liquid_feedback_frontend
view model/dynamic_application_scope.lua @ 1316:186a172c8b9e
Allow forced manual verification w/o sms check
| author | bsw | 
|---|---|
| date | Wed Aug 01 17:46:20 2018 +0200 (2018-08-01) | 
| parents | 32cc544d5a5b | 
| children | 
 line source
     1 DynamicApplicationScope = mondelefant.new_class()
     2 DynamicApplicationScope.table = 'dynamic_application_scope'
     3 DynamicApplicationScope.primary_key = { "redirect_uri", "flow", "scope" }
     5 function DynamicApplicationScope:by_redirect_uri_and_flow(redirect_uri, flow)
     6   local dynamic_application_scopes = self:new_selector()
     7     :add_where{ "redirect_uri = ?", redirect_uri }
     8     :add_where{ "flow = ?", flow }
     9     :add_where("expiry >= now()")
    10     :exec()
    11   return dynamic_application_scopes
    12 end
    14 function DynamicApplicationScope:check_scopes(domain, redirect_uri, requested_flow, requested_scopes)
    15   local function check_scopes(permitted_scopes)
    16     local missing_scope = false
    17     for scope in pairs(requested_scopes) do
    18       if not permitted_scopes[scope] then
    19         missing_scope = true
    20       end
    21     end
    22     return missing_scope
    23   end
    25   local registered = false
    26   local missing_scope = false
    28   local dynamic_application_scopes = DynamicApplicationScope:by_redirect_uri_and_flow(redirect_uri, requested_flow)
    30   if #dynamic_application_scopes > 0 then
    31     registered = true
    32     local permitted_scopes = {}
    33     for i, dynamic_application_scope in ipairs(dynamic_application_scopes) do
    34       permitted_scopes[dynamic_application_scope.scope] = true
    35     end
    36     missing_scope = check_scopes(permitted_scopes)
    37   end
    39   if not registered or missing_scope then
    40     local output, err, status = config.oauth2.host_func("_liquidfeedback_client." .. domain)
    41     if output == nil then
    42       error("Cannot execute host_func command")
    43     end
    44     if status == 0 then
    45       for line in string.gmatch(output, "[^\r\n]+") do
    46         local flow, result = string.match(line, '"dynamic client v1" "([^"]+)" (.+)$')
    47         if flow == requested_flow then
    48           registered = true
    49           local permitted_scopes = {}
    50           local wildcard = false
    51           for entry in string.gmatch(result, '"([^"]+)"') do
    52             if entry == "*" then
    53               wildcard = true
    54               break
    55             end
    56             permitted_scopes[entry] = true
    57           end
    58           if not wildcard then
    59             missing_scope = check_scopes(permitted_scopes)
    60           end
    61         end
    62       end
    63     end
    64   end
    66   if not registered then
    67     return "not_registered"
    68   elseif missing_scope then
    69     return "missing_scope"
    70   else
    71     return "ok"
    72   end
    73 end
