wip

Cargo.toml

@@ -162,6 +162,7 @@ pretty_assertions = "1.4.0"
 derive-new = "0.7.0"
 diesel-bind-if-some = "0.1.0"
 tuplex = "0.1.2"
+sha2 = "0.10.8"
 
 [dependencies]
 lemmy_api = { workspace = true }

crates/api_crud/Cargo.toml

@@ -33,6 +33,8 @@ accept-language = "3.1.0"
 serde_json = { workspace = true }
 serde = { workspace = true }
 serde_with = { workspace = true }
+sha2 = { workspace = true }
+base64 = { workspace = true }
 
 [package.metadata.cargo-shear]
 ignored = ["futures"]

crates/api_crud/src/user/create.rs

@@ -1,5 +1,6 @@
 use activitypub_federation::{config::Data, http_signatures::generate_actor_keypair};
 use actix_web::{web::Json, HttpRequest};
+use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine as _};
 use lemmy_api_common::{
   claims::Claims,
   context::LemmyContext,
@@ -47,7 +48,8 @@ use lemmy_utils::{
 };
 use serde::{Deserialize, Serialize};
 use serde_with::skip_serializing_none;
-use std::collections::HashSet;
+use sha2::{Digest, Sha256};
+use std::{collections::HashSet, iter};
 
 #[skip_serializing_none]
 #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@@ -524,38 +526,41 @@ async fn oauth_request_access_token(
   pkce_code_verifier: Option<&str>,
   redirect_uri: &str,
 ) -> LemmyResult<TokenResponse> {
-  let mut form = vec![
-    ("grant_type", "authorization_code"),
+  let form = [
+    ("client_id", &*oauth_provider.client_id),
+    ("client_secret", &*oauth_provider.client_secret),
     ("code", code),
+    ("grant_type", "authorization_code"),
     ("redirect_uri", redirect_uri),
-    ("client_id", &oauth_provider.client_id),
-    ("client_secret", &oauth_provider.client_secret),
   ];
-  if let Some(code_verifier) = pkce_code_verifier {
-    form.push(("code_verifier", code_verifier));
-  }
+
+  let form = match pkce_code_verifier.as_deref() {
+    Some(code_verifier) => [&form[..], &[("code_verifier", code_verifier)]].concat(),
+    None => form.to_vec(),
+  };
 
   // Request an Access Token from the OAUTH provider
   let response = context
     .client()
     .post(oauth_provider.token_endpoint.as_str())
     .header("Accept", "application/json")
-    .form(&*form)
+    .form(&form[..])
     .send()
     .await;
 
   let response = response.map_err(|_| LemmyErrorType::OauthLoginFailed)?;
+
   if !response.status().is_success() {
-    Err(LemmyErrorType::OauthLoginFailed)?;
+    dbg!(response.bytes().await);
+    Err(LemmyErrorType::OauthLoginFailed.into())
+  } else {
+    // Extract the access token
+    let token_response = response
+      .json::<TokenResponse>()
+      .await
+      .map_err(|_| LemmyErrorType::OauthLoginFailed)?;
+    Ok(token_response)
   }
-
-  // Extract the access token
-  let token_response = response
-    .json::<TokenResponse>()
-    .await
-    .map_err(|_| LemmyErrorType::OauthLoginFailed)?;
-
-  Ok(token_response)
 }
 
 async fn oidc_get_user_info(