bsw@1703: local provider = param.get("provider")
bsw@1703: local provider_config = config.oauth2_providers[provider]
bsw@1703: if not provider_config then
bsw@1703:   return
bsw@1703: end
bsw@1703: 
bsw@1703: 
bsw@1703: local error = param.get("error")
bsw@1703: 
bsw@1703: if error then
bsw@1703:   ui.heading{ content = "OAuth error" }
bsw@1703:   ui.container{ content = error }
bsw@1703:   return
bsw@1703: end
bsw@1703: 
bsw@1703: local state = param.get("state")
bsw@1703: 
bsw@1703: if state ~= app.session:additional_secret_for("oauth") then
bsw@1703:   ui.heading{ content = "OAuth error" }
bsw@1703:   ui.container{ content = "state invalid" }
bsw@1703:   return
bsw@1703: end
bsw@1703: 
bsw@1703: local code = param.get("code")
bsw@1703: 
bsw@1703: local params = {
bsw@1703:   code = code,
bsw@1703:   client_id = provider_config.client_id,
bsw@1703:   client_secret = provider_config.client_secret,
bsw@1703:   redirect_uri = request.get_absolute_baseurl() .. "oauth2_client/callback.html?provider=" .. provider,
bsw@1703:   grant_type = "authorization_code"
bsw@1703: }
bsw@1703: 
bsw@1703: local params_list = {}
bsw@1703: for key, val in pairs(params) do
bsw@1703:   table.insert(params_list, encode.url_part(key) .. "=" .. encode.url_part(val))
bsw@1703: end
bsw@1703: 
bsw@1703: local r = table.concat(params_list, "&")
bsw@1703: 
bsw@1703: local output, err, status = extos.pfilter(nil, "curl", "-X", "POST", "-d", r, provider_config.token_url)
bsw@1703: 
bsw@1703: local result = json.import(output)
bsw@1703: 
bsw@1703: local url = provider_config.id_url .. "?access_token=" .. encode.url_part(result.access_token)
bsw@1703: 
bsw@1703: local output, err, status = extos.pfilter(nil, "curl", url)
bsw@1703: 
bsw@1703: local id_result = json.import(output)
bsw@1703: 
bsw@1703: local id = id_result[provider_config.id_field]
bsw@1703: local email = id_result[provider_config.email_field]
bsw@1703: 
bsw@1703: if id then
bsw@1703:   local member = Member:new_selector()
bsw@1703:     :add_where{ "authority = ?", "oauth2_" .. provider }
bsw@1703:     :add_where{ "authority_uid = ?", id }
bsw@1703:     :optional_object_mode()
bsw@1703:     :exec()
bsw@1703:     
bsw@1703:   if not member then
bsw@1703:     member = Member:new()
bsw@1703:     member.authority = "oauth2_" .. provider
bsw@1703:     member.authority_uid = id
bsw@1703:     member.notify_email = email
bsw@1703:     member.name = "Member " .. id
bsw@1703:     member.identification = "Member " .. id
bsw@1703:     member.activated = "now"
bsw@1703:     member:save()
bsw@1703:     for i, unit_id in ipairs(provider_config.unit_ids) do
bsw@1703:       local privilege = Privilege:new()
bsw@1703:       privilege.member_id = member.id
bsw@1703:       privilege.unit_id = unit_id
bsw@1703:       privilege.initiative_right = true
bsw@1703:       privilege.voting_right = true
bsw@1703:       privilege:save()
bsw@1703:     end
bsw@1703:   end
bsw@1703:   member.last_login = "now"
bsw@1703:   member.last_activity = "now"
bsw@1703:   member.active = true
bsw@1703:   member:save()
bsw@1703:   app.session.member = member
bsw@1703:   app.session:save()
bsw@1703:   request.redirect{ external = request.get_absolute_baseurl() }
bsw@1703:   
bsw@1703: end
bsw@1703: