Add OIDC login

Filter more things out of Slate and The Verge
Add ELB extractor
2023-06-25 15:19:11 -07:00 · 2023-06-25 14:12:15 -07:00 · 2023-06-25 14:06:18 -07:00 · 2023-06-25 14:03:16 -07:00
36 changed files with 240 additions and 86 deletions
--- a/config/config.exs
+++ b/config/config.exs
@ -5,7 +5,7 @@
 # is restricted to this project.

 # General application configuration
-use Mix.Config
+import Config

 config :frenzy,
  ecto_repos: [Frenzy.Repo]
@ -30,9 +30,22 @@ config :phoenix, :json_library, Jason

 config :logger, truncate: :infinity

+config :frenzy, env: config_env()
 config :frenzy, sentry_enabled: false
 config :frenzy, external_readability: false
+config :frenzy, oidc_enabled: false
+
+config :ueberauth, Ueberauth,
+  providers: [
+    oidc:
+      {Ueberauth.Strategy.OIDC,
+       [
+         default: [
+           provider: :default_oidc
+         ]
+       ]}
+  ]

 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
-import_config "#{Mix.env()}.exs"
+import_config "#{config_env()}.exs"
--- a/config/dev.exs
+++ b/config/dev.exs
@ -1,4 +1,4 @@
-use Mix.Config
+import Config

 # For development, we disable any cache and enable
 # debugging and code reloading.
--- a/config/prod.exs
+++ b/config/prod.exs
@ -1,4 +1,4 @@
-use Mix.Config
+import Config

 # For production, don't forget to configure the url host
 # to something meaningful, Phoenix uses this information
--- a/config/test.exs
+++ b/config/test.exs
@ -1,4 +1,4 @@
-use Mix.Config
+import Config

 # We don't run a server during test. If one is required,
 # you can enable the server option below.
--- a/lib/frenzy.ex
+++ b/lib/frenzy.ex
@ -10,4 +10,8 @@ defmodule Frenzy do
  def sentry_enabled? do
    Application.get_env(:frenzy, :sentry_enabled)
  end
+
+  def oidc_enabled? do
+    Application.get_env(:frenzy, :oidc_enabled)
+  end
 end
--- a/lib/frenzy/application.ex
+++ b/lib/frenzy/application.ex
@ -20,6 +20,14 @@ defmodule Frenzy.Application do
      {Frenzy.BuiltinExtractor, name: Frenzy.BuiltinExtractor}
    ]

+    children =
+      if Frenzy.oidc_enabled?() do
+        children ++
+          [{OpenIDConnect.Worker, Application.get_env(:ueberauth, Ueberauth.Strategy.OIDC)}]
+      else
+        children
+      end
+
    # See https://hexdocs.pm/elixir/Supervisor.html
    # for other strategies and supported options
    opts = [strategy: :one_for_one, name: Frenzy.Supervisor]
--- a/lib/frenzy/builtin_extractor.ex
+++ b/lib/frenzy/builtin_extractor.ex
@ -3,7 +3,7 @@ defmodule Frenzy.BuiltinExtractor do
  alias Frenzy.Network
  require Logger

-  @external_url Application.get_env(:frenzy, :external_readability_url)
+  @external_url Application.compile_env(:frenzy, :external_readability_url)

  def start_link(state) do
    GenServer.start_link(__MODULE__, :ok, state)
@ -28,7 +28,7 @@ defmodule Frenzy.BuiltinExtractor do
            true

          _ ->
-            Logger.warn("Could not reach external readability for healthcheck, disabling")
+            Logger.warning("Could not reach external readability for healthcheck, disabling")
            false
        end
      else
@ -49,7 +49,8 @@ defmodule Frenzy.BuiltinExtractor do

      case Network.http_post(uri, html, headers: [{"content-type", "text/html"}]) do
        {:ok, %Tesla.Env{status: 200, body: body}} ->
-          {:reply, Floki.parse(body), state}
+          {:ok, doc} = Floki.parse_document(body)
+          {:reply, doc, state}

        {:ok, %Tesla.Env{status: status}} ->
          Logger.error("External readability failed, got HTTP #{status}")
--- a/lib/frenzy/pipeline/conditional_stage.ex
+++ b/lib/frenzy/pipeline/conditional_stage.ex
@ -17,7 +17,7 @@ defmodule Frenzy.Pipeline.ConditionalStage do

  @impl Stage
  def apply(opts, item_params) do
-    Logger.warn("Received invalid conditional opts: #{inspect(opts)}")
+    Logger.warning("Received invalid conditional opts: #{inspect(opts)}")
    {:ok, item_params}
  end

@ -30,7 +30,7 @@ defmodule Frenzy.Pipeline.ConditionalStage do
  end

  defp test_condition(condition, _item_params) do
-    Logger.warn("Received invalid condition: #{inspect(condition)}")
+    Logger.warning("Received invalid condition: #{inspect(condition)}")
    false
  end

