Mercurial > prosody-modules

comparison mod_http_oauth2/mod_http_oauth2.lua @ 5417:3902082c42c4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Refactor scope handling into smaller functions Goal is to put a dropdown on the consent page with your allowed roles. Smaller functions make it easier to reuse. Readability may be improved slightly as well.
author Kim Alvefur <zash@zash.se>
date Fri, 05 May 2023 00:57:20 +0200
parents 2393dbae51ed
children f2c7bb3af600
comparison
equal deleted inserted replaced
5416:2393dbae51ed 5417:3902082c42c4
95 return array(scope_string:gmatch("%S+")); 95 return array(scope_string:gmatch("%S+"));
96 end 96 end
97 97
98 local openid_claims = set.new({ "openid", "profile"; "email"; "address"; "phone" }); 98 local openid_claims = set.new({ "openid", "profile"; "email"; "address"; "phone" });
99 99
100 local function split_scopes(scope_list)
101 local claims, roles, unknown = array(), array(), array();
102 local all_roles = usermanager.get_all_roles(module.host);
103 for _, scope in ipairs(scope_list) do
104 if openid_claims:contains(scope) then
105 claims:push(scope);
106 elseif all_roles[scope] then
107 roles:push(scope);
108 else
109 unknown:push(scope);
110 end
111 end
112 return claims, roles, unknown;
113 end
114
115 local function can_assume_role(username, requested_role)
116 return usermanager.user_can_assume_role(username, module.host, requested_role);
117 end
118
119 local function select_role(username, requested_roles)
120 if requested_roles then
121 for _, requested_role in ipairs(requested_roles) do
122 if can_assume_role(username, requested_role) then
123 return requested_role;
124 end
125 end
126 end
127 -- otherwise the default role
128 return usermanager.get_user_role(username, module.host).name;
129 end
130
100 local function filter_scopes(username, requested_scope_string) 131 local function filter_scopes(username, requested_scope_string)
101 local selected_role, granted_scopes = nil, array(); 132 local granted_scopes, requested_roles;
102 133
103 if requested_scope_string then -- Specific role(s) requested 134 if requested_scope_string then -- Specific role(s) requested
104 local requested_scopes = parse_scopes(requested_scope_string); 135 granted_scopes, requested_roles = split_scopes(parse_scopes(requested_scope_string));
105 for _, scope in ipairs(requested_scopes) do 136 end
106 if openid_claims:contains(scope) then 137
107 granted_scopes:push(scope); 138 local selected_role = select_role(username, requested_roles);
108 end
109 if selected_role == nil and usermanager.user_can_assume_role(username, module.host, scope) then
110 selected_role = scope;
111 end
112 end
113 end
114
115 if not selected_role then
116 -- By default use the users' default role
117 selected_role = usermanager.get_user_role(username, module.host).name;
118 end
119 granted_scopes:push(selected_role); 139 granted_scopes:push(selected_role);
120 140
121 return granted_scopes:concat(" "), selected_role; 141 return granted_scopes:concat(" "), selected_role;
122 end 142 end
123 143