Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 3908:8ac5d9933106
mod_http_oauth2: Implement real tokens using mod_authtokens
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 26 Feb 2020 17:57:53 +0000 |
| parents | cfeb93b80621 |
| children | 80dffbbd056b |
comparison
equal
deleted
inserted
replaced
| 3907:d5ecb9b9cb3b | 3908:8ac5d9933106 |
|---|---|
| 1 module:set_global(); | |
| 2 | |
| 3 local http = require "util.http"; | 1 local http = require "util.http"; |
| 4 local jid = require "util.jid"; | 2 local jid = require "util.jid"; |
| 5 local json = require "util.json"; | 3 local json = require "util.json"; |
| 6 local usermanager = require "core.usermanager"; | 4 local usermanager = require "core.usermanager"; |
| 7 local errors = require "util.error"; | 5 local errors = require "util.error"; |
| 6 | |
| 7 local tokens = module:depends("authtokens"); | |
| 8 | 8 |
| 9 local function oauth_error(err_name, err_desc) | 9 local function oauth_error(err_name, err_desc) |
| 10 return errors.new({ | 10 return errors.new({ |
| 11 type = "modify"; | 11 type = "modify"; |
| 12 condition = "bad-request"; | 12 condition = "bad-request"; |
| 15 context = { oauth2_response = { error = err_name, error_description = err_desc } }; | 15 context = { oauth2_response = { error = err_name, error_description = err_desc } }; |
| 16 }); | 16 }); |
| 17 end | 17 end |
| 18 | 18 |
| 19 local function new_access_token(username, host, scope, ttl) | 19 local function new_access_token(username, host, scope, ttl) |
| 20 local token_jid = jid.join(username, host); | |
| 21 local token = tokens.create_jid_token(token_jid, token_jid, scope, ttl); | |
| 20 return { | 22 return { |
| 21 token_type = "bearer"; | 23 token_type = "bearer"; |
| 22 access_token = "test-token"; | 24 access_token = token; |
| 23 expires_in = ttl; | 25 expires_in = ttl; |
| 24 -- TODO: include refresh_token when implemented | 26 -- TODO: include refresh_token when implemented |
| 25 }; | 27 }; |
| 26 end | 28 end |
| 27 | 29 |
| 32 local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); | 34 local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); |
| 33 local request_username, request_host = jid.prepped_split(request_jid); | 35 local request_username, request_host = jid.prepped_split(request_jid); |
| 34 if params.scope then | 36 if params.scope then |
| 35 return oauth_error("invalid_scope", "unknown scope requested"); | 37 return oauth_error("invalid_scope", "unknown scope requested"); |
| 36 end | 38 end |
| 37 if not (request_username and request_host) or not (hosts[request_host]) then | 39 if not (request_username and request_host) or request_host ~= module.host then |
| 38 return oauth_error("invalid_request", "invalid JID"); | 40 return oauth_error("invalid_request", "invalid JID"); |
| 39 end | 41 end |
| 40 if usermanager.test_password(request_username, request_host, request_password) then | 42 if usermanager.test_password(request_username, request_host, request_password) then |
| 41 return json.encode(new_access_token(request_username, request_host, nil, nil)); | 43 return json.encode(new_access_token(request_username, request_host, nil, nil)); |
| 42 end | 44 end |