Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5495:7998b49d6512
mod_http_oauth2: Create proper template for OOB code delivery
This also improves security by reusing the security and cache headers,
where mod_http_errors/http-message doesn't add such headers.
Colors selected by taking rotating the error colors, rrggbb -> ggbbrr
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 31 May 2023 03:44:04 +0200 |
| parents | 5108f63e762b |
| children | 57ce8c4017e7 |
comparison
equal
deleted
inserted
replaced
| 5494:1bcf755c7bae | 5495:7998b49d6512 |
|---|---|
| 43 | 43 |
| 44 local template_path = module:get_option_path("oauth2_template_path", "html"); | 44 local template_path = module:get_option_path("oauth2_template_path", "html"); |
| 45 local templates = { | 45 local templates = { |
| 46 login = read_file(template_path, "login.html", true); | 46 login = read_file(template_path, "login.html", true); |
| 47 consent = read_file(template_path, "consent.html", true); | 47 consent = read_file(template_path, "consent.html", true); |
| 48 oob = read_file(template_path, "oob.html", true); | |
| 48 error = read_file(template_path, "error.html", true); | 49 error = read_file(template_path, "error.html", true); |
| 49 css = read_file(template_path, "style.css"); | 50 css = read_file(template_path, "style.css"); |
| 50 js = read_file(template_path, "script.js"); | 51 js = read_file(template_path, "script.js"); |
| 51 }; | 52 }; |
| 52 | 53 |
| 326 return oauth_error("temporarily_unavailable"); | 327 return oauth_error("temporarily_unavailable"); |
| 327 end | 328 end |
| 328 | 329 |
| 329 local redirect_uri = get_redirect_uri(client, params.redirect_uri); | 330 local redirect_uri = get_redirect_uri(client, params.redirect_uri); |
| 330 if redirect_uri == oob_uri then | 331 if redirect_uri == oob_uri then |
| 331 -- TODO some nicer template page | 332 return render_page(templates.oob, { client = client; authorization_code = code }, true); |
| 332 -- mod_http_errors will set content-type to text/html if it catches this | |
| 333 -- event, if not text/plain is kept for the fallback text. | |
| 334 local response = { status_code = 200; headers = { content_type = "text/plain" } } | |
| 335 response.body = module:context("*"):fire_event("http-message", { | |
| 336 response = response; | |
| 337 title = "Your authorization code"; | |
| 338 message = "Here's your authorization code, copy and paste it into " .. (client.client_name or "your client"); | |
| 339 extra = code; | |
| 340 }) or ("Here's your authorization code:\n%s\n"):format(code); | |
| 341 return response; | |
| 342 elseif not redirect_uri then | 333 elseif not redirect_uri then |
| 343 return oauth_error("invalid_redirect_uri"); | 334 return oauth_error("invalid_redirect_uri"); |
| 344 end | 335 end |
| 345 | 336 |
| 346 local redirect = url.parse(redirect_uri); | 337 local redirect = url.parse(redirect_uri); |