--- a/lib/frenzy/pipeline/extractor/ars_technica.ex
+++ b/lib/frenzy/pipeline/extractor/ars_technica.ex
@ -34,7 +34,8 @@ defmodule Frenzy.Pipeline.Extractor.ArsTechnica do

      if next_page_url != nil do
        with body when not is_nil(body) <- fetch_page(next_page_url),
-             next_pages when is_list(next_pages) <- get_pages_from_tree(Floki.parse(body)) do
+             {:ok, doc} <- Floki.parse_document(body),
+             next_pages when is_list(next_pages) <- get_pages_from_tree(doc) do
          [content] ++ next_pages
        else
          _ ->
@ -63,7 +64,7 @@ defmodule Frenzy.Pipeline.Extractor.ArsTechnica do
        body

      {:ok, %Tesla.Env{status: code}} ->
-        Logger.warn("Unexpected HTTP code #{code} getting Ars Technica page #{url}")
+        Logger.warning("Unexpected HTTP code #{code} getting Ars Technica page #{url}")
        nil

      {:error, reason} ->
--- a/lib/frenzy/pipeline/extractor/election_law_blog.ex
+++ b/lib/frenzy/pipeline/extractor/election_law_blog.ex
@ -0,0 +1,20 @@
+defmodule Frenzy.Pipeline.Extractor.ElectionLawBlog do
+  @moduledoc """
+  Extractor for https://electionlawblog.org
+  """
+
+  alias Frenzy.Pipeline.Extractor
+  @behaviour Extractor
+
+  @impl Extractor
+  def extract(html_tree) do
+    case Floki.find(html_tree, "div.entry-content") do
+      [content_elem | _] ->
+        filtered = Floki.filter_out(content_elem, ".addtoany_share_save_container")
+        {:ok, filtered}
+
+      _ ->
+        {:error, "no matching elements"}
+    end
+  end
+end
--- a/lib/frenzy/pipeline/extractor/macstories.ex
+++ b/lib/frenzy/pipeline/extractor/macstories.ex
@ -15,7 +15,7 @@ defmodule Frenzy.Pipeline.Extractor.MacStories do
          # some images have full size links, strip those out
          |> Floki.filter_out("a.view-full-size")
          # rewrite non-standard images captions to <figure>/<figcaption>
-          |> Floki.map(&rewrite_element/1)
+          |> Floki.find_and_update("div, p", &rewrite_element/1)

        {:ok, content_elem}

--- a/lib/frenzy/pipeline/extractor/slate.ex
+++ b/lib/frenzy/pipeline/extractor/slate.ex
@ -21,7 +21,10 @@ defmodule Frenzy.Pipeline.Extractor.Slate do
    case Floki.find(html_tree, ".article__content") do
      [el] ->
        article_content =
-          Floki.filter_out(el, ".slate-ad, .in-article-recirc, .social-share, .newsletter-signup")
+          Floki.filter_out(
+            el,
+            ".slate-ad, .in-article-recirc, .social-share, .newsletter-signup, .recirc-line, .product"
+          )

        image = Floki.find(html_tree, ".article__top-image img")

--- a/lib/frenzy/pipeline/extractor/util.ex
+++ b/lib/frenzy/pipeline/extractor/util.ex
@ -5,7 +5,7 @@ defmodule Frenzy.Pipeline.Extractor.Util do
  """
  @spec strip_wp_lazy_loading(Floki.html_tree()) :: Floki.html_tree()
  def strip_wp_lazy_loading(tree) do
-    Floki.map(tree, fn
+    Floki.find_and_update(tree, "img.jetpack-lazy-image", fn
      {"img", attrs} = el ->
        class = Enum.find(attrs, fn {k, _} -> k == "class" end)

--- a/lib/frenzy/pipeline/extractor/verge.ex
+++ b/lib/frenzy/pipeline/extractor/verge.ex
@ -16,7 +16,7 @@ defmodule Frenzy.Pipeline.Extractor.TheVerge do
      html_tree
      |> Floki.find("article#content > div:not(.duet--article--lede)")
      |> Floki.filter_out(
-        ".duet--layout--rail, .duet--article--article-pullquote, .duet--article--comments-join-the-conversation"
+        ".duet--layout--rail, .duet--article--article-pullquote, .duet--article--comments-join-the-conversation, .duet--recirculation--related-list, .duet--article--comments-button"
      )

    {:ok, image ++ content}
--- a/lib/frenzy/pipeline/filter_engine.ex
+++ b/lib/frenzy/pipeline/filter_engine.ex
@ -133,7 +133,7 @@ defmodule Frenzy.Pipeline.FilterEngine do

  defp get_property(%{content: content, content_type: "text/html"}, "content") do
    content
-    |> Floki.parse()
+    |> Floki.parse_fragment()
    |> Floki.text()
  end

--- a/lib/frenzy/pipeline/gemini_scrape_stage.ex
+++ b/lib/frenzy/pipeline/gemini_scrape_stage.ex
@ -8,7 +8,7 @@ defmodule Frenzy.Pipeline.GeminiScrapeStage do
  def apply(opts, %{url: url} = item_params) do
    case get_content(url, opts) do
      {:error, reason} ->
-        Logger.warn("Unable to get Gemini content for #{url}: #{reason}")
+        Logger.warning("Unable to get Gemini content for #{url}: #{reason}")
        {:ok, item_params}

      {content, content_type} ->
--- a/lib/frenzy/pipeline/scrape_stage.ex
+++ b/lib/frenzy/pipeline/scrape_stage.ex
@ -12,7 +12,7 @@ defmodule Frenzy.Pipeline.ScrapeStage do
        {:ok, %{item_params | content: content}}

