Implement OAuth2 login flow

The old user/password flow is deprecated and broken Fixes #1500
2024-09-19 18:02:14 +02:00
parent ace23462f7
commit 8b83837a01
5 changed files with 46 additions and 116 deletions
--- a/src/authentication.rs
+++ b/src/authentication.rs
@@ -1,22 +1,42 @@
-use std::process::Command;
-
-use cursive::traits::Resizable;
-use cursive::view::Nameable;
-use cursive::views::*;
-use cursive::Cursive;
-
 use librespot_core::authentication::Credentials as RespotCredentials;
 use librespot_core::cache::Cache;
-use librespot_protocol::authentication::AuthenticationType;
+use librespot_oauth::get_access_token;
 use log::info;

 use crate::config::{self, Config};
 use crate::spotify::Spotify;
-use crate::ui::create_cursive;
+
+pub const SPOTIFY_CLIENT_ID: &str = "65b708073fc0480ea92a077233ca87bd";
+pub const CLIENT_REDIRECT_URI: &str = "http://127.0.0.1:8989/login";
+
+static OAUTH_SCOPES: &[&str] = &[
+    "playlist-modify",
+    "playlist-modify-private",
+    "playlist-modify-public",
+    "playlist-read",
+    "playlist-read-collaborative",
+    "playlist-read-private",
+    "streaming",
+    "user-follow-modify",
+    "user-follow-read",
+    "user-library-modify",
+    "user-library-read",
+    "user-modify",
+    "user-modify-playback-state",
+    "user-modify-private",
+    "user-personalized",
+    "user-read-currently-playing",
+    "user-read-email",
+    "user-read-play-history",
+    "user-read-playback-position",
+    "user-read-playback-state",
+    "user-read-private",
+    "user-read-recently-played",
+    "user-top-read",
+];

 /// Get credentials for use with librespot. This first tries to get cached credentials. If no cached
-/// credentials are available, it will either try to get them from the user configured commands, or
-/// if that fails, it will prompt the user on stdout.
+/// credentials are available it will initiate the OAuth2 login process.
 pub fn get_credentials(configuration: &Config) -> Result<RespotCredentials, String> {
    let mut credentials = {
        let cache = Cache::new(Some(config::cache_path("librespot")), None, None, None)
@@ -28,19 +48,8 @@ pub fn get_credentials(configuration: &Config) -> Result<RespotCredentials, Stri
                c
            }
            None => {
-                info!("Attempting to resolve credentials via username/password commands");
-                let creds = configuration
-                    .values()
-                    .credentials
-                    .clone()
-                    .unwrap_or_default();
-
-                match (creds.username_cmd, creds.password_cmd) {
-                    (Some(username_cmd), Some(password_cmd)) => {
-                        credentials_eval(&username_cmd, &password_cmd)?
-                    }
-                    _ => credentials_prompt(None)?,
-                }
+                info!("Attempting to login via OAuth2");
+                credentials_prompt(None)?
            }
        }
    };
@@ -54,102 +63,21 @@ pub fn get_credentials(configuration: &Config) -> Result<RespotCredentials, Stri

 fn credentials_prompt(error_message: Option<String>) -> Result<RespotCredentials, String> {
    if let Some(message) = error_message {
-        let mut siv = create_cursive().unwrap();
-        let dialog = cursive::views::Dialog::around(cursive::views::TextView::new(format!(
-            "Connection error:\n{message}"
-        )))
-        .button("Ok", |s| s.quit());
-        siv.add_layer(dialog);
-        siv.run();
+        eprintln!("Connection error: {message}");
    }

