liquid_feedback_frontend

view app/main/oauth2/validate.lua @ 1569:32b9e4070777

find changesets by author, revision, files, or words in the commit message
Do not show login link when logged in for units without privileges
author bsw
date Wed Nov 11 11:11:59 2020 +0100 (2020-11-11)
parents 6077545667ec
children 2874a199c727
line source
1 if not request.is_post() then
2 return execute.view { module = "index", view = "405" }
3 end
4
5 slot.set_layout(nil, "application/json")
6
7 local function error_result(error_code, description)
8 local r = json.object()
9 r.error = error_code
10 r.error_description = description
11 slot.put_into("data", json.export(r))
12 request.set_status("400 Bad Request")
13 end
14
15 local access_token, access_token_err = util.get_access_token()
16
17 if access_token_err then
18 if access_token_err == "header_and_param" then
19 return error_result("invalid_request", "Access token passed both via header and param")
20 end
21 error("Error in util.get_access_token")
22 end
23
24 if not access_token then
25 return error_result("invalid_token", "No access token supplied")
26 end
27
28 local token = Token:by_token_type_and_token("access", access_token)
29
30 if not token then
31 return error_result("invalid_token", "Access token invalid")
32 end
33
34 local scopes = {}
35 for scope in string.gmatch(token.scope, "[^ ]+") do
36 local match = string.match(scope, "(.+)_detached$")
37 scopes[match or scope] = true
38 end
39 local scope_list = {}
40 for scope in pairs(scopes) do
41 scope_list[#scope_list+1] = scope
42 end
43 table.sort(scope_list)
44 local scope = table.concat(scope_list, " ")
45
46 local r = json.object()
47 r.scope = scope
48
49 local expiry = db:query({ "SELECT FLOOR(EXTRACT(EPOCH FROM ? - now())) AS access_time_left", token.expiry }, "object")
50 r.expires_in = expiry.access_time_left
51
52 r.member_id = token.member_id
53 if token.member.role then
54 r.member_is_role = true
55 end
56 if token.session then
57 r.real_member_id = token.session.real_member_id
58 end
59
60 if param.get("include_member", atom.boolean) then
61 if scopes.identification or scopes.authentication then
62 local member = token.member
63 r.member = json.object{
64 id = member.id,
65 name = member.name,
66 }
67 if token.session and token.session.real_member then
68 r.real_member = json.object{
69 id = token.session.real_member.id,
70 name = token.session.real_member.name,
71 }
72 end
73 if scopes.identification then
74 r.member.identification = member.identification
75 if token.session and token.session.real_member then
76 r.real_member.identification = token.session.real_member.identification
77 end
78 end
79 if param.get("include_member_notify_email", atom.boolean) then
80 r.member.notify_email = member.notify_email
81 end
82 end
83 end
84
85 r.logged_in = token.session_id and true or false
86 slot.put_into("data", json.export(r))
87
88
89

Impressum / About Us