liquid_feedback_frontend
view app/main/oauth2/validate.lua @ 1848:2814c170a3e7
Added translations
| author | bsw |
|---|---|
| date | Thu Feb 03 16:10:06 2022 +0100 (2022-02-03) |
| parents | 020fd82c6cb4 |
| children |
line source
1 if not request.is_post() then
2 return execute.view { module = "index", view = "405" }
3 end
5 slot.set_layout(nil, "application/json")
7 local function error_result(error_code, description)
8 local r = json.object()
9 r.error = error_code
10 r.error_description = description
11 slot.put_into("data", json.export(r))
12 request.set_status("400 Bad Request")
13 end
15 local access_token, access_token_err = util.get_access_token()
17 if access_token_err then
18 if access_token_err == "header_and_param" then
19 return error_result("invalid_request", "Access token passed both via header and param")
20 end
21 error("Error in util.get_access_token")
22 end
24 if not access_token then
25 return error_result("invalid_token", "No access token supplied")
26 end
28 local token = Token:by_token_type_and_token("access", access_token)
30 if not token then
31 return error_result("invalid_token", "Access token invalid")
32 end
34 local scopes = {}
35 for scope in string.gmatch(token.scope, "[^ ]+") do
36 local match = string.match(scope, "(.+)_detached$")
37 scopes[match or scope] = true
38 end
39 local scope_list = {}
40 for scope in pairs(scopes) do
41 scope_list[#scope_list+1] = scope
42 end
43 table.sort(scope_list)
44 local scope = table.concat(scope_list, " ")
46 local r = json.object()
47 r.scope = scope
49 local expiry = db:query({ "SELECT FLOOR(EXTRACT(EPOCH FROM ? - now())) AS access_time_left", token.expiry }, "object")
50 r.expires_in = expiry.access_time_left
52 r.member_id = token.member_id
53 if token.member.role then
54 r.member_is_role = true
55 end
56 if token.session then
57 r.real_member_id = token.session.real_member_id
58 end
60 if scopes.identification or scopes.authentication then
61 if param.get("include_member", atom.boolean) then
62 local member = token.member
63 r.member = json.object{
64 id = member.id,
65 name = member.name,
66 }
67 if token.session and token.session.real_member then
68 r.real_member = json.object{
69 id = token.session.real_member.id,
70 name = token.session.real_member.name,
71 }
72 end
73 if scopes.identification then
74 r.member.identification = member.identification
75 if token.session and token.session.real_member then
76 r.real_member.identification = token.session.real_member.identification
77 end
78 end
79 if param.get("include_member_notify_email", atom.boolean) then
80 r.member.notify_email = member.notify_email
81 end
82 if param.get("include_roles", atom.boolean) then
83 for i, unit in ipairs(member.units) do
84 if unit.attr.role then
85 r.roles = json.object()
86 if not unit.attr.only_visible_for_role
87 or member:has_role(unit.attr.only_visible_for_role)
88 then
89 r.roles[unit.attr.role] = true
90 end
91 end
92 end
93 end
94 end
95 end
97 r.logged_in = token.session_id and true or false
98 slot.put_into("data", json.export(r))