      {:error, reason} ->
-        Logger.warn("Unable to get article content for #{url}: #{reason}")
+        Logger.warning("Unable to get article content for #{url}: #{reason}")
        {:ok, item_params}
    end
  end
@ -92,7 +92,7 @@ defmodule Frenzy.Pipeline.ScrapeStage do
        {:ok, BuiltinExtractor.article(url, body)}

      module_name ->
-        html_tree = Floki.parse(body)
+        {:ok, html_tree} = Floki.parse_document(body)

        try do
          apply(String.to_existing_atom("Elixir." <> module_name), :extract, [html_tree])
@ -134,7 +134,12 @@ defmodule Frenzy.Pipeline.ScrapeStage do
            value -> value
          end

-        html = Floki.map(html, rewrite_image_urls(convert_to_data_uris, URI.parse(url)))
+        html =
+          Floki.find_and_update(
+            html,
+            "img",
+            rewrite_image_urls(convert_to_data_uris, URI.parse(url))
+          )

        {:ok, Floki.raw_html(html)}

--- a/lib/frenzy/task/create_item.ex
+++ b/lib/frenzy/task/create_item.ex
@ -109,7 +109,7 @@ defmodule Frenzy.Task.CreateItem do
          {:error, changeset} ->
            with [feed_id: {_, list}] <- changeset.errors,
                 true <- {:constraint_name, "items_feed_guid_index"} in list do
-              Logger.warn("Did not insert duplicate item for #{item_params.guid}")
+              Logger.warning("Did not insert duplicate item for #{item_params.guid}")
            else
              _ ->
                Logger.error("Error inserting item #{item_params.guid}")
--- a/lib/frenzy/task/fetch_favicon.ex
+++ b/lib/frenzy/task/fetch_favicon.ex
@ -59,7 +59,7 @@ defmodule Frenzy.Task.FetchFavicon do

  @spec extract_favicon_url(page_url :: String.t(), body :: term()) :: String.t()
  defp extract_favicon_url(page_url, body) do
-    html_tree = Floki.parse(body)
+    {:ok, html_tree} = Floki.parse_document(body)

    case Floki.find(html_tree, "link[rel=icon]") do
      [] ->
--- a/lib/frenzy/update_feeds.ex
+++ b/lib/frenzy/update_feeds.ex
@ -77,7 +77,7 @@ defmodule Frenzy.UpdateFeeds do
        update_feed(feed)
      rescue
        error ->
-          Logger.warn(
+          Logger.warning(
            "Encountered error updating feed #{feed.id} #{feed.feed_url}: #{inspect(error)}"
          )

@ -119,7 +119,7 @@ defmodule Frenzy.UpdateFeeds do
        update_feed_http(feed, retry_count)

      %URI{scheme: scheme} ->
-        Logger.warn("Unhandled scheme for feed: #{scheme}")
+        Logger.warning("Unhandled scheme for feed: #{scheme}")
    end
  end

--- a/lib/frenzy/user.ex
+++ b/lib/frenzy/user.ex
@ -8,6 +8,7 @@ defmodule Frenzy.User do
    field :password_hash, :string
    field :fever_password, :string, virtual: true
    field :fever_auth_token, :string
+    field :oidc_subject, :string

    has_many :approved_clients, Frenzy.ApprovedClient, on_delete: :delete_all

@ -25,6 +26,7 @@ defmodule Frenzy.User do
          password_hash: String.t(),
          fever_password: String.t() | nil,
          fever_auth_token: String.t(),
+          oidc_subject: String.t() | nil,
          approved_clients: [Frenzy.ApprovedClient.t()] | Ecto.Association.NotLoaded.t(),
          groups: [Frenzy.Group.t()] | Ecto.Association.NotLoaded.t(),
          inserted_at: NaiveDateTime.t(),
@ -61,6 +63,11 @@ defmodule Frenzy.User do
    |> put_fever_token()
  end

+  def set_oidc_subject_changeset(user, attrs) do
+    user
+    |> cast(attrs, [:oidc_subject])
+  end
+
  defp put_password_hash(
         %Ecto.Changeset{valid?: true, changes: %{password: password}} = changeset
       ) do
--- a/lib/frenzy_web/controllers/account_controller.ex
+++ b/lib/frenzy_web/controllers/account_controller.ex
@ -15,7 +15,8 @@ defmodule FrenzyWeb.AccountController do

    render(conn, "show.html", %{
      user: user,
-      clients: clients
+      clients: clients,
+      can_link_oidc: Frenzy.oidc_enabled?() && user.oidc_subject in [nil, ""]
    })
  end

@ -147,4 +148,10 @@ defmodule FrenzyWeb.AccountController do
    opml = Frenzy.OPML.Exporter.export(user.groups)
    send_download(conn, {:binary, opml}, filename: "frenzy_export.opml")
  end
+
+  def link_oidc(conn, _params) do
+    conn
+    |> put_session(:continue_path, Routes.account_path(conn, :show))
+    |> redirect(to: Routes.login_path(conn, :ueberauth_request, "oidc"))
+  end
 end
--- a/lib/frenzy_web/controllers/login_controller.ex
+++ b/lib/frenzy_web/controllers/login_controller.ex
@ -3,9 +3,15 @@ defmodule FrenzyWeb.LoginController do
  alias Frenzy.{Repo, User}
  alias FrenzyWeb.Endpoint

