comparison mod_http_oauth2/mod_http_oauth2.lua @ 3920:cf92e3b30c18

mod_http_oauth2: Use component_secret setting as password on Components Same setting as used by external components.
author Kim Alvefur <zash@zash.se>
date Thu, 27 Feb 2020 23:17:31 +0100
parents 8ed261a08a9c
children 469408682152
comparison
equal deleted inserted replaced
3919:8ed261a08a9c 3920:cf92e3b30c18
43 return json.encode(new_access_token(granted_jid, request_host, nil, nil)); 43 return json.encode(new_access_token(granted_jid, request_host, nil, nil));
44 end 44 end
45 return oauth_error("invalid_grant", "incorrect credentials"); 45 return oauth_error("invalid_grant", "incorrect credentials");
46 end 46 end
47 47
48 if module:get_host_type() == "component" then
49 local component_secret = assert(module:get_option_string("component_secret"), "'component_secret' is a required setting when loaded on a Component");
50
51 function grant_type_handlers.password(params)
52 local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)"));
53 local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'"));
54 local request_username, request_host, request_resource = jid.prepped_split(request_jid);
55 if params.scope then
56 return oauth_error("invalid_scope", "unknown scope requested");
57 end
58 if not request_host or request_host ~= module.host then
59 return oauth_error("invalid_request", "invalid JID");
60 end
61 if request_password == component_secret then
62 local granted_jid = jid.join(request_username, request_host, request_resource);
63 return json.encode(new_access_token(granted_jid, request_host, nil, nil));
64 end
65 return oauth_error("invalid_grant", "incorrect credentials");
66 end
67 end
68
48 function handle_token_grant(event) 69 function handle_token_grant(event)
49 local params = http.formdecode(event.request.body); 70 local params = http.formdecode(event.request.body);
50 if not params then 71 if not params then
51 return oauth_error("invalid_request"); 72 return oauth_error("invalid_request");
52 end 73 end