liquid_feedback_frontend
diff model/token.lua @ 1309:32cc544d5a5b
Cumulative patch for upcoming frontend version 4
| author | bsw/jbe |
|---|---|
| date | Sun Jul 15 14:07:29 2018 +0200 (2018-07-15) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/model/token.lua Sun Jul 15 14:07:29 2018 +0200 1.3 @@ -0,0 +1,147 @@ 1.4 +Token = mondelefant.new_class() 1.5 +Token.table = 'token' 1.6 + 1.7 +Token:add_reference{ 1.8 + mode = '1m', 1.9 + to = "TokenScope", 1.10 + this_key = 'id', 1.11 + that_key = 'token_id', 1.12 + ref = 'token_scopes', 1.13 + back_ref = 'token', 1.14 + default_order = 'token_scope.index' 1.15 +} 1.16 + 1.17 +Token:add_reference{ 1.18 + mode = 'm1', 1.19 + to = "Member", 1.20 + this_key = 'member_id', 1.21 + that_key = 'id', 1.22 + ref = 'member', 1.23 +} 1.24 + 1.25 +Token:add_reference{ 1.26 + mode = 'm1', 1.27 + to = "Session", 1.28 + this_key = 'session_id', 1.29 + that_key = 'id', 1.30 + ref = 'session', 1.31 +} 1.32 + 1.33 +Token:add_reference{ 1.34 + mode = 'm1', 1.35 + to = "SystemApplication", 1.36 + this_key = 'system_application_id', 1.37 + that_key = 'id', 1.38 + ref = 'system_application', 1.39 +} 1.40 + 1.41 +function Token:new() 1.42 + local token = self.prototype.new(self) 1.43 + token.token = multirand.string(16, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") 1.44 + return token 1.45 +end 1.46 + 1.47 +function Token:create_authorization(member_id, system_application_id, domain, session_id, redirect_uri, redirect_uri_explicit, scopes, state) 1.48 + 1.49 + local detached = false 1.50 + for i = 0, #scopes do 1.51 + if scopes[i] then 1.52 + for s in string.gmatch(scopes[i], "[^ ]+") do 1.53 + if s == "detached" then 1.54 + detached = true 1.55 + end 1.56 + end 1.57 + end 1.58 + end 1.59 + 1.60 + local requested_scopes = {} 1.61 + 1.62 + for i = 0, #scopes do 1.63 + if scopes[i] then 1.64 + for scope in string.gmatch(scopes[i], "[^ ]+") do 1.65 + requested_scopes[scope] = true 1.66 + end 1.67 + end 1.68 + end 1.69 + 1.70 + local requested_scopes_list = {} 1.71 + 1.72 + for k, v in pairs(requested_scopes) do 1.73 + requested_scopes_list[#requested_scopes_list+1] = k 1.74 + end 1.75 + 1.76 + local requested_scopes_string = table.concat(requested_scopes_list, " ") 1.77 + 1.78 + local expiry = db:query({"SELECT now() + (? || 'sec')::interval AS expiry", config.oauth2.authorization_code_lifetime }, "object").expiry 1.79 + 1.80 + local token = Token:new() 1.81 + token.token_type = "authorization" 1.82 + token.member_id = member_id 1.83 + token.system_application_id = system_application_id 1.84 + token.domain = domain 1.85 + if not detached then 1.86 + token.session_id = session_id 1.87 + end 1.88 + token.redirect_uri = redirect_uri 1.89 + token.redirect_uri_explicit = redirect_uri_explicit 1.90 + token.expiry = expiry 1.91 + token.scope = requested_scopes_string 1.92 + 1.93 + token:save() 1.94 + 1.95 + for i = 0, #scopes do 1.96 + if scopes[i] then 1.97 + local token_scope = TokenScope:new() 1.98 + token_scope.token_id = token.id 1.99 + token_scope.index = i 1.100 + token_scope.scope = scopes[i] 1.101 + token_scope:save() 1.102 + end 1.103 + end 1.104 + 1.105 + 1.106 + return token, target_uri 1.107 +end 1.108 + 1.109 +function Token:by_token_type_and_token(token_type, token) 1.110 + local selector = Token:new_selector() 1.111 + selector:add_where{ "token_type = ?", token_type } 1.112 + selector:add_where{ "token = ?", token } 1.113 + selector:add_where{ "expiry > now()" } 1.114 + selector:optional_object_mode() 1.115 + if token_type == "authorization_code" then 1.116 + selector:for_update() 1.117 + end 1.118 + if token_type == "access_token" then 1.119 + selector:add_field("FLOOR(EXTRACT(EPOCH FROM expiry - now()))", "expiry_in") 1.120 + end 1.121 + return selector:exec() 1.122 +end 1.123 + 1.124 +function Token:refresh_token_by_token_selector(token) 1.125 + local selector = Token:new_selector() 1.126 + selector:add_where{ "token_type = ?", "refresh" } 1.127 + selector:add_where{ "member_id = ?", token.member_id } 1.128 + if token.system_application_id then 1.129 + selector:add_where{ "system_application_id = ?", token.system_application_id } 1.130 + else 1.131 + selector:add_where{ "domain = ?", token.domain } 1.132 + end 1.133 + return selector 1.134 +end 1.135 + 1.136 +function Token:fresh_refresh_token_by_token(token) 1.137 + local selector = Token:refresh_token_by_token_selector(token) 1.138 + selector:add_where{ "created + ('?' || ' sec')::interval > now()", config.oauth2.refresh_pause } 1.139 + selector:add_where{ "regexp_split_to_array(scope, E'\\\\s+') <@ regexp_split_to_array(?, E'\\\\s+')", token.scope } 1.140 + selector:add_where{ "regexp_split_to_array(scope, E'\\\\s+') @> regexp_split_to_array(?, E'\\\\s+')", token.scope } 1.141 + return selector:exec() 1.142 +end 1.143 + 1.144 +function Token:old_refresh_token_by_token(token, scopes) 1.145 + local selector = Token:refresh_token_by_token_selector(token) 1.146 + selector:add_where{ "id < ?", token.id } 1.147 + selector:add_where{ "created + ('?' || ' sec')::interval <= now()", config.oauth2.refresh_grace_period } 1.148 + selector:add_where{ "regexp_split_to_array(scope, E'\\\\s+') && regexp_split_to_array(?, E'\\\\s+')", scopes } 1.149 + return selector:exec() 1.150 +end