+  if Frenzy.oidc_enabled?() do
+    plug Ueberauth
+  end
+
  def login(conn, params) do
-    render(conn, "login.html", %{
-      continue: Map.get(params, "continue")
+    conn
+    |> put_session(:continue_path, Map.get(params, "continue"))
+    |> render("login.html", %{
+      oidc_enabled?: Frenzy.oidc_enabled?()
    })
  end

@ -14,16 +20,12 @@ defmodule FrenzyWeb.LoginController do

    case Bcrypt.check_pass(user, password) do
      {:ok, user} ->
-        user_token = Phoenix.Token.sign(Endpoint, "user token", user.id)
-        conn = put_session(conn, :user_token, user_token)
-
-        redirect_uri = Map.get(params, "continue") || Routes.group_path(Endpoint, :index)
-        redirect(conn, to: redirect_uri)
+        put_user_and_redirect(conn, user)

      {:error, _reason} ->
        conn
        |> put_flash(:error, "Invalid username or password.")
-        |> redirect(to: Routes.login_path(Endpoint, :login))
+        |> redirect(to: Routes.login_path(Endpoint, :login, continue: continue_path(conn)))
    end
  end

@ -33,4 +35,52 @@ defmodule FrenzyWeb.LoginController do
    |> clear_session()
    |> redirect(to: "/")
  end
+
+  def ueberauth_callback(%{assigns: %{ueberauth_failure: _fails}} = conn, _params) do
+    conn
+    |> put_flash(:error, "Failed to authenticate.")
+    |> redirect(to: Routes.login_path(Endpoint, :login, continue: continue_path(conn)))
+  end
+
+  def ueberauth_callback(
+        %{assigns: %{ueberauth_auth: %{credentials: %{other: %{user_info: %{"sub" => subject}}}}}} =
+          conn,
+        _params
+      ) do
+    case Repo.get_by(User, oidc_subject: subject) do
+      nil ->
+        conn = FrenzyWeb.Plug.Authenticate.call(conn, nil)
+
+        case conn.assigns.user do
+          %User{} = user ->
+            changeset = User.set_oidc_subject_changeset(user, %{oidc_subject: subject})
+            {:ok, user} = Repo.update(changeset)
+
+            conn
+            |> put_flash(:info, "Successfully linked OIDC.")
+            |> redirect(to: continue_path(conn))
+
+          _ ->
+            # TODO: register new user for subject
+            conn
+            |> put_flash(:error, "No matching OIDC subject.")
+            |> redirect(to: Routes.login_path(Endpoint, :login, continue: continue_path(conn)))
+        end
+
+      user ->
+        put_user_and_redirect(conn, user)
+    end
+  end
+
+  defp continue_path(conn) do
+    get_session(conn, :continue_path) || Routes.group_path(Endpoint, :index)
+  end
+
+  defp put_user_and_redirect(conn, user) do
+    user_token = Phoenix.Token.sign(Endpoint, "user token", user.id)
+
+    conn
+    |> put_session(:user_token, user_token)
+    |> redirect(to: continue_path(conn))
+  end
 end
--- a/lib/frenzy_web/live/configure_stage/conditional_stage_live.html.heex
+++ b/lib/frenzy_web/live/configure_stage/conditional_stage_live.html.heex
@ -1,5 +1,5 @@
 <div id={@id}>
-  <%= if Mix.env == :dev do %>
+  <%= if Application.fetch_env!(:frenzy, :env) == :dev do %>
    <pre><%= Jason.encode!(@opts, pretty: true) %></pre>
  <% end %>

@ -19,7 +19,7 @@
    <div class="card-body">
      <% component = component_module(@opts["stage"]) %>
      <%= unless is_nil(component) do %>
-        <%= live_component(@socket, component, index: @index, id: "#{@id}-conditional", stage: @stage, keypath: @keypath ++ ["opts"]) %>
+        <%= live_component(component, index: @index, id: "#{@id}-conditional", stage: @stage, keypath: @keypath ++ ["opts"]) %>
      <% end %>
    </div>
  </div>
@ -45,7 +45,7 @@
          </div>
        <% end %>

