App passwords (#826)

* app password lex & auth chnages * scrypt things * implemented app password refresh tokens * db tidy & migration * revocation + bugfixin * tests, listing passwords & cleanup * Update packages/pds/src/db/scrypt.ts Co-authored-by: devin ivy <[email protected]> * Update packages/pds/src/db/scrypt.ts Co-authored-by: devin ivy <[email protected]> * pr feedback --------- Co-authored-by: devin ivy <[email protected]>
bluesky-social · Apr 18, 2023 · 6446e8d · 6446e8d
1 parent 7d95e75
commit 6446e8d
Show file tree

Hide file tree

Showing 34 changed files with 1,186 additions and 75 deletions.
diff --git a/lexicons/com/atproto/server/createAppPassword.json b/lexicons/com/atproto/server/createAppPassword.json
@@ -0,0 +1,39 @@
+{
+  "lexicon": 1,
+  "id": "com.atproto.server.createAppPassword",
+  "defs": {
+    "main": {
+      "type": "procedure",
+      "description": "Create an app-specific password.",
+      "input": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "required": ["name"],
+          "properties": {
+            "name": {"type": "string"}
+          }
+        }
+      },
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "ref",
+          "ref": "#appPassword"
+        }
+      },
+      "errors": [
+        {"name": "AccountTakedown"}
+      ]
+    },
+    "appPassword": {
+      "type": "object",
+      "required": ["name", "password", "createdAt"],
+      "properties": {
+        "name": {"type": "string"},
+        "password": {"type": "string"},
+        "createdAt": {"type": "string", "format": "datetime"}
+      }
+    }
+  }
+}
diff --git a/lexicons/com/atproto/server/listAppPasswords.json b/lexicons/com/atproto/server/listAppPasswords.json
@@ -0,0 +1,34 @@
+{
+  "lexicon": 1,
+  "id": "com.atproto.server.listAppPasswords",
+  "defs": {
+    "main": {
+      "type": "query",
+      "description": "List all app-specific passwords.",
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "required": ["passwords"],
+          "properties": {
+            "passwords": {
+              "type": "array",
+              "items": {"type": "ref", "ref": "#appPassword"}
+            }
+          }
+        }
+      },
+      "errors": [
+        {"name": "AccountTakedown"}
+      ]
+    },
+    "appPassword": {
+      "type": "object",
+      "required": ["name", "createdAt"],
+      "properties": {
+        "name": {"type": "string"},
+        "createdAt": {"type": "string", "format": "datetime"}
+      }
+    }
+  }
+}
diff --git a/lexicons/com/atproto/server/revokeAppPassword.json b/lexicons/com/atproto/server/revokeAppPassword.json
@@ -0,0 +1,20 @@
+{
+  "lexicon": 1,
+  "id": "com.atproto.server.revokeAppPassword",
+  "defs": {
+    "main": {
+      "type": "procedure",
+      "description": "Revoke an app-specific password by name.",
+      "input": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "required": ["name"],
+          "properties": {
+            "name": {"type": "string"}
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/packages/api/src/client/index.ts b/packages/api/src/client/index.ts
@@ -39,6 +39,7 @@ import * as ComAtprotoRepoPutRecord from './types/com/atproto/repo/putRecord'
 import * as ComAtprotoRepoStrongRef from './types/com/atproto/repo/strongRef'
 import * as ComAtprotoRepoUploadBlob from './types/com/atproto/repo/uploadBlob'
 import * as ComAtprotoServerCreateAccount from './types/com/atproto/server/createAccount'
+import * as ComAtprotoServerCreateAppPassword from './types/com/atproto/server/createAppPassword'
 import * as ComAtprotoServerCreateInviteCode from './types/com/atproto/server/createInviteCode'
 import * as ComAtprotoServerCreateInviteCodes from './types/com/atproto/server/createInviteCodes'
 import * as ComAtprotoServerCreateSession from './types/com/atproto/server/createSession'
@@ -48,10 +49,12 @@ import * as ComAtprotoServerDeleteSession from './types/com/atproto/server/delet
 import * as ComAtprotoServerDescribeServer from './types/com/atproto/server/describeServer'
 import * as ComAtprotoServerGetAccountInviteCodes from './types/com/atproto/server/getAccountInviteCodes'
 import * as ComAtprotoServerGetSession from './types/com/atproto/server/getSession'
+import * as ComAtprotoServerListAppPasswords from './types/com/atproto/server/listAppPasswords'
 import * as ComAtprotoServerRefreshSession from './types/com/atproto/server/refreshSession'
 import * as ComAtprotoServerRequestAccountDelete from './types/com/atproto/server/requestAccountDelete'
 import * as ComAtprotoServerRequestPasswordReset from './types/com/atproto/server/requestPasswordReset'
 import * as ComAtprotoServerResetPassword from './types/com/atproto/server/resetPassword'
+import * as ComAtprotoServerRevokeAppPassword from './types/com/atproto/server/revokeAppPassword'
 import * as ComAtprotoSyncGetBlob from './types/com/atproto/sync/getBlob'
 import * as ComAtprotoSyncGetBlocks from './types/com/atproto/sync/getBlocks'
 import * as ComAtprotoSyncGetCheckout from './types/com/atproto/sync/getCheckout'
@@ -128,6 +131,7 @@ export * as ComAtprotoRepoPutRecord from './types/com/atproto/repo/putRecord'
 export * as ComAtprotoRepoStrongRef from './types/com/atproto/repo/strongRef'
 export * as ComAtprotoRepoUploadBlob from './types/com/atproto/repo/uploadBlob'
 export * as ComAtprotoServerCreateAccount from './types/com/atproto/server/createAccount'
+export * as ComAtprotoServerCreateAppPassword from './types/com/atproto/server/createAppPassword'
 export * as ComAtprotoServerCreateInviteCode from './types/com/atproto/server/createInviteCode'
 export * as ComAtprotoServerCreateInviteCodes from './types/com/atproto/server/createInviteCodes'
 export * as ComAtprotoServerCreateSession from './types/com/atproto/server/createSession'
@@ -137,10 +141,12 @@ export * as ComAtprotoServerDeleteSession from './types/com/atproto/server/delet
 export * as ComAtprotoServerDescribeServer from './types/com/atproto/server/describeServer'
 export * as ComAtprotoServerGetAccountInviteCodes from './types/com/atproto/server/getAccountInviteCodes'
 export * as ComAtprotoServerGetSession from './types/com/atproto/server/getSession'
+export * as ComAtprotoServerListAppPasswords from './types/com/atproto/server/listAppPasswords'
 export * as ComAtprotoServerRefreshSession from './types/com/atproto/server/refreshSession'
 export * as ComAtprotoServerRequestAccountDelete from './types/com/atproto/server/requestAccountDelete'
 export * as ComAtprotoServerRequestPasswordReset from './types/com/atproto/server/requestPasswordReset'
 export * as ComAtprotoServerResetPassword from './types/com/atproto/server/resetPassword'
+export * as ComAtprotoServerRevokeAppPassword from './types/com/atproto/server/revokeAppPassword'
 export * as ComAtprotoSyncGetBlob from './types/com/atproto/sync/getBlob'
 export * as ComAtprotoSyncGetBlocks from './types/com/atproto/sync/getBlocks'
 export * as ComAtprotoSyncGetCheckout from './types/com/atproto/sync/getCheckout'
@@ -605,6 +611,17 @@ export class ServerNS {
       })
   }
 
