mix], [{:httpoison, "~> 1.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:oauther, "~> 1.1", [hex: :oauther, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "83ca8ea3e1a3f976f1adbebfb323b9ebf53af453fbbf57d0486801a303b16065"},
   "unicode_util_compat": {:hex, :unicode_util_compat, "0.7.0", "bc84380c9ab48177092f43ac89e4dfa2c6d62b40b8bd132b1059ecc7232f9a78", [:rebar3], [], "hexpm", "25eee6d67df61960cf6a794239566599b09e17e668d3700247bc498638152521"},
   "unsafe": {:hex, :unsafe, "1.0.1", "a27e1874f72ee49312e0a9ec2e0b27924214a05e3ddac90e91727bc76f8613d8", [:mix], [], "hexpm", "6c7729a2d214806450d29766abc2afaa7a2cbecf415be64f36a6691afebb50e5"},

From f997f573bac4d40584b191929dc5d0496f02b0ce Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Thu, 28 Apr 2022 11:44:07 +0200
Subject: [PATCH 2/3] Use a session for state parameter in Ueberauth callback
 controller

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/web/controllers/auth_controller.ex | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/web/controllers/auth_controller.ex b/lib/web/controllers/auth_controller.ex
index 49a12b5a9..f1ba410e8 100644
--- a/lib/web/controllers/auth_controller.ex
+++ b/lib/web/controllers/auth_controller.ex
@@ -7,6 +7,14 @@ defmodule Mobilizon.Web.AuthController do
   require Logger
   plug(:put_layout, false)
 
+  config = Application.get_env(:mobilizon, Mobilizon.Web.Endpoint, [])
+
+  plug(Plug.Session,
+    store: :cookie,
+    key: "_auth_callback",
+    signing_salt: Keyword.get(config, :secret_key_base)
+  )
+
   plug(Ueberauth)
 
   @spec request(Plug.Conn.t(), map()) :: Plug.Conn.t()

From c91e8f6bf3455e387c0e1d702a56258b694a0cc8 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Thu, 28 Apr 2022 11:43:05 +0200
Subject: [PATCH 3/3] Fix being an administrator when using 3rd-party auth
 provider

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 js/src/views/User/ProviderValidation.vue | 2 +-
 lib/web/views/auth_view.ex               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/js/src/views/User/ProviderValidation.vue b/js/src/views/User/ProviderValidation.vue
index d2d49a52b..3f41e8f2d 100644
--- a/js/src/views/User/ProviderValidation.vue
+++ b/js/src/views/User/ProviderValidation.vue
@@ -46,7 +46,7 @@ export default class ProviderValidate extends Vue {
           id: userId,
           email: userEmail,
           isLoggedIn: true,
-          role: ICurrentUserRole.USER,
+          role: userRole,
         },
       });
       const { data } = await this.$apollo.query<{ loggedUser: IUser }>({
diff --git a/lib/web/views/auth_view.ex b/lib/web/views/auth_view.ex
index 9ec29ff29..eeedd2ca2 100644
--- a/lib/web/views/auth_view.ex
+++ b/lib/web/views/auth_view.ex
@@ -20,7 +20,7 @@ defmodule Mobilizon.Web.AuthView do
       Tag.tag(:meta, name: "auth-refresh-token", content: refresh_token),
       Tag.tag(:meta, name: "auth-user-id", content: user_id),
       Tag.tag(:meta, name: "auth-user-email", content: user_email),
-      Tag.tag(:meta, name: "auth-user-role", content: user_role),
+      Tag.tag(:meta, name: "auth-user-role", content: String.upcase(to_string(user_role))),
       Tag.tag(:meta, name: "auth-user-actor-id", content: user_actor_id)
     ]