-        <%= live_component @socket, FrenzyWeb.FilterLive, id: "##{@id}-filter", parent_id: @id, filter: @opts["condition"] %>
+        <%= live_component FrenzyWeb.FilterLive, id: "##{@id}-filter", parent_id: @id, filter: @opts["condition"] %>
      </div>
    </div>
  <% else %>
@ -61,7 +61,7 @@
        </div>
      </div>
      <div class="card-body">
-        <%= live_component @socket, FrenzyWeb.FilterRuleLive, id: "##{@id}-rule", parent_id: @id, rule: @opts["condition"], index: :no_index %>
+        <%= live_component FrenzyWeb.FilterRuleLive, id: "##{@id}-rule", parent_id: @id, rule: @opts["condition"], index: :no_index %>
      </div>
    </div>
  <% end %>
--- a/lib/frenzy_web/live/configure_stage/filter_stage_live.html.heex
+++ b/lib/frenzy_web/live/configure_stage/filter_stage_live.html.heex
@ -1,6 +1,6 @@
 <div id={@id}>
-  <%= if Mix.env == :dev do %>
+  <%= if Application.fetch_env!(:frenzy, :env) == :dev do %>
    <pre><%= Jason.encode!(@opts, pretty: true) %></pre>
  <% end %>
-  <%= live_component @socket, FrenzyWeb.FilterLive, id: "#{@id}-filter", parent_id: @id, filter: @opts %>
+  <%= live_component FrenzyWeb.FilterLive, id: "#{@id}-filter", parent_id: @id, filter: @opts %>
 </div>
--- a/lib/frenzy_web/live/configure_stage/scrape_stage_live.ex
+++ b/lib/frenzy_web/live/configure_stage/scrape_stage_live.ex
@ -8,6 +8,7 @@ defmodule FrenzyWeb.ConfigureStage.ScrapeStageLive do
                {"beckyhansmeyer.com", Frenzy.Pipeline.Extractor.BeckyHansmeyer},
                {"birchtree.me", Frenzy.Pipeline.Extractor.Birchtree},
                {"daringfireball.net", Frenzy.Pipeline.Extractor.DaringFireball},
+                {"Election Law Blog", Frenzy.Pipeline.Extractor.ElectionLawBlog},
                {"ericasadun.com", Frenzy.Pipeline.Extractor.EricaSadun},
                {"finertech.com", Frenzy.Pipeline.Extractor.FinerTech},
                {"macstories.net", Frenzy.Pipeline.Extractor.MacStories},
--- a/lib/frenzy_web/live/configure_stage/scrape_stage_live.html.heex
+++ b/lib/frenzy_web/live/configure_stage/scrape_stage_live.html.heex
@ -1,5 +1,5 @@
 <div id={@id}>
-  <%= if Mix.env == :dev do %>
+  <%= if Application.fetch_env!(:frenzy, :env) == :dev do %>
    <pre><%= Jason.encode!(@opts, pretty: true) %></pre>
  <% end %>
  <%= form_for @opts, "#", [as: :opts, phx_change: :update_stage, phx_target: @myself], fn f -> %>
--- a/lib/frenzy_web/live/edit_pipeline_live.ex
+++ b/lib/frenzy_web/live/edit_pipeline_live.ex
@ -106,13 +106,13 @@ defmodule FrenzyWeb.EditPipelineLive do
    end
  end

-  def component_for(socket, %{"module_name" => module} = stage, index) do
+  def component_for(%{"module_name" => module} = stage, index) do
    case component_module(module) do
      nil ->
        nil

      component ->
-        live_component(socket, component,
+        live_component(component,
          index: index,
          id: "stage-#{index}",
          stage: stage,
--- a/lib/frenzy_web/live/edit_pipeline_live.html.heex
+++ b/lib/frenzy_web/live/edit_pipeline_live.html.heex
@ -19,7 +19,7 @@
      </div>
    </div>
    <div class="card-body">
-      <%= component_for(@socket, stage, index) %>
+      <%= component_for(stage, index) %>
    </div>
  </div>
 <% end %>
--- a/lib/frenzy_web/live/filter/filter_live.html.heex
+++ b/lib/frenzy_web/live/filter/filter_live.html.heex
@ -27,11 +27,11 @@

      </div>
      <div class="card-body">
-        <%= live_component @socket, FrenzyWeb.FilterRuleLive, id: "#{@id}-rule-#{index}", parent_id: @parent_id, rule: rule, index: index %>
+        <%= live_component FrenzyWeb.FilterRuleLive, id: "#{@id}-rule-#{index}", parent_id: @parent_id, rule: rule, index: index %>
      </div>
    </div>
  <% end %>
-  <%= form_for :rule, "#", [class: "mt-2", phx_submit: :add_rule, phx_target: "##{@parent_id}"], fn f -> %>
+  <%= form_for :rule, "#", [class: "mt-2", phx_submit: :add_rule, phx_target: "##{@parent_id}"], fn _f -> %>
    <%= submit "Add Rule", class: "btn btn-primary" %>
  <% end %>
 </div>
--- a/lib/frenzy_web/router.ex
+++ b/lib/frenzy_web/router.ex
@ -34,6 +34,15 @@ defmodule FrenzyWeb.Router do
    post "/oauth/authorize", Fervor.OauthController, :authorize_post
  end

+  scope "/auth", FrenzyWeb do
+    pipe_through :browser
+
+    if Frenzy.oidc_enabled?() do
+      get "/:unused", LoginController, :ueberauth_request
+      get "/:unused/callback", LoginController, :ueberauth_callback
+    end
+  end
+
  scope "/", FrenzyWeb do
    pipe_through :browser
    pipe_through :browser_authenticate
@ -47,6 +56,10 @@ defmodule FrenzyWeb.Router do
    post "/account/import", AccountController, :import
    post "/account/export", AccountController, :export

+    if Frenzy.oidc_enabled?() do
+      get "/account/link_oidc", AccountController, :link_oidc
+    end
+
    get "/", GroupController, :index
    resources "/groups", GroupController
    get "/groups/:id/read", GroupController, :read
--- a/lib/frenzy_web/templates/account/show.html.eex
+++ b/lib/frenzy_web/templates/account/show.html.eex
@ -20,43 +20,47 @@
 </section>

