comparison mod_http_oauth2/mod_http_oauth2.lua @ 4269:143515d0b212

mod_http_oauth2: Factor out authorization code validity decision I intend to use it for a couple of more things, so having a single definition helps keep things tidy
author Kim Alvefur <zash@zash.se>
date Sun, 22 Nov 2020 18:39:55 +0100
parents 7b4a73364363
children 243f7b0dbf35
comparison
equal deleted inserted replaced
4268:871d140d61bb 4269:143515d0b212
12 local tokens = module:depends("tokenauth"); 12 local tokens = module:depends("tokenauth");
13 13
14 local clients = module:open_store("oauth2_clients", "map"); 14 local clients = module:open_store("oauth2_clients", "map");
15 local codes = module:open_store("oauth2_codes", "map"); 15 local codes = module:open_store("oauth2_codes", "map");
16 16
17 local function code_expired(code)
18 return os.difftime(os.time(), code.issued) > 900;
19 end
20
17 local function oauth_error(err_name, err_desc) 21 local function oauth_error(err_name, err_desc)
18 return errors.new({ 22 return errors.new({
19 type = "modify"; 23 type = "modify";
20 condition = "bad-request"; 24 condition = "bad-request";
21 code = err_name == "invalid_client" and 401 or 400; 25 code = err_name == "invalid_client" and 401 or 400;
116 module:log("debug", "client_secret mismatch"); 120 module:log("debug", "client_secret mismatch");
117 return oauth_error("invalid_client", "incorrect credentials"); 121 return oauth_error("invalid_client", "incorrect credentials");
118 end 122 end
119 local code, err = codes:get(client_owner, client_id .. "#" .. params.code); 123 local code, err = codes:get(client_owner, client_id .. "#" .. params.code);
120 if err then error(err); end 124 if err then error(err); end
121 if not code or type(code) ~= "table" or os.difftime(os.time(), code.issued) > 900 then 125 if not code or type(code) ~= "table" or code_expired(code) then
122 module:log("debug", "authorization_code invalid or expired: %q", code); 126 module:log("debug", "authorization_code invalid or expired: %q", code);
123 return oauth_error("invalid_client", "incorrect credentials"); 127 return oauth_error("invalid_client", "incorrect credentials");
124 end 128 end
125 assert(codes:set(client_owner, client_id .. "#" .. params.code, nil)); 129 assert(codes:set(client_owner, client_id .. "#" .. params.code, nil));
126 130