# HG changeset patch
# User bsw
# Date 1598269683 -7200
# Node ID 45fd259aa1ad05573b1061ebca3d3f43519b0216
# Parent  628e1b9126c0c7c09b92d2b29ea7cdfebbcb8482
Added login api interface and login scope

diff -r 628e1b9126c0 -r 45fd259aa1ad app/main/_prefork/10_init.lua
--- a/app/main/_prefork/10_init.lua	Thu Aug 20 15:55:04 2020 +0200
+++ b/app/main/_prefork/10_init.lua	Mon Aug 24 13:48:03 2020 +0200
@@ -91,7 +91,8 @@
     { scope = "update_name", name = { de = "Screen-Namen ändern", en = "Update screen name" } },
     { scope = "update_notify_email", name = { de = "E-Mail-Adresse für Benachrichtigungen ändern", en = "Update notify email address" } },
     { scope = "update_profile", name = { de = "Profil bearbeiten", en = "Update your profile" } },
-    { scope = "update_settings", name = { de = "Benutzereinstellungen ändern", en = "Update your settings" } }   
+    { scope = "update_settings", name = { de = "Benutzereinstellungen ändern", en = "Update your settings" } },
+    { scope = "login", name = { de = "Login", en = "Login" } }
   }
   local s = config.oauth2.available_scopes or {}
   for i, scope in ipairs(scopes) do
diff -r 628e1b9126c0 -r 45fd259aa1ad app/main/api/login.lua
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/app/main/api/login.lua	Mon Aug 24 13:48:03 2020 +0200
@@ -0,0 +1,25 @@
+if not app.scopes.login then
+  request.redirect{ external = request.get_absolute_baseurl() .. "index/login.html" }
+  return
+end
+
+if not app.access_token.used then
+  local result = util.login(app.access_token.member)
+
+  if not result then
+    request.redirect{ external = request.get_absolute_baseurl() .. "index/login.html" }
+    return
+  end
+  app.access_token.used = true
+  app.access_token:save()
+end
+
+local redir_url = param.get("redir_url")
+
+if not redir_url then
+  request.redirect{ external = request.get_absolute_baseurl() }
+  return
+end
+
+request.redirect{ external = redir_url }
+
diff -r 628e1b9126c0 -r 45fd259aa1ad app/main/index/_action/login.lua
--- a/app/main/index/_action/login.lua	Thu Aug 20 15:55:04 2020 +0200
+++ b/app/main/index/_action/login.lua	Mon Aug 24 13:48:03 2020 +0200
@@ -16,94 +16,10 @@
   return
 end
 
-local function do_etherpad_auth(member)
-  local result = net.curl(
-    config.etherpad.api_base
-    .. "api/1/createAuthorIfNotExistsFor?apikey=" .. config.etherpad.api_key
-    .. "&name=" .. encode.url_part(member.name) .. "&authorMapper=" .. tostring(member.id)
-  )
-  
-  if not result then
-    slot.put_into("error", _"Etherpad authentication failed" .. " 1")
-    return false
-  end
-  
-  local etherpad_author_id = string.match(result, '"authorID"%s*:%s*"([^"]+)"')
-  
-  if not etherpad_author_id then
-    slot.put_into("error", _"Etherpad authentication failed" .. " 2")
-    return false
-  end
-  
-  local time_in_24h = os.time() + 24 * 60 * 60
-  
-  local result = net.curl(
-    config.etherpad.api_base 
-    .. "api/1/createSession?apikey=" .. config.etherpad.api_key
-    .. "&groupID=" .. config.etherpad.group_id
-    .. "&authorID=" .. etherpad_author_id
-    .. "&validUntil=" .. time_in_24h
-  )
-
-  if not result then
-    slot.put_into("error", _"Etherpad authentication failed" .. " 3")
-    return false
-  end
-  
-  local etherpad_sesion_id = string.match(result, '"sessionID"%s*:%s*"([^"]+)"')
-
-  if not etherpad_sesion_id then
-    slot.put_into("error", _"Etherpad authentication failed" .. " 4")
-    return false
-  end
-
-  request.set_cookie{
-    path = config.etherpad.cookie_path,
-    name = "sessionID",
-    value = etherpad_sesion_id
-  }
-end
 
 if member then
-  member.last_login = "now"
-  
-  local delegations = Delegation:delegations_to_check_for_member_id(member.id)
-  
-  if config.check_delegations_interval_hard 
-      and member.needs_delegation_check_hard
-      and #delegations > 0 then
-        
-    app.session.needs_delegation_check = true
-    
-  else
-    
-    if #delegations == 0 then
-      member.last_delegation_check = "now"
-    end
-    
-    member.last_activity = "now"
-    member.active = true
-    
-  end
-  
-  if member.lang == nil then
-    member.lang = app.session.lang
-  else
-    app.session.lang = member.lang
-  end
+  return util.login(member)
 