+  createAppPassword(
+    data?: ComAtprotoServerCreateAppPassword.InputSchema,
+    opts?: ComAtprotoServerCreateAppPassword.CallOptions,
+  ): Promise<ComAtprotoServerCreateAppPassword.Response> {
+    return this._service.xrpc
+      .call('com.atproto.server.createAppPassword', opts?.qp, data, opts)
+      .catch((e) => {
+        throw ComAtprotoServerCreateAppPassword.toKnownErr(e)
+      })
+  }
+
   createInviteCode(
     data?: ComAtprotoServerCreateInviteCode.InputSchema,
     opts?: ComAtprotoServerCreateInviteCode.CallOptions,
@@ -693,6 +710,17 @@ export class ServerNS {
       })
   }
 
+  listAppPasswords(
+    params?: ComAtprotoServerListAppPasswords.QueryParams,
+    opts?: ComAtprotoServerListAppPasswords.CallOptions,
+  ): Promise<ComAtprotoServerListAppPasswords.Response> {
+    return this._service.xrpc
+      .call('com.atproto.server.listAppPasswords', params, undefined, opts)
+      .catch((e) => {
+        throw ComAtprotoServerListAppPasswords.toKnownErr(e)
+      })
+  }
+
   refreshSession(
     data?: ComAtprotoServerRefreshSession.InputSchema,
     opts?: ComAtprotoServerRefreshSession.CallOptions,
@@ -736,6 +764,17 @@ export class ServerNS {
         throw ComAtprotoServerResetPassword.toKnownErr(e)
       })
   }
+
+  revokeAppPassword(
+    data?: ComAtprotoServerRevokeAppPassword.InputSchema,
+    opts?: ComAtprotoServerRevokeAppPassword.CallOptions,
+  ): Promise<ComAtprotoServerRevokeAppPassword.Response> {
+    return this._service.xrpc
+      .call('com.atproto.server.revokeAppPassword', opts?.qp, data, opts)
+      .catch((e) => {
+        throw ComAtprotoServerRevokeAppPassword.toKnownErr(e)
+      })
+  }
 }
 
