liquid_feedback_frontend
view model/token.lua @ 1668:6d75df24e66e
Updated German translation
| author | bsw |
|---|---|
| date | Sun Mar 07 09:52:36 2021 +0100 (2021-03-07) |
| parents | 32cc544d5a5b |
| children |
line source
1 Token = mondelefant.new_class()
2 Token.table = 'token'
4 Token:add_reference{
5 mode = '1m',
6 to = "TokenScope",
7 this_key = 'id',
8 that_key = 'token_id',
9 ref = 'token_scopes',
10 back_ref = 'token',
11 default_order = 'token_scope.index'
12 }
14 Token:add_reference{
15 mode = 'm1',
16 to = "Member",
17 this_key = 'member_id',
18 that_key = 'id',
19 ref = 'member',
20 }
22 Token:add_reference{
23 mode = 'm1',
24 to = "Session",
25 this_key = 'session_id',
26 that_key = 'id',
27 ref = 'session',
28 }
30 Token:add_reference{
31 mode = 'm1',
32 to = "SystemApplication",
33 this_key = 'system_application_id',
34 that_key = 'id',
35 ref = 'system_application',
36 }
38 function Token:new()
39 local token = self.prototype.new(self)
40 token.token = multirand.string(16, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
41 return token
42 end
44 function Token:create_authorization(member_id, system_application_id, domain, session_id, redirect_uri, redirect_uri_explicit, scopes, state)
46 local detached = false
47 for i = 0, #scopes do
48 if scopes[i] then
49 for s in string.gmatch(scopes[i], "[^ ]+") do
50 if s == "detached" then
51 detached = true
52 end
53 end
54 end
55 end
57 local requested_scopes = {}
59 for i = 0, #scopes do
60 if scopes[i] then
61 for scope in string.gmatch(scopes[i], "[^ ]+") do
62 requested_scopes[scope] = true
63 end
64 end
65 end
67 local requested_scopes_list = {}
69 for k, v in pairs(requested_scopes) do
70 requested_scopes_list[#requested_scopes_list+1] = k
71 end
73 local requested_scopes_string = table.concat(requested_scopes_list, " ")
75 local expiry = db:query({"SELECT now() + (? || 'sec')::interval AS expiry", config.oauth2.authorization_code_lifetime }, "object").expiry
77 local token = Token:new()
78 token.token_type = "authorization"
79 token.member_id = member_id
80 token.system_application_id = system_application_id
81 token.domain = domain
82 if not detached then
83 token.session_id = session_id
84 end
85 token.redirect_uri = redirect_uri
86 token.redirect_uri_explicit = redirect_uri_explicit
87 token.expiry = expiry
88 token.scope = requested_scopes_string
90 token:save()
92 for i = 0, #scopes do
93 if scopes[i] then
94 local token_scope = TokenScope:new()
95 token_scope.token_id = token.id
96 token_scope.index = i
97 token_scope.scope = scopes[i]
98 token_scope:save()
99 end
100 end
103 return token, target_uri
104 end
106 function Token:by_token_type_and_token(token_type, token)
107 local selector = Token:new_selector()
108 selector:add_where{ "token_type = ?", token_type }
109 selector:add_where{ "token = ?", token }
110 selector:add_where{ "expiry > now()" }
111 selector:optional_object_mode()
112 if token_type == "authorization_code" then
113 selector:for_update()
114 end
115 if token_type == "access_token" then
116 selector:add_field("FLOOR(EXTRACT(EPOCH FROM expiry - now()))", "expiry_in")
117 end
118 return selector:exec()
119 end
121 function Token:refresh_token_by_token_selector(token)
122 local selector = Token:new_selector()
123 selector:add_where{ "token_type = ?", "refresh" }
124 selector:add_where{ "member_id = ?", token.member_id }
125 if token.system_application_id then
126 selector:add_where{ "system_application_id = ?", token.system_application_id }
127 else
128 selector:add_where{ "domain = ?", token.domain }
129 end
130 return selector
131 end
133 function Token:fresh_refresh_token_by_token(token)
134 local selector = Token:refresh_token_by_token_selector(token)
135 selector:add_where{ "created + ('?' || ' sec')::interval > now()", config.oauth2.refresh_pause }
136 selector:add_where{ "regexp_split_to_array(scope, E'\\\\s+') <@ regexp_split_to_array(?, E'\\\\s+')", token.scope }
137 selector:add_where{ "regexp_split_to_array(scope, E'\\\\s+') @> regexp_split_to_array(?, E'\\\\s+')", token.scope }
138 return selector:exec()
139 end
141 function Token:old_refresh_token_by_token(token, scopes)
142 local selector = Token:refresh_token_by_token_selector(token)
143 selector:add_where{ "id < ?", token.id }
144 selector:add_where{ "created + ('?' || ' sec')::interval <= now()", config.oauth2.refresh_grace_period }
145 selector:add_where{ "regexp_split_to_array(scope, E'\\\\s+') && regexp_split_to_array(?, E'\\\\s+')", scopes }
146 return selector:exec()
147 end