liquid_feedback_frontend: app/main/oauth2_client/callback.lua annotate

liquid_feedback_frontend

annotate app/main/oauth2_client/callback.lua @ 1856:7d60ede7005e

Allow to hide password reset and login recover feature

author	bsw
date	Sat Sep 17 21:30:43 2022 +0200 (2022-09-17)
parents	5eb8b596f7d4
children

rev	line source
bsw@1703	1 local provider = param.get("provider")
bsw@1703	2 local provider_config = config.oauth2_providers[provider]
bsw@1703	3 if not provider_config then
bsw@1703	4 return
bsw@1703	5 end
bsw@1703	6
bsw@1703	7
bsw@1703	8 local error = param.get("error")
bsw@1703	9
bsw@1703	10 if error then
bsw@1703	11 ui.heading{ content = "OAuth error" }
bsw@1703	12 ui.container{ content = error }
bsw@1703	13 return
bsw@1703	14 end
bsw@1703	15
bsw@1703	16 local state = param.get("state")
bsw@1703	17
bsw@1703	18 if state ~= app.session:additional_secret_for("oauth") then
bsw@1703	19 ui.heading{ content = "OAuth error" }
bsw@1703	20 ui.container{ content = "state invalid" }
bsw@1703	21 return
bsw@1703	22 end
bsw@1703	23
bsw@1703	24 local code = param.get("code")
bsw@1703	25
bsw@1703	26 local params = {
bsw@1703	27 code = code,
bsw@1703	28 client_id = provider_config.client_id,
bsw@1703	29 client_secret = provider_config.client_secret,
bsw@1703	30 redirect_uri = request.get_absolute_baseurl() .. "oauth2_client/callback.html?provider=" .. provider,
bsw@1703	31 grant_type = "authorization_code"
bsw@1703	32 }
bsw@1703	33
bsw@1703	34 local params_list = {}
bsw@1703	35 for key, val in pairs(params) do
bsw@1703	36 table.insert(params_list, encode.url_part(key) .. "=" .. encode.url_part(val))
bsw@1703	37 end
bsw@1703	38
bsw@1703	39 local r = table.concat(params_list, "&")
bsw@1703	40
bsw@1703	41 local output, err, status = extos.pfilter(nil, "curl", "-X", "POST", "-d", r, provider_config.token_url)
bsw@1703	42
bsw@1703	43 local result = json.import(output)
bsw@1703	44
bsw@1703	45 local url = provider_config.id_url .. "?access_token=" .. encode.url_part(result.access_token)
bsw@1703	46
bsw@1703	47 local output, err, status = extos.pfilter(nil, "curl", url)
bsw@1703	48
bsw@1703	49 local id_result = json.import(output)
bsw@1703	50
bsw@1703	51 local id = id_result[provider_config.id_field]
bsw@1703	52 local email = id_result[provider_config.email_field]
bsw@1703	53
bsw@1703	54 if id then
bsw@1703	55 local member = Member:new_selector()
bsw@1703	56 :add_where{ "authority = ?", "oauth2_" .. provider }
bsw@1703	57 :add_where{ "authority_uid = ?", id }
bsw@1703	58 :optional_object_mode()
bsw@1703	59 :exec()
bsw@1703	60
bsw@1703	61 if not member then
bsw@1703	62 member = Member:new()
bsw@1703	63 member.authority = "oauth2_" .. provider
bsw@1703	64 member.authority_uid = id
bsw@1703	65 member.notify_email = email
bsw@1703	66 member.name = "Member " .. id
bsw@1703	67 member.identification = "Member " .. id
bsw@1703	68 member.activated = "now"
bsw@1703	69 member:save()
bsw@1703	70 for i, unit_id in ipairs(provider_config.unit_ids) do
bsw@1703	71 local privilege = Privilege:new()
bsw@1703	72 privilege.member_id = member.id
bsw@1703	73 privilege.unit_id = unit_id
bsw@1703	74 privilege.initiative_right = true
bsw@1703	75 privilege.voting_right = true
bsw@1703	76 privilege:save()
bsw@1703	77 end
bsw@1703	78 end
bsw@1703	79 member.last_login = "now"
bsw@1703	80 member.last_activity = "now"
bsw@1703	81 member.active = true
bsw@1703	82 member:save()
bsw@1703	83 app.session.member = member
bsw@1703	84 app.session:save()
bsw@1703	85 request.redirect{ external = request.get_absolute_baseurl() }
bsw@1703	86
bsw@1703	87 end
bsw@1703	88