Mercurial > prosody-modules
annotate mod_http_oauth2/html/consent.html @ 5956:97375a78d2b5
mod_http_oauth2: Reject URLs with 'userinfo' part (thanks mimi89999)
The LuaSocket parser supports these but they're deprecated without
replacement by RFC 3986
> Use of the format "user:password" in the userinfo field is deprecated
Allowing it in OAuth2 URLs is probably bad from a security perspective.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 29 Aug 2024 16:02:46 +0200 |
parents | 401356232e1b |
children | 111eeffb6adf |
rev | line source |
---|---|
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 <!DOCTYPE html> |
5635
401356232e1b
mod_http_oauth2: Specify language in templates
Kim Alvefur <zash@zash.se>
parents:
5631
diff
changeset
|
2 <html lang="en"> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 <head> |
5623
8de02381e80a
mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents:
5568
diff
changeset
|
4 <meta charset="utf-8" /> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 <meta name="viewport" content="width=device-width, initial-scale=1" /> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 <title>{site_name} - Authorize {client.client_name}</title> |
5623
8de02381e80a
mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents:
5568
diff
changeset
|
7 <link rel="stylesheet" href="style.css" /> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 </head> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 <body> |
5625
e86a1018cdb3
mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents:
5624
diff
changeset
|
10 {state.error& |
e86a1018cdb3
mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents:
5624
diff
changeset
|
11 <dialog open="" class="error"> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 <p>{state.error}</p> |
5625
e86a1018cdb3
mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents:
5624
diff
changeset
|
13 <form method="dialog"><button>dismiss</button></form> |
e86a1018cdb3
mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents:
5624
diff
changeset
|
14 </dialog>} |
5624
6109496a7ccc
mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents:
5623
diff
changeset
|
15 <header> |
5227
0dcd956d7bc5
mod_http_oauth2: Close site header tags
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
16 <h1>{site_name}</h1> |
5624
6109496a7ccc
mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents:
5623
diff
changeset
|
17 </header> |
6109496a7ccc
mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents:
5623
diff
changeset
|
18 <main> |
5270
7acf73d2ebb5
mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents:
5227
diff
changeset
|
19 <fieldset> |
7acf73d2ebb5
mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents:
5227
diff
changeset
|
20 <legend>Authorize new application</legend> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 <p>A new application wants to connect to your account.</p> |
5624
6109496a7ccc
mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents:
5623
diff
changeset
|
22 <form method="post"> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 <dl> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 <dt>Name</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 <dd>{client.client_name}</dd> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 <dt>Website</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 <dd><a href="{client.client_uri}">{client.client_uri}</a></dd> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 {client.tos_uri& |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 <dt>Terms of Service</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 <dd><a href="{client.tos_uri}">View terms</a></dd>} |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 {client.policy_uri& |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 <dt>Policy</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 <dd><a href="{client.policy_uri}">View policy</a></dd>} |
5568
540beba5b75b
mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents:
5424
diff
changeset
|
36 |
540beba5b75b
mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents:
5424
diff
changeset
|
37 <dt>Requested permissions</dt> |
540beba5b75b
mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents:
5424
diff
changeset
|
38 <dd>{scopes# |
5631
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
39 <input class="scope" type="checkbox" id="scope_{idx}" name="scope" value="{item}" checked="" /><label class="scope" for="scope_{idx}">{item}</label>} |
5568
540beba5b75b
mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents:
5424
diff
changeset
|
40 </dd> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 </dl> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 <p>To allow <em>{client.client_name}</em> to access your account |
5631
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
44 <em>{state.user.username}@{state.user.host}</em> and associated data, |
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
45 select 'Allow'. Otherwise, select 'Deny'. |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 </p> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
5631
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
48 <input type="hidden" name="user_token" value="{state.user.token}"> |
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
49 <button type="submit" name="consent" value="denied">Deny</button> |
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
50 <button type="submit" name="consent" value="granted">Allow</button> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 </form> |
5270
7acf73d2ebb5
mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents:
5227
diff
changeset
|
52 </fieldset> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 </main> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 </body> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 </html> |