prosody-modules
3902082c42c4
mod_http_oauth2/mod_http_oauth2.lua
Software / code / prosody-modules
Comparison
mod_http_oauth2/mod_http_oauth2.lua @ 5417:3902082c42c4
mod_http_oauth2: Refactor scope handling into smaller functions
Goal is to put a dropdown on the consent page with your allowed roles.
Smaller functions make it easier to reuse. Readability may be improved
slightly as well.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 05 May 2023 00:57:20 +0200 |
| parent | 5416:2393dbae51ed |
| child | 5418:f2c7bb3af600 |
comparison
equal
deleted
inserted
replaced
| 5416:2393dbae51ed | 5417:3902082c42c4 |
|---|---|
| 95 return array(scope_string:gmatch("%S+")); | 95 return array(scope_string:gmatch("%S+")); |
| 96 end | 96 end |
| 97 | 97 |
| 98 local openid_claims = set.new({ "openid", "profile"; "email"; "address"; "phone" }); | 98 local openid_claims = set.new({ "openid", "profile"; "email"; "address"; "phone" }); |
| 99 | 99 |
| 100 local function split_scopes(scope_list) | |
| 101 local claims, roles, unknown = array(), array(), array(); | |
| 102 local all_roles = usermanager.get_all_roles(module.host); | |
| 103 for _, scope in ipairs(scope_list) do | |
| 104 if openid_claims:contains(scope) then | |
| 105 claims:push(scope); | |
| 106 elseif all_roles[scope] then | |
| 107 roles:push(scope); | |
| 108 else | |
| 109 unknown:push(scope); | |
| 110 end | |
| 111 end | |
| 112 return claims, roles, unknown; | |
| 113 end | |
| 114 | |
| 115 local function can_assume_role(username, requested_role) | |
| 116 return usermanager.user_can_assume_role(username, module.host, requested_role); | |
| 117 end | |
| 118 | |
| 119 local function select_role(username, requested_roles) | |
| 120 if requested_roles then | |
| 121 for _, requested_role in ipairs(requested_roles) do | |
| 122 if can_assume_role(username, requested_role) then | |
| 123 return requested_role; | |
| 124 end | |
| 125 end | |
| 126 end | |
| 127 -- otherwise the default role | |
| 128 return usermanager.get_user_role(username, module.host).name; | |
| 129 end | |
| 130 | |
| 100 local function filter_scopes(username, requested_scope_string) | 131 local function filter_scopes(username, requested_scope_string) |
| 101 local selected_role, granted_scopes = nil, array(); | 132 local granted_scopes, requested_roles; |
| 102 | 133 |
| 103 if requested_scope_string then -- Specific role(s) requested | 134 if requested_scope_string then -- Specific role(s) requested |
| 104 local requested_scopes = parse_scopes(requested_scope_string); | 135 granted_scopes, requested_roles = split_scopes(parse_scopes(requested_scope_string)); |
| 105 for _, scope in ipairs(requested_scopes) do | 136 end |
| 106 if openid_claims:contains(scope) then | 137 |
| 107 granted_scopes:push(scope); | 138 local selected_role = select_role(username, requested_roles); |
| 108 end | |
| 109 if selected_role == nil and usermanager.user_can_assume_role(username, module.host, scope) then | |
| 110 selected_role = scope; | |
| 111 end | |
| 112 end | |
| 113 end | |
| 114 | |
| 115 if not selected_role then | |
| 116 -- By default use the users' default role | |
| 117 selected_role = usermanager.get_user_role(username, module.host).name; | |
| 118 end | |
| 119 granted_scopes:push(selected_role); | 139 granted_scopes:push(selected_role); |
| 120 | 140 |
| 121 return granted_scopes:concat(" "), selected_role; | 141 return granted_scopes:concat(" "), selected_role; |
| 122 end | 142 end |
| 123 | 143 |
