| rev |
line source |
|
bsw@1703
|
1 local provider = param.get("provider")
|
|
bsw@1703
|
2 local provider_config = config.oauth2_providers[provider]
|
|
bsw@1703
|
3 if not provider_config then
|
|
bsw@1703
|
4 return
|
|
bsw@1703
|
5 end
|
|
bsw@1703
|
6
|
|
bsw@1703
|
7
|
|
bsw@1703
|
8 local error = param.get("error")
|
|
bsw@1703
|
9
|
|
bsw@1703
|
10 if error then
|
|
bsw@1703
|
11 ui.heading{ content = "OAuth error" }
|
|
bsw@1703
|
12 ui.container{ content = error }
|
|
bsw@1703
|
13 return
|
|
bsw@1703
|
14 end
|
|
bsw@1703
|
15
|
|
bsw@1703
|
16 local state = param.get("state")
|
|
bsw@1703
|
17
|
|
bsw@1703
|
18 if state ~= app.session:additional_secret_for("oauth") then
|
|
bsw@1703
|
19 ui.heading{ content = "OAuth error" }
|
|
bsw@1703
|
20 ui.container{ content = "state invalid" }
|
|
bsw@1703
|
21 return
|
|
bsw@1703
|
22 end
|
|
bsw@1703
|
23
|
|
bsw@1703
|
24 local code = param.get("code")
|
|
bsw@1703
|
25
|
|
bsw@1703
|
26 local params = {
|
|
bsw@1703
|
27 code = code,
|
|
bsw@1703
|
28 client_id = provider_config.client_id,
|
|
bsw@1703
|
29 client_secret = provider_config.client_secret,
|
|
bsw@1703
|
30 redirect_uri = request.get_absolute_baseurl() .. "oauth2_client/callback.html?provider=" .. provider,
|
|
bsw@1703
|
31 grant_type = "authorization_code"
|
|
bsw@1703
|
32 }
|
|
bsw@1703
|
33
|
|
bsw@1703
|
34 local params_list = {}
|
|
bsw@1703
|
35 for key, val in pairs(params) do
|
|
bsw@1703
|
36 table.insert(params_list, encode.url_part(key) .. "=" .. encode.url_part(val))
|
|
bsw@1703
|
37 end
|
|
bsw@1703
|
38
|
|
bsw@1703
|
39 local r = table.concat(params_list, "&")
|
|
bsw@1703
|
40
|
|
bsw@1703
|
41 local output, err, status = extos.pfilter(nil, "curl", "-X", "POST", "-d", r, provider_config.token_url)
|
|
bsw@1703
|
42
|
|
bsw@1703
|
43 local result = json.import(output)
|
|
bsw@1703
|
44
|
|
bsw@1703
|
45 local url = provider_config.id_url .. "?access_token=" .. encode.url_part(result.access_token)
|
|
bsw@1703
|
46
|
|
bsw@1703
|
47 local output, err, status = extos.pfilter(nil, "curl", url)
|
|
bsw@1703
|
48
|
|
bsw@1703
|
49 local id_result = json.import(output)
|
|
bsw@1703
|
50
|
|
bsw@1703
|
51 local id = id_result[provider_config.id_field]
|
|
bsw@1703
|
52 local email = id_result[provider_config.email_field]
|
|
bsw@1703
|
53
|
|
bsw@1703
|
54 if id then
|
|
bsw@1703
|
55 local member = Member:new_selector()
|
|
bsw@1703
|
56 :add_where{ "authority = ?", "oauth2_" .. provider }
|
|
bsw@1703
|
57 :add_where{ "authority_uid = ?", id }
|
|
bsw@1703
|
58 :optional_object_mode()
|
|
bsw@1703
|
59 :exec()
|
|
bsw@1703
|
60
|
|
bsw@1703
|
61 if not member then
|
|
bsw@1703
|
62 member = Member:new()
|
|
bsw@1703
|
63 member.authority = "oauth2_" .. provider
|
|
bsw@1703
|
64 member.authority_uid = id
|
|
bsw@1703
|
65 member.notify_email = email
|
|
bsw@1703
|
66 member.name = "Member " .. id
|
|
bsw@1703
|
67 member.identification = "Member " .. id
|
|
bsw@1703
|
68 member.activated = "now"
|
|
bsw@1703
|
69 member:save()
|
|
bsw@1703
|
70 for i, unit_id in ipairs(provider_config.unit_ids) do
|
|
bsw@1703
|
71 local privilege = Privilege:new()
|
|
bsw@1703
|
72 privilege.member_id = member.id
|
|
bsw@1703
|
73 privilege.unit_id = unit_id
|
|
bsw@1703
|
74 privilege.initiative_right = true
|
|
bsw@1703
|
75 privilege.voting_right = true
|
|
bsw@1703
|
76 privilege:save()
|
|
bsw@1703
|
77 end
|
|
bsw@1703
|
78 end
|
|
bsw@1703
|
79 member.last_login = "now"
|
|
bsw@1703
|
80 member.last_activity = "now"
|
|
bsw@1703
|
81 member.active = true
|
|
bsw@1703
|
82 member:save()
|
|
bsw@1703
|
83 app.session.member = member
|
|
bsw@1703
|
84 app.session:save()
|
|
bsw@1703
|
85 request.redirect{ external = request.get_absolute_baseurl() }
|
|
bsw@1703
|
86
|
|
bsw@1703
|
87 end
|
|
bsw@1703
|
88
|