# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1685497444 -7200
# Node ID 7998b49d6512769600ec1fceaabff3c203628105
# Parent  1bcf755c7bae0d14f138179b4eaac1a5e99339ef
mod_http_oauth2: Create proper template for OOB code delivery

This also improves security by reusing the security and cache headers,
where mod_http_errors/http-message doesn't add such headers.

Colors selected by taking rotating the error colors, rrggbb -> ggbbrr

diff -r 1bcf755c7bae -r 7998b49d6512 mod_http_oauth2/html/oob.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_http_oauth2/html/oob.html	Wed May 31 03:44:04 2023 +0200
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>{site_name} - Authorization Code</title>
+<link rel="stylesheet" href="style.css">
+</head>
+<body>
+	<main>
+	<h1>{site_name}</h1>
+	<h2>Your Authorization Code</h2>
+	<p>Here’s your authorization code, copy and paste it into {client.client_name}</p>
+	<div class="oob">
+		<p><tt>{authorization_code}</tt></p>
+	</div>
+	</main>
+</body>
+</html>
diff -r 1bcf755c7bae -r 7998b49d6512 mod_http_oauth2/html/style.css
--- a/mod_http_oauth2/html/style.css	Fri May 26 15:49:39 2023 +0200
+++ b/mod_http_oauth2/html/style.css	Wed May 31 03:44:04 2023 +0200
@@ -27,6 +27,19 @@
 	border: solid 1px #f5c2c7;
 }
 
+.oob
+{
+	background-color: #d7daf8;
+	border: solid 1px #c2c7f5;
+	color: #202984;
+	margin: 0.75em;
+}
+.oob tt {
+	font-size: xx-large;
+	font-family: monospace;
+
+}
+
 input {
 	margin: 0.3rem;
 	padding: 0.2rem;
@@ -71,6 +84,10 @@
 		color: #f8d7da;
 		background-color: #842029;
 	}
+	.oob {
+		color: #d7daf8;
+		background-color: #202984;
+	}
 
 
 	:link
diff -r 1bcf755c7bae -r 7998b49d6512 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Fri May 26 15:49:39 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Wed May 31 03:44:04 2023 +0200
@@ -45,6 +45,7 @@
 local templates = {
 	login = read_file(template_path, "login.html", true);
 	consent = read_file(template_path, "consent.html", true);
+	oob = read_file(template_path, "oob.html", true);
 	error = read_file(template_path, "error.html", true);
 	css = read_file(template_path, "style.css");
 	js = read_file(template_path, "script.js");
@@ -328,17 +329,7 @@
 
 	local redirect_uri = get_redirect_uri(client, params.redirect_uri);
 	if redirect_uri == oob_uri then
-		-- TODO some nicer template page
-		-- mod_http_errors will set content-type to text/html if it catches this
-		-- event, if not text/plain is kept for the fallback text.
-		local response = { status_code = 200; headers = { content_type = "text/plain" } }
-		response.body = module:context("*"):fire_event("http-message", {
-			response = response;
-			title = "Your authorization code";
-			message = "Here's your authorization code, copy and paste it into " .. (client.client_name or "your client");
-			extra = code;
-		}) or ("Here's your authorization code:\n%s\n"):format(code);
-		return response;
+		return render_page(templates.oob, { client = client; authorization_code = code }, true);
 	elseif not redirect_uri then
 		return oauth_error("invalid_redirect_uri");
 	end