Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 4269:143515d0b212
mod_http_oauth2: Factor out authorization code validity decision
I intend to use it for a couple of more things, so having a single
definition helps keep things tidy
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 22 Nov 2020 18:39:55 +0100 |
parents | 7b4a73364363 |
children | 243f7b0dbf35 |
comparison
equal
deleted
inserted
replaced
4268:871d140d61bb | 4269:143515d0b212 |
---|---|
12 local tokens = module:depends("tokenauth"); | 12 local tokens = module:depends("tokenauth"); |
13 | 13 |
14 local clients = module:open_store("oauth2_clients", "map"); | 14 local clients = module:open_store("oauth2_clients", "map"); |
15 local codes = module:open_store("oauth2_codes", "map"); | 15 local codes = module:open_store("oauth2_codes", "map"); |
16 | 16 |
17 local function code_expired(code) | |
18 return os.difftime(os.time(), code.issued) > 900; | |
19 end | |
20 | |
17 local function oauth_error(err_name, err_desc) | 21 local function oauth_error(err_name, err_desc) |
18 return errors.new({ | 22 return errors.new({ |
19 type = "modify"; | 23 type = "modify"; |
20 condition = "bad-request"; | 24 condition = "bad-request"; |
21 code = err_name == "invalid_client" and 401 or 400; | 25 code = err_name == "invalid_client" and 401 or 400; |
116 module:log("debug", "client_secret mismatch"); | 120 module:log("debug", "client_secret mismatch"); |
117 return oauth_error("invalid_client", "incorrect credentials"); | 121 return oauth_error("invalid_client", "incorrect credentials"); |
118 end | 122 end |
119 local code, err = codes:get(client_owner, client_id .. "#" .. params.code); | 123 local code, err = codes:get(client_owner, client_id .. "#" .. params.code); |
120 if err then error(err); end | 124 if err then error(err); end |
121 if not code or type(code) ~= "table" or os.difftime(os.time(), code.issued) > 900 then | 125 if not code or type(code) ~= "table" or code_expired(code) then |
122 module:log("debug", "authorization_code invalid or expired: %q", code); | 126 module:log("debug", "authorization_code invalid or expired: %q", code); |
123 return oauth_error("invalid_client", "incorrect credentials"); | 127 return oauth_error("invalid_client", "incorrect credentials"); |
124 end | 128 end |
125 assert(codes:set(client_owner, client_id .. "#" .. params.code, nil)); | 129 assert(codes:set(client_owner, client_id .. "#" .. params.code, nil)); |
126 | 130 |