| rev |
line source |
|
bsw/jbe@1309
|
1 DynamicApplicationScope = mondelefant.new_class()
|
|
bsw/jbe@1309
|
2 DynamicApplicationScope.table = 'dynamic_application_scope'
|
|
bsw/jbe@1309
|
3 DynamicApplicationScope.primary_key = { "redirect_uri", "flow", "scope" }
|
|
bsw/jbe@1309
|
4
|
|
bsw/jbe@1309
|
5 function DynamicApplicationScope:by_redirect_uri_and_flow(redirect_uri, flow)
|
|
bsw/jbe@1309
|
6 local dynamic_application_scopes = self:new_selector()
|
|
bsw/jbe@1309
|
7 :add_where{ "redirect_uri = ?", redirect_uri }
|
|
bsw/jbe@1309
|
8 :add_where{ "flow = ?", flow }
|
|
bsw/jbe@1309
|
9 :add_where("expiry >= now()")
|
|
bsw/jbe@1309
|
10 :exec()
|
|
bsw/jbe@1309
|
11 return dynamic_application_scopes
|
|
bsw/jbe@1309
|
12 end
|
|
bsw/jbe@1309
|
13
|
|
bsw/jbe@1309
|
14 function DynamicApplicationScope:check_scopes(domain, redirect_uri, requested_flow, requested_scopes)
|
|
bsw/jbe@1309
|
15 local function check_scopes(permitted_scopes)
|
|
bsw/jbe@1309
|
16 local missing_scope = false
|
|
bsw/jbe@1309
|
17 for scope in pairs(requested_scopes) do
|
|
bsw/jbe@1309
|
18 if not permitted_scopes[scope] then
|
|
bsw/jbe@1309
|
19 missing_scope = true
|
|
bsw/jbe@1309
|
20 end
|
|
bsw/jbe@1309
|
21 end
|
|
bsw/jbe@1309
|
22 return missing_scope
|
|
bsw/jbe@1309
|
23 end
|
|
bsw/jbe@1309
|
24
|
|
bsw/jbe@1309
|
25 local registered = false
|
|
bsw/jbe@1309
|
26 local missing_scope = false
|
|
bsw/jbe@1309
|
27
|
|
bsw/jbe@1309
|
28 local dynamic_application_scopes = DynamicApplicationScope:by_redirect_uri_and_flow(redirect_uri, requested_flow)
|
|
bsw/jbe@1309
|
29
|
|
bsw/jbe@1309
|
30 if #dynamic_application_scopes > 0 then
|
|
bsw/jbe@1309
|
31 registered = true
|
|
bsw/jbe@1309
|
32 local permitted_scopes = {}
|
|
bsw/jbe@1309
|
33 for i, dynamic_application_scope in ipairs(dynamic_application_scopes) do
|
|
bsw/jbe@1309
|
34 permitted_scopes[dynamic_application_scope.scope] = true
|
|
bsw/jbe@1309
|
35 end
|
|
bsw/jbe@1309
|
36 missing_scope = check_scopes(permitted_scopes)
|
|
bsw/jbe@1309
|
37 end
|
|
bsw/jbe@1309
|
38
|
|
bsw/jbe@1309
|
39 if not registered or missing_scope then
|
|
bsw/jbe@1309
|
40 local output, err, status = config.oauth2.host_func("_liquidfeedback_client." .. domain)
|
|
bsw/jbe@1309
|
41 if output == nil then
|
|
bsw/jbe@1309
|
42 error("Cannot execute host_func command")
|
|
bsw/jbe@1309
|
43 end
|
|
bsw/jbe@1309
|
44 if status == 0 then
|
|
bsw/jbe@1309
|
45 for line in string.gmatch(output, "[^\r\n]+") do
|
|
bsw/jbe@1309
|
46 local flow, result = string.match(line, '"dynamic client v1" "([^"]+)" (.+)$')
|
|
bsw/jbe@1309
|
47 if flow == requested_flow then
|
|
bsw/jbe@1309
|
48 registered = true
|
|
bsw/jbe@1309
|
49 local permitted_scopes = {}
|
|
bsw/jbe@1309
|
50 local wildcard = false
|
|
bsw/jbe@1309
|
51 for entry in string.gmatch(result, '"([^"]+)"') do
|
|
bsw/jbe@1309
|
52 if entry == "*" then
|
|
bsw/jbe@1309
|
53 wildcard = true
|
|
bsw/jbe@1309
|
54 break
|
|
bsw/jbe@1309
|
55 end
|
|
bsw/jbe@1309
|
56 permitted_scopes[entry] = true
|
|
bsw/jbe@1309
|
57 end
|
|
bsw/jbe@1309
|
58 if not wildcard then
|
|
bsw/jbe@1309
|
59 missing_scope = check_scopes(permitted_scopes)
|
|
bsw/jbe@1309
|
60 end
|
|
bsw/jbe@1309
|
61 end
|
|
bsw/jbe@1309
|
62 end
|
|
bsw/jbe@1309
|
63 end
|
|
bsw/jbe@1309
|
64 end
|
|
bsw/jbe@1309
|
65
|
|
bsw/jbe@1309
|
66 if not registered then
|
|
bsw/jbe@1309
|
67 return "not_registered"
|
|
bsw/jbe@1309
|
68 elseif missing_scope then
|
|
bsw/jbe@1309
|
69 return "missing_scope"
|
|
bsw/jbe@1309
|
70 else
|
|
bsw/jbe@1309
|
71 return "ok"
|
|
bsw/jbe@1309
|
72 end
|
|
bsw/jbe@1309
|
73 end
|