Mercurial > prosody-modules
changeset 5495:7998b49d6512
mod_http_oauth2: Create proper template for OOB code delivery
This also improves security by reusing the security and cache headers,
where mod_http_errors/http-message doesn't add such headers.
Colors selected by taking rotating the error colors, rrggbb -> ggbbrr
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 31 May 2023 03:44:04 +0200 |
| parents | 1bcf755c7bae |
| children | 3e6d1e248dc1 |
| files | mod_http_oauth2/html/oob.html mod_http_oauth2/html/style.css mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 3 files changed, 38 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_http_oauth2/html/oob.html Wed May 31 03:44:04 2023 +0200 @@ -0,0 +1,19 @@ +<!DOCTYPE html> +<html> +<head> +<meta charset="utf-8"> +<meta name="viewport" content="width=device-width, initial-scale=1" /> +<title>{site_name} - Authorization Code</title> +<link rel="stylesheet" href="style.css"> +</head> +<body> + <main> + <h1>{site_name}</h1> + <h2>Your Authorization Code</h2> + <p>Here’s your authorization code, copy and paste it into {client.client_name}</p> + <div class="oob"> + <p><tt>{authorization_code}</tt></p> + </div> + </main> +</body> +</html>
--- a/mod_http_oauth2/html/style.css Fri May 26 15:49:39 2023 +0200 +++ b/mod_http_oauth2/html/style.css Wed May 31 03:44:04 2023 +0200 @@ -27,6 +27,19 @@ border: solid 1px #f5c2c7; } +.oob +{ + background-color: #d7daf8; + border: solid 1px #c2c7f5; + color: #202984; + margin: 0.75em; +} +.oob tt { + font-size: xx-large; + font-family: monospace; + +} + input { margin: 0.3rem; padding: 0.2rem; @@ -71,6 +84,10 @@ color: #f8d7da; background-color: #842029; } + .oob { + color: #d7daf8; + background-color: #202984; + } :link
--- a/mod_http_oauth2/mod_http_oauth2.lua Fri May 26 15:49:39 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Wed May 31 03:44:04 2023 +0200 @@ -45,6 +45,7 @@ local templates = { login = read_file(template_path, "login.html", true); consent = read_file(template_path, "consent.html", true); + oob = read_file(template_path, "oob.html", true); error = read_file(template_path, "error.html", true); css = read_file(template_path, "style.css"); js = read_file(template_path, "script.js"); @@ -328,17 +329,7 @@ local redirect_uri = get_redirect_uri(client, params.redirect_uri); if redirect_uri == oob_uri then - -- TODO some nicer template page - -- mod_http_errors will set content-type to text/html if it catches this - -- event, if not text/plain is kept for the fallback text. - local response = { status_code = 200; headers = { content_type = "text/plain" } } - response.body = module:context("*"):fire_event("http-message", { - response = response; - title = "Your authorization code"; - message = "Here's your authorization code, copy and paste it into " .. (client.client_name or "your client"); - extra = code; - }) or ("Here's your authorization code:\n%s\n"):format(code); - return response; + return render_page(templates.oob, { client = client; authorization_code = code }, true); elseif not redirect_uri then return oauth_error("invalid_redirect_uri"); end