    create_credentials()
 }

 pub fn create_credentials() -> Result<RespotCredentials, String> {
-    let mut login_cursive = create_cursive().unwrap();
-    let info_buf = TextContent::new("Please login to Spotify\n");
-    let info_view = Dialog::around(TextView::new_with_content(info_buf))
-        .button("Login", move |s| {
-            let login_view = Dialog::new()
-                .title("Spotify login")
-                .content(
-                    ListView::new()
-                        .child(
-                            "Username",
-                            EditView::new().with_name("spotify_user").fixed_width(18),
-                        )
-                        .child(
-                            "Password",
-                            EditView::new()
-                                .secret()
-                                .with_name("spotify_password")
-                                .fixed_width(18),
-                        ),
-                )
-                .button("Login", |s| {
-                    let username = s
-                        .call_on_name("spotify_user", |view: &mut EditView| view.get_content())
-                        .unwrap()
-                        .to_string();
-                    let auth_data = s
-                        .call_on_name("spotify_password", |view: &mut EditView| view.get_content())
-                        .unwrap()
-                        .to_string()
-                        .as_bytes()
-                        .to_vec();
-                    s.set_user_data::<Result<RespotCredentials, String>>(Ok(RespotCredentials {
-                        username: Some(username),
-                        auth_type: AuthenticationType::AUTHENTICATION_USER_PASS,
-                        auth_data,
-                    }));
-                    s.quit();
-                })
-                .button("Quit", Cursive::quit);
-            s.pop_layer();
-            s.add_layer(login_view);
-        })
-        .button("Quit", Cursive::quit);
-
-    login_cursive.add_layer(info_view);
-    login_cursive.run();
-
-    login_cursive
-        .user_data()
-        .cloned()
-        .unwrap_or_else(|| Err("Didn't obtain any credentials".to_string()))
-}
-
-pub fn credentials_eval(
-    username_cmd: &str,
-    password_cmd: &str,
-) -> Result<RespotCredentials, String> {
-    fn eval(cmd: &str) -> Result<Vec<u8>, String> {
-        println!("Executing \"{}\"", cmd);
-        let mut result = Command::new("sh")
-            .args(["-c", cmd])
-            .output()
-            .map_err(|e| e.to_string())?
-            .stdout;
-        if let Some(&last_byte) = result.last() {
-            if last_byte == 10 {
-                result.pop();
-            }
-        }
-
-        Ok(result)
-    }
-
-    println!("Retrieving username");
-    let username = String::from_utf8_lossy(&eval(username_cmd)?).into();
-    println!("Retrieving password");
-    let password = eval(password_cmd)?;
-
-    Ok(RespotCredentials {
-        username: Some(username),
-        auth_type: AuthenticationType::AUTHENTICATION_USER_PASS,
-        auth_data: password,
-    })
+    println!("To login you need to perform OAuth2 authorization using your web browser\n");
+    get_access_token(
+        SPOTIFY_CLIENT_ID,
+        CLIENT_REDIRECT_URI,
+        OAUTH_SCOPES.to_vec(),
+    )
+    .map(|token| RespotCredentials::with_access_token(token.access_token))
+    .map_err(|e| e.to_string())
 }

 #[derive(Serialize, Deserialize, Debug)]
--- a/src/config.rs
+++ b/src/config.rs
@@ -14,7 +14,6 @@ use crate::model::playable::Playable;
 use crate::queue;
 use crate::serialization::{Serializer, CBOR, TOML};

-pub const CLIENT_ID: &str = "d420a117a32841c2b3474932e49fb54b";
 pub const CACHE_VERSION: u16 = 1;
 pub const DEFAULT_COMMAND_KEY: char = ':';

--- a/src/spotify.rs
+++ b/src/spotify.rs
@@ -21,6 +21,7 @@ use tokio::sync::mpsc;
 use url::Url;

 use crate::application::ASYNC_RUNTIME;
+use crate::authentication::SPOTIFY_CLIENT_ID;
 use crate::config;
 use crate::events::{Event, EventManager};
 use crate::model::playable::Playable;
@@ -129,7 +130,7 @@ impl Spotify {
    /// Generate the librespot [SessionConfig] used when creating a [Session].
    pub fn session_config(cfg: &config::Config) -> SessionConfig {
        let mut session_config = librespot_core::SessionConfig {
-            client_id: config::CLIENT_ID.to_string(),
+            client_id: SPOTIFY_CLIENT_ID.to_string(),
            ..Default::default()
        };
        match env::var("http_proxy") {