 export class SyncNS {

diff --git a/packages/api/src/client/lexicons.ts b/packages/api/src/client/lexicons.ts
@@ -2075,6 +2075,56 @@ export const schemaDict = {
       },
     },
   },
+  ComAtprotoServerCreateAppPassword: {
+    lexicon: 1,
+    id: 'com.atproto.server.createAppPassword',
+    defs: {
+      main: {
+        type: 'procedure',
+        description: 'Create an app-specific password.',
+        input: {
+          encoding: 'application/json',
+          schema: {
+            type: 'object',
+            required: ['name'],
+            properties: {
+              name: {
+                type: 'string',
+              },
+            },
+          },
+        },
+        output: {
+          encoding: 'application/json',
+          schema: {
+            type: 'ref',
+            ref: 'lex:com.atproto.server.createAppPassword#appPassword',
+          },
+        },
+        errors: [
+          {
+            name: 'AccountTakedown',
+          },
+        ],
+      },
+      appPassword: {
+        type: 'object',
+        required: ['name', 'password', 'createdAt'],
+        properties: {
+          name: {
+            type: 'string',
+          },
+          password: {
+            type: 'string',
+          },
+          createdAt: {
+            type: 'string',
+            format: 'datetime',
+          },
+        },
+      },
+    },
+  },
   ComAtprotoServerCreateInviteCode: {
     lexicon: 1,
     id: 'com.atproto.server.createInviteCode',
@@ -2460,6 +2510,50 @@ export const schemaDict = {
       },
     },
   },
+  ComAtprotoServerListAppPasswords: {
+    lexicon: 1,
+    id: 'com.atproto.server.listAppPasswords',
+    defs: {
+      main: {
+        type: 'query',
+        description: 'List all app-specific passwords.',
+        output: {
+          encoding: 'application/json',
+          schema: {
+            type: 'object',
+            required: ['passwords'],
+            properties: {
+              passwords: {
+                type: 'array',
+                items: {
+                  type: 'ref',
+                  ref: 'lex:com.atproto.server.listAppPasswords#appPassword',
+                },
+              },
+            },
+          },
+        },
+        errors: [
+          {
+            name: 'AccountTakedown',
+          },
+        ],
+      },
+      appPassword: {
+        type: 'object',
+        required: ['name', 'createdAt'],
+        properties: {
+          name: {
+            type: 'string',
+          },
+          createdAt: {
+            type: 'string',
+            format: 'datetime',
+          },
+        },
+      },
+    },
+  },
   ComAtprotoServerRefreshSession: {
     lexicon: 1,
     id: 'com.atproto.server.refreshSession',
@@ -2563,6 +2657,28 @@ export const schemaDict = {
       },
     },
   },
+  ComAtprotoServerRevokeAppPassword: {
+    lexicon: 1,
+    id: 'com.atproto.server.revokeAppPassword',
+    defs: {
+      main: {
+        type: 'procedure',
+        description: 'Revoke an app-specific password by name.',
+        input: {
+          encoding: 'application/json',
+          schema: {
+            type: 'object',
+            required: ['name'],
+            properties: {
+              name: {
+                type: 'string',
+              },
+            },
+          },
+        },
+      },
+    },
+  },
   ComAtprotoSyncGetBlob: {
     lexicon: 1,
     id: 'com.atproto.sync.getBlob',
@@ -4861,6 +4977,7 @@ export const ids = {
   ComAtprotoRepoStrongRef: 'com.atproto.repo.strongRef',
   ComAtprotoRepoUploadBlob: 'com.atproto.repo.uploadBlob',
   ComAtprotoServerCreateAccount: 'com.atproto.server.createAccount',
+  ComAtprotoServerCreateAppPassword: 'com.atproto.server.createAppPassword',
   ComAtprotoServerCreateInviteCode: 'com.atproto.server.createInviteCode',
   ComAtprotoServerCreateInviteCodes: 'com.atproto.server.createInviteCodes',
   ComAtprotoServerCreateSession: 'com.atproto.server.createSession',
@@ -4871,12 +4988,14 @@ export const ids = {
   ComAtprotoServerGetAccountInviteCodes:
     'com.atproto.server.getAccountInviteCodes',
   ComAtprotoServerGetSession: 'com.atproto.server.getSession',
+  ComAtprotoServerListAppPasswords: 'com.atproto.server.listAppPasswords',
   ComAtprotoServerRefreshSession: 'com.atproto.server.refreshSession',
   ComAtprotoServerRequestAccountDelete:
     'com.atproto.server.requestAccountDelete',
   ComAtprotoServerRequestPasswordReset:
     'com.atproto.server.requestPasswordReset',
   ComAtprotoServerResetPassword: 'com.atproto.server.resetPassword',
+  ComAtprotoServerRevokeAppPassword: 'com.atproto.server.revokeAppPassword',
   ComAtprotoSyncGetBlob: 'com.atproto.sync.getBlob',
   ComAtprotoSyncGetBlocks: 'com.atproto.sync.getBlocks',
   ComAtprotoSyncGetCheckout: 'com.atproto.sync.getCheckout',