From 0160c129658ab71d4e42fce5736e9ece555f8625 Mon Sep 17 00:00:00 2001
From: Johannes Zellner <johannes@cloudron.io>
Date: Thu, 9 Jun 2016 15:35:00 +0200
Subject: [PATCH] Allow to distinguish between built-in auth clients and
 external ones

---
 setup/start.sh       | 6 +++---
 src/clients.js       | 3 ++-
 src/routes/oauth2.js | 3 ++-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/setup/start.sh b/setup/start.sh
index 9ecc61f56..d965ba825 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -193,15 +193,15 @@ fi
 echo "Add webadmin api cient"
 readonly ADMIN_SCOPES="cloudron,developer,profile,users,apps,settings"
 mysql -u root -p${mysql_root_password} \
-    -e "REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (\"cid-webadmin\", \"Settings\", \"external\", \"secret-webadmin\", \"${admin_origin}\", \"${ADMIN_SCOPES}\")" box
+    -e "REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (\"cid-webadmin\", \"Settings\", \"built-in\", \"secret-webadmin\", \"${admin_origin}\", \"${ADMIN_SCOPES}\")" box
 
 echo "Add SDK api client"
 mysql -u root -p${mysql_root_password} \
-    -e "REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (\"cid-sdk\", \"SDK\", \"external\", \"secret-sdk\", \"${admin_origin}\", \"*,roleSdk\")" box
+    -e "REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (\"cid-sdk\", \"SDK\", \"built-in\", \"secret-sdk\", \"${admin_origin}\", \"*,roleSdk\")" box
 
 echo "Add cli api client"
 mysql -u root -p${mysql_root_password} \
-    -e "REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (\"cid-cli\", \"Cloudron Tool\", \"external\", \"secret-cli\", \"${admin_origin}\", \"*,roleSdk\")" box
+    -e "REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (\"cid-cli\", \"Cloudron Tool\", \"built-in\", \"secret-cli\", \"${admin_origin}\", \"*,roleSdk\")" box
 
 set_progress "80" "Starting Cloudron"
 systemctl start cloudron.target
diff --git a/src/clients.js b/src/clients.js
index edc588334..03597a5cb 100644
--- a/src/clients.js
+++ b/src/clients.js
@@ -28,6 +28,7 @@ exports = module.exports = {
 
     // client type enums
     TYPE_EXTERNAL: 'external',
+    TYPE_BUILT_IN: 'built-in',
     TYPE_OAUTH: 'addon-oauth',
     TYPE_SIMPLE_AUTH: 'addon-simpleauth',
     TYPE_PROXY: 'addon-proxy'
@@ -154,7 +155,7 @@ function getAll(callback) {
 
         var tmp = [];
         async.each(results, function (record, callback) {
-            if (record.type === exports.TYPE_EXTERNAL) {
+            if (record.type === exports.TYPE_EXTERNAL || record.type === exports.TYPE_BUILT_IN) {
                 // the appId in this case holds the name
                 record.name = record.appId;
 
diff --git a/src/routes/oauth2.js b/src/routes/oauth2.js
index 1ef29165c..1aecefe3f 100644
--- a/src/routes/oauth2.js
+++ b/src/routes/oauth2.js
@@ -206,6 +206,7 @@ function loginForm(req, res) {
         if (error) return sendError(req, res, 'Unknown OAuth client');
 
         switch (result.type) {
+            case clients.TYPE_BUILT_IN: return render(result.appId, '/api/v1/cloudron/avatar');
             case clients.TYPE_EXTERNAL: return render(result.appId, '/api/v1/cloudron/avatar');
             case clients.TYPE_SIMPLE_AUTH: return sendError(req, res, 'Unknown OAuth client');
             default: break;
@@ -418,7 +419,7 @@ var authorization = [
         // Handle our different types of oauth clients
         var type = req.oauth2.client.type;
 
-        if (type === clients.TYPE_EXTERNAL) {
+        if (type === clients.TYPE_EXTERNAL || type === clients.TYPE_BUILT_IN) {
             eventlog.add(eventlog.ACTION_USER_LOGIN, auditSource(req, req.oauth2.client.appId), { userId: req.oauth2.user.id });
             return next();
         } else if (type === clients.TYPE_SIMPLE_AUTH) {