liquid_feedback_frontend

annotate app/main/oauth2/_authorization.lua @ 1538:25ea15b4bd5e

find changesets by author, revision, files, or words in the commit message
Reworked cookie session control, exceptions for API
author bsw
date Tue Oct 20 17:48:49 2020 +0200 (2020-10-20)
parents 32cc544d5a5b
children
rev   line source
bsw/jbe@1309 1 local member_id = param.get("member_id", atom.integer)
bsw/jbe@1309 2 local system_application_id = param.get("system_application_id", atom.integer)
bsw/jbe@1309 3 local domain = param.get("domain")
bsw/jbe@1309 4 local session_id = param.get("session_id", atom.integer)
bsw/jbe@1309 5 local redirect_uri = param.get("redirect_uri")
bsw/jbe@1309 6 local redirect_uri_explicit = param.get("redirect_uri_explicit", atom.boolean)
bsw/jbe@1309 7 local scopes = param.get("scopes", "table")
bsw/jbe@1309 8 local state = param.get("state")
bsw/jbe@1309 9 local response_type = param.get("response_type")
bsw/jbe@1309 10
bsw/jbe@1309 11 if response_type == "code" then
bsw/jbe@1309 12
bsw/jbe@1309 13 local token = Token:create_authorization(
bsw/jbe@1309 14 member_id,
bsw/jbe@1309 15 system_application_id,
bsw/jbe@1309 16 domain,
bsw/jbe@1309 17 session_id,
bsw/jbe@1309 18 redirect_uri,
bsw/jbe@1309 19 redirect_uri_explicit,
bsw/jbe@1309 20 scopes,
bsw/jbe@1309 21 state
bsw/jbe@1309 22 )
bsw/jbe@1309 23
bsw/jbe@1309 24 request.redirect{
bsw/jbe@1309 25 external = redirect_uri,
bsw/jbe@1309 26 params = { code = token.token, state = state }
bsw/jbe@1309 27 }
bsw/jbe@1309 28
bsw/jbe@1309 29
bsw/jbe@1309 30 elseif response_type == "token" then
bsw/jbe@1309 31
bsw/jbe@1309 32 local expiry = db:query({ "SELECT now() + (? || 'sec')::interval AS access", config.oauth2.access_token_lifetime }, "object").access
bsw/jbe@1309 33
bsw/jbe@1309 34 local anchor_params = {
bsw/jbe@1309 35 state = state,
bsw/jbe@1309 36 expires_in = config.oauth2.access_token_lifetime,
bsw/jbe@1309 37 token_type = "bearer"
bsw/jbe@1309 38 }
bsw/jbe@1309 39
bsw/jbe@1309 40 for i = 0, #scopes do
bsw/jbe@1309 41 if scopes[i] then
bsw/jbe@1309 42 local access_token = Token:new()
bsw/jbe@1309 43 access_token.token_type = "access"
bsw/jbe@1309 44 access_token.member_id = member_id
bsw/jbe@1309 45 access_token.system_application_id = system_application_id
bsw/jbe@1309 46 access_token.domain = domain
bsw/jbe@1309 47 access_token.session_id = session_id
bsw/jbe@1309 48 access_token.expiry = expiry
bsw/jbe@1309 49 access_token.scope = scopes[i]
bsw/jbe@1309 50 access_token:save()
bsw/jbe@1309 51 local index = i == 0 and "" or i
bsw/jbe@1309 52 anchor_params["access_token" .. index] = access_token.token
bsw/jbe@1309 53 end
bsw/jbe@1309 54 end
bsw/jbe@1309 55
bsw/jbe@1309 56 local anchor_params_list = {}
bsw/jbe@1309 57 for k, v in pairs(anchor_params) do
bsw/jbe@1309 58 anchor_params_list[#anchor_params_list+1] = k .. "=" .. encode.url_part(v)
bsw/jbe@1309 59 end
bsw/jbe@1309 60 local anchor = table.concat(anchor_params_list, "&")
bsw/jbe@1309 61
bsw/jbe@1309 62 request.redirect{
bsw/jbe@1309 63 external = redirect_uri .. "#" .. anchor
bsw/jbe@1309 64 }
bsw/jbe@1309 65
bsw/jbe@1309 66 else
bsw/jbe@1309 67
bsw/jbe@1309 68 error("Internal error, should not happen")
bsw/jbe@1309 69
bsw/jbe@1309 70 end

Impressum / About Us