liquid_feedback_frontend: model/dynamic_application

liquid_feedback_frontend

annotate model/dynamic_application_scope.lua @ 1464:f3082de14228

Updated button design on admin policy edit view

author	bsw
date	Thu Oct 18 17:35:17 2018 +0200 (2018-10-18)
parents	32cc544d5a5b
children

rev	line source
bsw/jbe@1309	1 DynamicApplicationScope = mondelefant.new_class()
bsw/jbe@1309	2 DynamicApplicationScope.table = 'dynamic_application_scope'
bsw/jbe@1309	3 DynamicApplicationScope.primary_key = { "redirect_uri", "flow", "scope" }
bsw/jbe@1309	4
bsw/jbe@1309	5 function DynamicApplicationScope:by_redirect_uri_and_flow(redirect_uri, flow)
bsw/jbe@1309	6 local dynamic_application_scopes = self:new_selector()
bsw/jbe@1309	7 :add_where{ "redirect_uri = ?", redirect_uri }
bsw/jbe@1309	8 :add_where{ "flow = ?", flow }
bsw/jbe@1309	9 :add_where("expiry >= now()")
bsw/jbe@1309	10 :exec()
bsw/jbe@1309	11 return dynamic_application_scopes
bsw/jbe@1309	12 end
bsw/jbe@1309	13
bsw/jbe@1309	14 function DynamicApplicationScope:check_scopes(domain, redirect_uri, requested_flow, requested_scopes)
bsw/jbe@1309	15 local function check_scopes(permitted_scopes)
bsw/jbe@1309	16 local missing_scope = false
bsw/jbe@1309	17 for scope in pairs(requested_scopes) do
bsw/jbe@1309	18 if not permitted_scopes[scope] then
bsw/jbe@1309	19 missing_scope = true
bsw/jbe@1309	20 end
bsw/jbe@1309	21 end
bsw/jbe@1309	22 return missing_scope
bsw/jbe@1309	23 end
bsw/jbe@1309	24
bsw/jbe@1309	25 local registered = false
bsw/jbe@1309	26 local missing_scope = false
bsw/jbe@1309	27
bsw/jbe@1309	28 local dynamic_application_scopes = DynamicApplicationScope:by_redirect_uri_and_flow(redirect_uri, requested_flow)
bsw/jbe@1309	29
bsw/jbe@1309	30 if #dynamic_application_scopes > 0 then
bsw/jbe@1309	31 registered = true
bsw/jbe@1309	32 local permitted_scopes = {}
bsw/jbe@1309	33 for i, dynamic_application_scope in ipairs(dynamic_application_scopes) do
bsw/jbe@1309	34 permitted_scopes[dynamic_application_scope.scope] = true
bsw/jbe@1309	35 end
bsw/jbe@1309	36 missing_scope = check_scopes(permitted_scopes)
bsw/jbe@1309	37 end
bsw/jbe@1309	38
bsw/jbe@1309	39 if not registered or missing_scope then
bsw/jbe@1309	40 local output, err, status = config.oauth2.host_func("_liquidfeedback_client." .. domain)
bsw/jbe@1309	41 if output == nil then
bsw/jbe@1309	42 error("Cannot execute host_func command")
bsw/jbe@1309	43 end
bsw/jbe@1309	44 if status == 0 then
bsw/jbe@1309	45 for line in string.gmatch(output, "[^\r\n]+") do
bsw/jbe@1309	46 local flow, result = string.match(line, '"dynamic client v1" "([^"]+)" (.+)$')
bsw/jbe@1309	47 if flow == requested_flow then
bsw/jbe@1309	48 registered = true
bsw/jbe@1309	49 local permitted_scopes = {}
bsw/jbe@1309	50 local wildcard = false
bsw/jbe@1309	51 for entry in string.gmatch(result, '"([^"]+)"') do
bsw/jbe@1309	52 if entry == "*" then
bsw/jbe@1309	53 wildcard = true
bsw/jbe@1309	54 break
bsw/jbe@1309	55 end
bsw/jbe@1309	56 permitted_scopes[entry] = true
bsw/jbe@1309	57 end
bsw/jbe@1309	58 if not wildcard then
bsw/jbe@1309	59 missing_scope = check_scopes(permitted_scopes)
bsw/jbe@1309	60 end
bsw/jbe@1309	61 end
bsw/jbe@1309	62 end
bsw/jbe@1309	63 end
bsw/jbe@1309	64 end
bsw/jbe@1309	65
bsw/jbe@1309	66 if not registered then
bsw/jbe@1309	67 return "not_registered"
bsw/jbe@1309	68 elseif missing_scope then
bsw/jbe@1309	69 return "missing_scope"
bsw/jbe@1309	70 else
bsw/jbe@1309	71 return "ok"
bsw/jbe@1309	72 end
bsw/jbe@1309	73 end