Mercurial > prosody-modules
changeset 4998:5ab134b7e510
mod_http_oauth2: Updates for Prosody's new role API (backwards-compatible)
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Wed, 13 Jul 2022 11:20:09 +0100 |
parents | 1b5869c34026 |
children | 65cdbbf9703a |
files | mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 1 files changed, 16 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Wed Jul 13 11:18:46 2022 +0100 +++ b/mod_http_oauth2/mod_http_oauth2.lua Wed Jul 13 11:20:09 2022 +0100 @@ -14,13 +14,21 @@ local clients = module:open_store("oauth2_clients", "map"); -local function filter_scopes(request_jid, requested_scope_string) --luacheck: ignore 212/requested_scope_string - -- We currently don't really support scopes, so override - -- to whatever real permissions the user has - if usermanager.is_admin(request_jid, module.host) then - return "prosody:scope:admin"; +local function filter_scopes(username, host, requested_scope_string) + if host ~= module.host then + return usermanager.get_jid_role(username.."@"..host, module.host).name; end - return "prosody:scope:default"; + + if requested_scope_string then -- Specific role requested + -- TODO: The requested scope string is technically a space-delimited list + -- of scopes, but for simplicity we're mapping this slot to role names. + local user_roles = usermanager.get_user_roles(username, module.host); + if user_roles[requested_scope_string] then + return requested_scope_string; + end + end + + return usermanager.get_user_default_role(username, module.host).name; end local function code_expires_in(code) @@ -81,7 +89,7 @@ end local granted_jid = jid.join(request_username, request_host, request_resource); - local granted_scopes = filter_scopes(granted_jid, params.scope); + local granted_scopes = filter_scopes(request_username, request_host, params.scope); return json.encode(new_access_token(granted_jid, granted_scopes, nil)); end @@ -99,7 +107,7 @@ return oauth_error("invalid_client", "incorrect credentials"); end - local granted_scopes = filter_scopes(granted_jid, params.scope); + local granted_scopes = filter_scopes(client_owner, client_host, params.scope); local code = uuid.generate(); local ok = codes:set(params.client_id .. "#" .. code, {