changeset 3920:cf92e3b30c18

mod_http_oauth2: Use component_secret setting as password on Components Same setting as used by external components.
author Kim Alvefur <zash@zash.se>
date Thu, 27 Feb 2020 23:17:31 +0100 (2020-02-27)
parents 8ed261a08a9c
children 9eabd68b8e48
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 21 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu Feb 27 23:14:24 2020 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu Feb 27 23:17:31 2020 +0100
@@ -45,6 +45,27 @@
 	return oauth_error("invalid_grant", "incorrect credentials");
 end
 
+if module:get_host_type() == "component" then
+	local component_secret = assert(module:get_option_string("component_secret"), "'component_secret' is a required setting when loaded on a Component");
+
+	function grant_type_handlers.password(params)
+		local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)"));
+		local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'"));
+		local request_username, request_host, request_resource = jid.prepped_split(request_jid);
+		if params.scope then
+			return oauth_error("invalid_scope", "unknown scope requested");
+		end
+		if not request_host or request_host ~= module.host then
+			return oauth_error("invalid_request", "invalid JID");
+		end
+		if request_password == component_secret then
+			local granted_jid = jid.join(request_username, request_host, request_resource);
+			return json.encode(new_access_token(granted_jid, request_host, nil, nil));
+		end
+		return oauth_error("invalid_grant", "incorrect credentials");
+	end
+end
+
 function handle_token_grant(event)
 	local params = http.formdecode(event.request.body);
 	if not params then