Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 4269:143515d0b212
mod_http_oauth2: Factor out authorization code validity decision
I intend to use it for a couple of more things, so having a single
definition helps keep things tidy
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 22 Nov 2020 18:39:55 +0100 |
| parents | 7b4a73364363 |
| children | 243f7b0dbf35 |
comparison
equal
deleted
inserted
replaced
| 4268:871d140d61bb | 4269:143515d0b212 |
|---|---|
| 12 local tokens = module:depends("tokenauth"); | 12 local tokens = module:depends("tokenauth"); |
| 13 | 13 |
| 14 local clients = module:open_store("oauth2_clients", "map"); | 14 local clients = module:open_store("oauth2_clients", "map"); |
| 15 local codes = module:open_store("oauth2_codes", "map"); | 15 local codes = module:open_store("oauth2_codes", "map"); |
| 16 | 16 |
| 17 local function code_expired(code) | |
| 18 return os.difftime(os.time(), code.issued) > 900; | |
| 19 end | |
| 20 | |
| 17 local function oauth_error(err_name, err_desc) | 21 local function oauth_error(err_name, err_desc) |
| 18 return errors.new({ | 22 return errors.new({ |
| 19 type = "modify"; | 23 type = "modify"; |
| 20 condition = "bad-request"; | 24 condition = "bad-request"; |
| 21 code = err_name == "invalid_client" and 401 or 400; | 25 code = err_name == "invalid_client" and 401 or 400; |
| 116 module:log("debug", "client_secret mismatch"); | 120 module:log("debug", "client_secret mismatch"); |
| 117 return oauth_error("invalid_client", "incorrect credentials"); | 121 return oauth_error("invalid_client", "incorrect credentials"); |
| 118 end | 122 end |
| 119 local code, err = codes:get(client_owner, client_id .. "#" .. params.code); | 123 local code, err = codes:get(client_owner, client_id .. "#" .. params.code); |
| 120 if err then error(err); end | 124 if err then error(err); end |
| 121 if not code or type(code) ~= "table" or os.difftime(os.time(), code.issued) > 900 then | 125 if not code or type(code) ~= "table" or code_expired(code) then |
| 122 module:log("debug", "authorization_code invalid or expired: %q", code); | 126 module:log("debug", "authorization_code invalid or expired: %q", code); |
| 123 return oauth_error("invalid_client", "incorrect credentials"); | 127 return oauth_error("invalid_client", "incorrect credentials"); |
| 124 end | 128 end |
| 125 assert(codes:set(client_owner, client_id .. "#" .. params.code, nil)); | 129 assert(codes:set(client_owner, client_id .. "#" .. params.code, nil)); |
| 126 | 130 |