 <section class="card mt-4">
-  <h4 class="card-header">Security</h4>
+<h4 class="card-header">Security</h4>

-  <ul class="list-group list-group-flush">
+<ul class="list-group list-group-flush">
+  <li class="list-group-item">
+    <a href="<%= Routes.account_path(@conn, :change_password) %>" class="btn btn-secondary">Change Password</a>
+    <a href="<%= Routes.account_path(@conn, :change_fever_password) %>" class="btn btn-secondary">Change Fever Password</a>
+  </li>
+  <%= if @can_link_oidc do %>
    <li class="list-group-item">
-<a href="<%= Routes.account_path(@conn, :change_password) %>" class="btn btn-secondary">Change Password</a>
-
-<a href="<%= Routes.account_path(@conn, :change_fever_password) %>" class="btn btn-secondary">Change Fever Password</a>
+      <a href="<%= Routes.account_path(@conn, :link_oidc) %>" class="btn btn-secondary">Link OIDC</a>
    </li>
-    <li class="list-group-item">
+  <% end %>
+  <li class="list-group-item">
    <h5 class="card-title">Approved Clients</h5>
-   <table class="table table-striped">
-      <thead>
-        <tr>
-          <th>Client</th>
-          <th>Revoke Access</th>
-        </tr>
-      </thead>
-      <tbody>
-        <%= for {approved, fervor} <- @clients do %>
-          <tr>
-            <td>
-              <%= if fervor.website do %>
-                <a href="<%= fervor.website %>"><%= fervor.client_name %></a>
-              <% else %>
-                <%= fervor.client_name %>
-              <% end %>
-            </td>
-            <td>
-              <%= form_tag Routes.account_path(@conn, :remove_client), method: :post do %>
-                <input type="hidden" name="client_id" value="<%= approved.client_id %>">
-                <%= submit "Revoke", class: "btn btn-danger" %>
-              <% end %>
-            </td>
-          </tr>
-        <% end %>
-      </tbody>
-    </table> </li>
-  </ul>
-
+    <table class="table table-striped">
+       <thead>
+         <tr>
+           <th>Client</th>
+           <th>Revoke Access</th>
+         </tr>
+       </thead>
+       <tbody>
+         <%= for {approved, fervor} <- @clients do %>
+           <tr>
+             <td>
+               <%= if fervor.website do %>
+                 <a href="<%= fervor.website %>"><%= fervor.client_name %></a>
+               <% else %>
+                 <%= fervor.client_name %>
+               <% end %>
+             </td>
+             <td>
+               <%= form_tag Routes.account_path(@conn, :remove_client), method: :post do %>
+                 <input type="hidden" name="client_id" value="<%= approved.client_id %>">
+                 <%= submit "Revoke", class: "btn btn-danger" %>
+               <% end %>
+             </td>
+           </tr>
+         <% end %>
+       </tbody>
+    </table>
+  </li>
+</ul>
 </section>
--- a/lib/frenzy_web/templates/login/login.html.eex
+++ b/lib/frenzy_web/templates/login/login.html.eex
@ -1,9 +1,6 @@
 <h1>Login</h1>

 <%= form_tag Routes.login_path(@conn, :login_post), method: :post do %>
-  <%= if @continue do %>
-    <input type="hidden" name="continue" value="<%= @continue %>">
-  <% end %>
  <div class="row mb-2">
    <label for="username" class="col-sm-2 col-form-label">Username</label>
    <div class="col-sm-10">
@ -22,3 +19,7 @@
    </div>
  </div>
 <% end %>
+
+<%= if @oidc_enabled? do %>
+  <a href="<%= Routes.login_path(@conn, :ueberauth_request, "oidc") %>">Log In with OIDC</a>
+<% end %>
--- a/mix.exs
+++ b/mix.exs
@ -57,7 +57,9 @@ defmodule Frenzy.MixProject do
      {:floki, "~> 0.30"},
      {:phoenix_live_view, "~> 0.17.5"},
      {:gemini, git: "https://git.shadowfacts.net/shadowfacts/gemini-ex.git", branch: "main"},
-      {:sentry, "~> 8.0"}
+      {:sentry, "~> 8.0"},
+      {:ueberauth, "~> 0.10"},
+      {:ueberauth_oidc, "~> 0.1"}
    ]
  end

