diff options
author | Trygve Aaberge <trygveaa@gmail.com> | 2020-01-21 23:56:02 +0100 |
---|---|---|
committer | Trygve Aaberge <trygveaa@gmail.com> | 2020-01-22 00:29:37 +0100 |
commit | ab7d09e044be556873733ad83b083029e88bd65f (patch) | |
tree | 509211108fece2b4816e967e231286929ce72276 | |
parent | 2c2ae1e35f9a2fc2045621d014ef4a560aa17373 (diff) | |
download | wee-slack-ab7d09e044be556873733ad83b083029e88bd65f.tar.gz |
Use GitHub Pages for the OAuth redirect page
This adds a page which shows the OAuth code, and sets the redirect_uri
for the OAuth link to this page. This url includes # at the end so the
OAuth code is only seen by the browser, and not sent to the server.
-rw-r--r-- | docs/oauth.html | 68 | ||||
-rw-r--r-- | wee_slack.py | 19 |
2 files changed, 78 insertions, 9 deletions
diff --git a/docs/oauth.html b/docs/oauth.html new file mode 100644 index 0000000..7ef4d99 --- /dev/null +++ b/docs/oauth.html @@ -0,0 +1,68 @@ +<!DOCTYPE html> +<html> + <head> + <title>wee-slack</title> + <style type="text/css"> + #input-code { + width: 60em; + max-width: 100%; + } + #with-code { + display: none; + } + #without-code { + display: none; + } + </style> + <script type="text/javascript"> + document.addEventListener('DOMContentLoaded', function() { + var locationsHash = location.hash + .replace(/^#\?/, '') + .split('&') + .reduce((obj, query) => { + split = query.split('='); + obj[split[0]] = split[1]; + return obj}, {} + ) + var code = locationsHash['code']; + if (code) { + document.getElementById('with-code').style.display = 'block'; + } else { + document.getElementById('without-code').style.display = 'block'; + } + + var codeElement = document.getElementById('input-code'); + codeElement.value = '/slack register ' + code; + codeElement.focus(); + codeElement.select(); + + document.getElementById('button-copy').addEventListener('click', () => { + codeElement.focus(); + codeElement.select(); + document.execCommand('copy'); + }); + }); + </script> + </head> + <body> + <div id="with-code"> + <h1>OAuth code for wee-slack</h1> + <p>Copy this command and run it in WeeChat:</p> + <input id="input-code" readonly> + <button id="button-copy" type="button">Copy</button> + </div> + + <div id="without-code"> + <h1>wee-slack</h1> + <p>This page exists for using OAuth in wee-slack. For info about wee-slack see <a href="https://github.com/wee-slack/wee-slack">the github page.</a></p> + + <p>If you came here as part of the OAuth flow and are seeing this text, that means that something went wrong. Please report this <a href="https://github.com/wee-slack/wee-slack/issues/new">in the issue tracker</a> and describe how you got here.</p> + </div> + + <noscript> + <h1>OAuth code for wee-slack</h1> + <p>Since you have disabled JavaScript, the OAuth code can't be shown here. Instead you will have to extract it from the page url. The code is the text which comes after "code=" in the url, up until the first "&" character or until the end of the url if there are no "&" characters.</p> + <p>Run the command "/slack register <code>" in WeeChat, where you substitute "<code>" with the code you extracted from the url.</p> + </noscript> + </body> +</html> diff --git a/wee_slack.py b/wee_slack.py index 2ce13e5..73a93ff 100644 --- a/wee_slack.py +++ b/wee_slack.py @@ -3771,23 +3771,23 @@ def command_register(data, current_buffer, args): """ CLIENT_ID = "2468770254.51917335286" CLIENT_SECRET = "dcb7fe380a000cba0cca3169a5fe8d70" # Not really a secret. + REDIRECT_URI = "https%3A%2F%2Fwee-slack.github.io%2Fwee-slack%2Foauth%23" if not args: message = textwrap.dedent(""" - #### Retrieving a Slack token via OAUTH #### - 1) Paste this into a browser: https://slack.com/oauth/authorize?client_id=2468770254.51917335286&scope=client - 2) Select the team you wish to access from wee-slack in your browser. - 3) Click "Authorize" in the browser **IMPORTANT: the redirect will fail, this is expected** + ### Connecting to a Slack team with OAuth ### + 1) Paste this link into a browser: https://slack.com/oauth/authorize?client_id={}&scope=client&redirect_uri={} + 2) Select the team you wish to access from wee-slack in your browser. If you want to add multiple teams, you will have to repeat this whole process for each team. + 3) Click "Authorize" in the browser. If you get a message saying you are not authorized to install wee-slack, the team has restricted Slack app installation and you will have to request it from an admin. To do that, go to https://my.slack.com/apps/A1HSZ9V8E-wee-slack and click "Request to Install". - 4) Copy the "code" portion of the URL to your clipboard - 5) Return to weechat and run `/slack register [code]` - """).strip() + 4) The web page will show a command in the form `/slack register <code>`. Run this command in weechat. + """).strip().format(CLIENT_ID, REDIRECT_URI) w.prnt("", message) return w.WEECHAT_RC_OK_EAT uri = ( "https://slack.com/api/oauth.access?" - "client_id={}&client_secret={}&code={}" - ).format(CLIENT_ID, CLIENT_SECRET, args) + "client_id={}&client_secret={}&redirect_uri={}&code={}" + ).format(CLIENT_ID, CLIENT_SECRET, REDIRECT_URI, args) params = {'useragent': 'wee_slack {}'.format(SCRIPT_VERSION)} w.hook_process_hashtable('url:', params, config.slack_timeout, "", "") w.hook_process_hashtable("url:{}".format(uri), params, config.slack_timeout, "register_callback", "") @@ -3822,6 +3822,7 @@ def register_callback(data, command, return_code, out, err): w.prnt("", "Success! Added team \"%s\"" % (d['team_name'],)) w.prnt("", "Please reload wee-slack with: /python reload slack") + w.prnt("", "If you want to add another team you can repeat this process from step 1 before reloading wee-slack.") return w.WEECHAT_RC_OK_EAT |