Revert "[MM-37984] Allow Desktop App to authenticate via external pro…

…viders outside of the app on supported servers (mattermost#23795)" (mattermost#24039) This reverts commit abdf4e5.
devinbinnie · Jul 17, 2023 · 823ef27 · 823ef27
1 parent 38fd8cd
commit 823ef27
Show file tree

Hide file tree

Showing 41 changed files with 24 additions and 1,847 deletions.
diff --git a/server/channels/api4/handlers.go b/server/channels/api4/handlers.go
@@ -9,8 +9,6 @@ import (
 	"github.com/mattermost/gziphandler"
 
 	"github.com/mattermost/mattermost/server/public/model"
-	"github.com/mattermost/mattermost/server/public/shared/mlog"
-	"github.com/mattermost/mattermost/server/v8/channels/app"
 	"github.com/mattermost/mattermost/server/v8/channels/web"
 )
 
@@ -202,17 +200,6 @@ func (api *API) APILocal(h handlerFunc) http.Handler {
 	return handler
 }
 
-func (api *API) RateLimitedHandler(apiHandler http.Handler, settings model.RateLimitSettings) http.Handler {
-	settings.SetDefaults()
-
-	rateLimiter, err := app.NewRateLimiter(&settings, []string{})
-	if err != nil {
-		mlog.Error("getRateLimitedHandler", mlog.Err(err))
-		return nil
-	}
-	return rateLimiter.RateLimitHandler(apiHandler)
-}
-
 func requireLicense(c *Context) *model.AppError {
 	if c.App.Channels().License() == nil {
 		err := model.NewAppError("", "api.license_error", nil, "", http.StatusNotImplemented)

diff --git a/server/channels/api4/user.go b/server/channels/api4/user.go
@@ -61,7 +61,6 @@ func (api *API) InitUser() {
 	api.BaseRoutes.User.Handle("/mfa/generate", api.APISessionRequiredMfa(generateMfaSecret)).Methods("POST")
 
 	api.BaseRoutes.Users.Handle("/login", api.APIHandler(login)).Methods("POST")
-	api.BaseRoutes.Users.Handle("/login/desktop_token", api.RateLimitedHandler(api.APIHandler(loginWithDesktopToken), model.RateLimitSettings{PerSec: model.NewInt(2), MaxBurst: model.NewInt(1)})).Methods("POST")
 	api.BaseRoutes.Users.Handle("/login/switch", api.APIHandler(switchAccountType)).Methods("POST")
 	api.BaseRoutes.Users.Handle("/login/cws", api.APIHandlerTrustRequester(loginCWS)).Methods("POST")
 	api.BaseRoutes.Users.Handle("/logout", api.APIHandler(logout)).Methods("POST")
@@ -1967,30 +1966,6 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func loginWithDesktopToken(c *Context, w http.ResponseWriter, r *http.Request) {
-	props := model.MapFromJSON(r.Body)
-	token := props["token"]
-	deviceId := props["device_id"]
-
-	user, err := c.App.ValidateDesktopToken(token, time.Now().Add(-model.DesktopTokenTTL).Unix())
-	if err != nil {
-		c.Err = err
-		return
-	}
-
-	err = c.App.DoLogin(c.AppContext, w, r, user, deviceId, false, false, false)
-	if err != nil {
-		c.Err = err
-		return
-	}
-
-	c.App.AttachSessionCookies(c.AppContext, w, r)
-
-	if err := json.NewEncoder(w).Encode(user); err != nil {
-		c.Logger.Warn("Error while writing response", mlog.Err(err))
-	}
-}
-
 func loginCWS(c *Context, w http.ResponseWriter, r *http.Request) {
 	campaignToURL := map[string]string{
 		"focalboard": "/boards",

diff --git a/server/channels/app/app_iface.go b/server/channels/app/app_iface.go
diff --git a/server/channels/app/desktop_login.go b/server/channels/app/desktop_login.go
diff --git a/server/channels/app/desktop_login_test.go b/server/channels/app/desktop_login_test.go
diff --git a/server/channels/app/oauth.go b/server/channels/app/oauth.go
@@ -431,7 +431,7 @@ func (a *App) newSessionUpdateToken(app *model.OAuthApp, accessData *model.Acces
 	return accessRsp, nil
 }
 
-func (a *App) GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, service, teamID, action, redirectTo, loginHint string, isMobile bool, desktopToken string) (string, *model.AppError) {
+func (a *App) GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, service, teamID, action, redirectTo, loginHint string, isMobile bool) (string, *model.AppError) {
 	stateProps := map[string]string{}
 	stateProps["action"] = action
 	if teamID != "" {
@@ -442,10 +442,6 @@ func (a *App) GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, serv
 		stateProps["redirect_to"] = redirectTo
 	}
 
-	if desktopToken != "" {
-		stateProps["desktop_token"] = desktopToken
-	}
-
 	stateProps[model.UserAuthServiceIsMobile] = strconv.FormatBool(isMobile)
 
 	authURL, err := a.GetAuthorizationCode(w, r, service, stateProps, loginHint)
@@ -456,17 +452,13 @@ func (a *App) GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, serv
 	return authURL, nil
 }
 
-func (a *App) GetOAuthSignupEndpoint(w http.ResponseWriter, r *http.Request, service, teamID string, desktopToken string) (string, *model.AppError) {
+func (a *App) GetOAuthSignupEndpoint(w http.ResponseWriter, r *http.Request, service, teamID string) (string, *model.AppError) {
 	stateProps := map[string]string{}
 	stateProps["action"] = model.OAuthActionSignup
 	if teamID != "" {
 		stateProps["team_id"] = teamID
 	}
 
-	if desktopToken != "" {
-		stateProps["desktop_token"] = desktopToken
-	}
-
 	authURL, err := a.GetAuthorizationCode(w, r, service, stateProps, "")
 	if err != nil {
 		return "", err