--- a/mix.lock
+++ b/mix.lock
@ -25,13 +25,16 @@
  "hackney": {:hex, :hackney, "1.18.1", "f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6", [:rebar3], [{:certifi, "~>2.9.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~>6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~>1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~>1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~>0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a4ecdaff44297e9b5894ae499e9a070ea1888c84afdd1fd9b7b2bc384950128e"},
  "hpax": {:hex, :hpax, "0.1.2", "09a75600d9d8bbd064cdd741f21fc06fc1f4cf3d0fcc335e5aa19be1a7235c84", [:mix], [], "hexpm", "2c87843d5a23f5f16748ebe77969880e29809580efdaccd615cd3bed628a8c13"},
  "html_entities": {:hex, :html_entities, "0.5.2", "9e47e70598da7de2a9ff6af8758399251db6dbb7eebe2b013f2bbd2515895c3c", [:mix], [], "hexpm", "c53ba390403485615623b9531e97696f076ed415e8d8058b1dbaa28181f4fdcc"},
+  "httpoison": {:hex, :httpoison, "1.8.2", "9eb9c63ae289296a544842ef816a85d881d4a31f518a0fec089aaa744beae290", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "2bb350d26972e30c96e2ca74a1aaf8293d61d0742ff17f01e0279fef11599921"},
  "idna": {:hex, :idna, "6.1.1", "8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d", [:rebar3], [{:unicode_util_compat, "~>0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "92376eb7894412ed19ac475e4a86f7b413c1b9fbb5bd16dccd57934157944cea"},
  "jason": {:hex, :jason, "1.4.0", "e855647bc964a44e2f67df589ccf49105ae039d4179db7f6271dfd3843dc27e6", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "79a3791085b2a0f743ca04cec0f7be26443738779d09302e01318f97bdb82121"},
+  "jose": {:hex, :jose, "1.11.5", "3bc2d75ffa5e2c941ca93e5696b54978323191988eb8d225c2e663ddfefd515e", [:mix, :rebar3], [], "hexpm", "dcd3b215bafe02ea7c5b23dafd3eb8062a5cd8f2d904fd9caa323d37034ab384"},
  "metrics": {:hex, :metrics, "1.0.1", "25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486", [:rebar3], [], "hexpm", "69b09adddc4f74a40716ae54d140f93beb0fb8978d8636eaded0c31b6f099f16"},
  "mime": {:hex, :mime, "2.0.3", "3676436d3d1f7b81b5a2d2bd8405f412c677558c81b1c92be58c00562bb59095", [:mix], [], "hexpm", "27a30bf0db44d25eecba73755acf4068cbfe26a4372f9eb3e4ea3a45956bff6b"},
  "mimerl": {:hex, :mimerl, "1.2.0", "67e2d3f571088d5cfd3e550c383094b47159f3eee8ffa08e64106cdf5e981be3", [:rebar3], [], "hexpm", "f278585650aa581986264638ebf698f8bb19df297f66ad91b18910dfc6e19323"},
  "mint": {:hex, :mint, "1.4.2", "50330223429a6e1260b2ca5415f69b0ab086141bc76dc2fbf34d7c389a6675b2", [:mix], [{:castore, "~> 0.1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:hpax, "~> 0.1.1", [hex: :hpax, repo: "hexpm", optional: false]}], "hexpm", "ce75a5bbcc59b4d7d8d70f8b2fc284b1751ffb35c7b6a6302b5192f8ab4ddd80"},
  "mochiweb": {:hex, :mochiweb, "2.18.0", "eb55f1db3e6e960fac4e6db4e2db9ec3602cc9f30b86cd1481d56545c3145d2e", [:rebar3], [], "hexpm"},
+  "openid_connect": {:hex, :openid_connect, "0.2.2", "c05055363330deab39ffd89e609db6b37752f255a93802006d83b45596189c0b", [:mix], [{:httpoison, "~> 1.2", [hex: :httpoison, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: false]}], "hexpm", "735769b6d592124b58edd0582554ce638524c0214cd783d8903d33357d74cc13"},
  "parse_trans": {:hex, :parse_trans, "3.3.1", "16328ab840cc09919bd10dab29e431da3af9e9e7e7e6f0089dd5a2d2820011d8", [:rebar3], [], "hexpm", "07cd9577885f56362d414e8c4c4e6bdf10d43a8767abb92d24cbe8b24c54888b"},
  "phoenix": {:hex, :phoenix, "1.6.12", "f8f8ac077600f84419806dd53114b2e77aedde7a502e74181a7d886355aa0643", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 2.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:phoenix_view, "~> 1.0", [hex: :phoenix_view, repo: "hexpm", optional: false]}, {:plug, "~> 1.10", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.2", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:plug_crypto, "~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "2d6cf5583c9c20f7103c40e6014ef802d96553b8e5d6585ad6e627bd5ddb0d12"},
  "phoenix_ecto": {:hex, :phoenix_ecto, "4.4.0", "0672ed4e4808b3fbed494dded89958e22fb882de47a97634c0b13e7b0b5f7720", [:mix], [{:ecto, "~> 3.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.14.2 or ~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:plug, "~> 1.9", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "09864e558ed31ee00bd48fcc1d4fc58ae9678c9e81649075431e69dbabb43cc1"},
@ -51,11 +54,13 @@
