liquid_feedback_frontend

view app/main/oauth2/register.lua @ 1423:4232b30dfb11

find changesets by author, revision, files, or words in the commit message
Allow additional comments in registration form
author bsw
date Thu Sep 20 13:49:19 2018 +0200 (2018-09-20)
parents 32cc544d5a5b
children
line source
1 if not request.is_post() then
2 return execute.view { module = "index", view = "405" }
3 end
4
5 slot.set_layout(nil, "application/json;charset=UTF-8")
6
7 local r = json.object()
8
9 local function error_result(error_code, error_description)
10 -- TODO special HTTP status codes for some errors?
11 request.set_status("400 Bad Request")
12 slot.put_into("data", json.export{
13 error = error_code,
14 error_description = error_description
15 })
16 end
17
18 local client_id = param.get("client_id")
19 local flow = param.get("flow")
20 local scope = param.get("scope")
21
22 if flow ~= "code" and flow ~= "token" then
23 return error_result("invalid_request", "invalid flow")
24 end
25
26 local domain
27
28 if client_id then
29 domain = string.match(client_id, "^dynamic:([a-z0-9.-]+)$")
30 if not domain then
31 return error_result("invalid_client", "invalid client_id (use lower case host name prefixed with 'dynamic:')")
32 end
33 end
34
35 local cert_ca = request.get_header("X-LiquidFeedback-CA")
36 local cert_distinguished_name = request.get_header("X-SSL-DN")
37 local cert_common_name
38
39 if cert_distinguished_name then
40 cert_common_name = string.match(cert_distinguished_name, "%f[^/\0]CN=([A-Za-z0-9_.-]+)%f[/\0]")
41 if not cert_common_name then
42 return error_result("invalid_client", "CN in X.509 certificate invalid")
43 end
44 else
45 return error_result("invalid_client", "X.509 client authorization missing")
46 end
47
48 if cert_ca ~= "public" then
49 return error_result("invalid_client", "X.509 certificate not signed by publicly trusted certificate authority or wrong endpoint used")
50 end
51
52 if domain then
53 if domain ~= cert_common_name then
54 return error_result("invalid_grant", "CN in X.509 certificate incorrect")
55 end
56 else
57 domain = cert_common_name
58 end
59
60 local redirect_uri = "https://" .. domain .. "/" .. config.oauth2.endpoint_magic
61
62 local expiry = db:query({ "SELECT now() + (? || 'sec')::interval AS expiry", config.oauth2.dynamic_registration_lifetime }, "object").expiry
63
64 for s in string.gmatch(scope, "[^ ]+") do
65 local dynamic_application_scope = DynamicApplicationScope:new()
66 dynamic_application_scope.redirect_uri = redirect_uri
67 dynamic_application_scope.flow = flow
68 dynamic_application_scope.scope = s
69 dynamic_application_scope.expiry = expiry
70 dynamic_application_scope:upsert_mode()
71 dynamic_application_scope:save()
72 end
73
74 r.client_id = "dynamic:" .. domain
75 r.expires_in = config.oauth2.dynamic_registration_lifetime
76
77 slot.put_into("data", json.export(r))

Impressum / About Us