-  if member.password_hash_needs_update then
-    member:set_password(password)
-  end
-  
-  member:save()
-  app.session.member = member
-  app.session:save()
-
-  trace.debug('User authenticated')
-  if config.etherpad then
-    do_etherpad_auth(member)
-  end
 else
   slot.put_into("error_code", "invalid_credentials")
   trace.debug('User NOT authenticated')
diff -r 628e1b9126c0 -r 45fd259aa1ad env/request/router.lua
--- a/env/request/router.lua	Thu Aug 20 15:55:04 2020 +0200
+++ b/env/request/router.lua	Mon Aug 24 13:48:03 2020 +0200
@@ -12,7 +12,8 @@
   settings = true,
   event = true,
   support = true,
-  embed_initiative = true
+  embed_initiative = true,
+  login = true
 }
 
 function request.router()
diff -r 628e1b9126c0 -r 45fd259aa1ad env/util/login.lua
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/env/util/login.lua	Mon Aug 24 13:48:03 2020 +0200
@@ -0,0 +1,92 @@
+local function do_etherpad_auth(member)
+  local result = net.curl(
+    config.etherpad.api_base
+    .. "api/1/createAuthorIfNotExistsFor?apikey=" .. config.etherpad.api_key
+    .. "&name=" .. encode.url_part(member.name) .. "&authorMapper=" .. tostring(member.id)
+  )
+  
+  if not result then
+    slot.put_into("error", _"Etherpad authentication failed" .. " 1")
+    return false
+  end
+  
+  local etherpad_author_id = string.match(result, '"authorID"%s*:%s*"([^"]+)"')
+  
+  if not etherpad_author_id then
+    slot.put_into("error", _"Etherpad authentication failed" .. " 2")
+    return false
+  end
+  
+  local time_in_24h = os.time() + 24 * 60 * 60
+  
+  local result = net.curl(
+    config.etherpad.api_base 
+    .. "api/1/createSession?apikey=" .. config.etherpad.api_key
+    .. "&groupID=" .. config.etherpad.group_id
+    .. "&authorID=" .. etherpad_author_id
+    .. "&validUntil=" .. time_in_24h
+  )
+
+  if not result then
+    slot.put_into("error", _"Etherpad authentication failed" .. " 3")
+    return false
+  end
+  
+  local etherpad_sesion_id = string.match(result, '"sessionID"%s*:%s*"([^"]+)"')
+
+  if not etherpad_sesion_id then
+    slot.put_into("error", _"Etherpad authentication failed" .. " 4")
+    return false
+  end
+
+  request.set_cookie{
+    path = config.etherpad.cookie_path,
+    name = "sessionID",
+    value = etherpad_sesion_id
+  }
+end
+
+function util.login(member)
+  member.last_login = "now"
+  
+  local delegations = Delegation:delegations_to_check_for_member_id(member.id)
+  
+  if config.check_delegations_interval_hard 
+      and member.needs_delegation_check_hard
+      and #delegations > 0 then
+        
+    app.session.needs_delegation_check = true
+    
+  else
+    
+    if #delegations == 0 then
+      member.last_delegation_check = "now"
+    end
+    
+    member.last_activity = "now"
+    member.active = true
+    
+  end
+  
+  if member.lang == nil then
+    member.lang = app.session.lang
+  else
+    app.session.lang = member.lang
+  end
+
+  if member.password_hash_needs_update then
+    member:set_password(password)
+  end
+  
+  member:save()
+  app.session.member = member
+  app.session:save()
+
+  trace.debug('User authenticated')
+  if config.etherpad then
+    return do_etherpad_auth(member)
+  end
+
+  return true
+
+end