  "saxy": {:hex, :saxy, "0.6.0", "cdb2f2fcd8133d1f3f8b0cf6a131ee1ca348dca613de266e9a239db850c4a093", [:mix], [], "hexpm"},
  "sentry": {:hex, :sentry, "8.0.5", "5ca922b9238a50c7258b52f47364b2d545beda5e436c7a43965b34577f1ef61f", [:mix], [{:hackney, "~> 1.8", [hex: :hackney, repo: "hexpm", optional: true]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: true]}, {:plug, "~> 1.6", [hex: :plug, repo: "hexpm", optional: true]}, {:plug_cowboy, "~> 2.3", [hex: :plug_cowboy, repo: "hexpm", optional: true]}], "hexpm", "4972839fdbf52e886d7b3e694c8adf421f764f2fa79036b88fb4742049bd4b7c"},
  "socket": {:hex, :socket, "0.3.13", "98a2ab20ce17f95fb512c5cadddba32b57273e0d2dba2d2e5f976c5969d0c632", [:mix], [], "hexpm", "f82ea9833ef49dde272e6568ab8aac657a636acb4cf44a7de8a935acb8957c2e"},
-  "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
+  "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.7", "354c321cf377240c7b8716899e182ce4890c5938111a1296add3ec74cf1715df", [:make, :mix, :rebar3], [], "hexpm", "fe4c190e8f37401d30167c8c405eda19469f34577987c76dde613e838bbc67f8"},
  "telemetry": {:hex, :telemetry, "0.4.3", "a06428a514bdbc63293cd9a6263aad00ddeb66f608163bdec7c8995784080818", [:rebar3], [], "hexpm", "eb72b8365ffda5bed68a620d1da88525e326cb82a75ee61354fc24b844768041"},
  "tesla": {:hex, :tesla, "1.4.4", "bb89aa0c9745190930366f6a2ac612cdf2d0e4d7fff449861baa7875afd797b2", [:mix], [{:castore, "~> 0.1", [hex: :castore, repo: "hexpm", optional: true]}, {:exjsx, ">= 3.0.0", [hex: :exjsx, repo: "hexpm", optional: true]}, {:finch, "~> 0.3", [hex: :finch, repo: "hexpm", optional: true]}, {:fuse, "~> 2.4", [hex: :fuse, repo: "hexpm", optional: true]}, {:gun, "~> 1.3", [hex: :gun, repo: "hexpm", optional: true]}, {:hackney, "~> 1.6", [hex: :hackney, repo: "hexpm", optional: true]}, {:ibrowse, "4.4.0", [hex: :ibrowse, repo: "hexpm", optional: true]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:poison, ">= 1.0.0", [hex: :poison, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: true]}], "hexpm", "d5503a49f9dec1b287567ea8712d085947e247cb11b06bc54adb05bfde466457"},
  "timex": {:hex, :timex, "3.6.1", "efdf56d0e67a6b956cc57774353b0329c8ab7726766a11547e529357ffdc1d56", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 0.1.8 or ~> 0.5 or ~> 1.0.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "f354efb2400dd7a80fd9eb6c8419068c4f632da4ac47f3d8822d6e33f08bc852"},
  "tzdata": {:hex, :tzdata, "1.0.1", "f6027a331af7d837471248e62733c6ebee86a72e57c613aa071ebb1f750fc71a", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "cf1345dfbce6acdfd4e23cbb36e96e53d1981bc89181cd0b936f4f398f4c0b78"},
+  "ueberauth": {:hex, :ueberauth, "0.10.5", "806adb703df87e55b5615cf365e809f84c20c68aa8c08ff8a416a5a6644c4b02", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "3efd1f31d490a125c7ed453b926f7c31d78b97b8a854c755f5c40064bf3ac9e1"},
+  "ueberauth_oidc": {:hex, :ueberauth_oidc, "0.1.7", "d610cbe5ef09881dff52126906b130307adcf02791ce158c1847fd50949b283a", [:mix], [{:httpoison, "~> 1.8", [hex: :httpoison, repo: "hexpm", optional: false]}, {:jose, "~> 1.11", [hex: :jose, repo: "hexpm", optional: false]}, {:openid_connect, "~> 0.2.2", [hex: :openid_connect, repo: "hexpm", optional: false]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "34d612f66a5425af4142d6c9dece887c60188c31e1dc113e5ee8cecdc6c5e8a9"},
  "unicode_util_compat": {:hex, :unicode_util_compat, "0.7.0", "bc84380c9ab48177092f43ac89e4dfa2c6d62b40b8bd132b1059ecc7232f9a78", [:rebar3], [], "hexpm", "25eee6d67df61960cf6a794239566599b09e17e668d3700247bc498638152521"},
  "xml_builder": {:hex, :xml_builder, "2.1.1", "2d6d665f09cf1319e3e1c46035755271b414d99ad8615d0bd6f337623e0c885b", [:mix], [], "hexpm", "214c16caa77e66bf0c6b74099a7059ee00de8fd07728d2a3dc32afe344a7452b"},
 }
--- a/priv/repo/migrations/20230625214304_user_add_oidc_subject.exs
+++ b/priv/repo/migrations/20230625214304_user_add_oidc_subject.exs
@ -0,0 +1,9 @@
+defmodule Frenzy.Repo.Migrations.UserAddOidcSubject do
+  use Ecto.Migration
+
+  def change do
+    alter table(:users) do
+      add :oidc_subject, :string, default: nil
+    end
+  end
+end
Author	SHA1	Message	Date
Shadowfacts	2dda6d7f46	Add OIDC login	2023-06-25 15:19:11 -07:00
Shadowfacts	1f94e9080d	Filter more things out of Slate and The Verge	2023-06-25 14:12:15 -07:00
Shadowfacts	6dd4f3ca82	Add ELB extractor	2023-06-25 14:06:18 -07:00
Shadowfacts	53cbe0a7e9	Update things, fix warnings	2023-06-25 14:03:16 -07:00