liquid_feedback_frontend: ce00a6d5f610 app/main/oauth2/validate.lua

liquid_feedback_frontend

view app/main/oauth2/validate.lua @ 1480:ce00a6d5f610

New button design for suggestion add dialog

author	bsw
date	Thu Oct 18 17:57:49 2018 +0200 (2018-10-18)
parents	32cc544d5a5b
children	6077545667ec

line source

1 if not request.is_post() then

2 return execute.view { module = "index", view = "405" }

3 end

5 slot.set_layout(nil, "application/json")

7 local function error_result(error_code, description)

8 local r = json.object()

9 r.error = error_code

10 r.error_description = description

11 slot.put_into("data", json.export(r))

12 request.set_status("400 Bad Request")

13 end

15 local access_token, access_token_err = util.get_access_token()

17 if access_token_err then

18 if access_token_err == "header_and_param" then

19 return error_result("invalid_request", "Access token passed both via header and param")

20 end

21 error("Error in util.get_access_token")

22 end

24 if not access_token then

25 return error_result("invalid_token", "No access token supplied")

26 end

28 local token = Token:by_token_type_and_token("access", access_token)

30 if not token then

31 return error_result("invalid_token", "Access token invalid")

32 end

34 local scopes = {}

35 for scope in string.gmatch(token.scope, "[^ ]+") do

36 local match = string.match(scope, "(.+)_detached$")

37 scopes[match or scope] = true

38 end

39 local scope_list = {}

40 for scope in pairs(scopes) do

41 scope_list[#scope_list+1] = scope

42 end

43 table.sort(scope_list)

44 local scope = table.concat(scope_list, " ")

46 local r = json.object()

47 r.scope = scope

48 r.member_id = token.member_id

49 if token.member.role then

50 r.member_is_role = true

51 end

52 if token.session then

53 r.real_member_id = token.session.real_member_id

54 end

56 if param.get("include_member", atom.boolean) then

57 if scopes.identification or scopes.authentication then

58 local member = token.member

59 r.member = json.object{

60 id = member.id,

61 name = member.name,

62 }

63 if token.session and token.session.real_member then

64 r.real_member = json.object{

65 id = token.session.real_member.id,

66 name = token.session.real_member.name,

67 }

68 end

69 if scopes.identification then

70 r.member.identification = member.identification

71 if token.session and token.session.real_member then

72 r.real_member.identification = token.session.real_member.identification

73 end

74 end

75 if param.get("include_member_notify_email", atom.boolean) then

76 r.member.notify_email = member.notify_email

77 end

78 end

79 end

81 r.logged_in = token.session_id and true or false

82 slot.put_into("data", json.export(r))