prosody-modules
a9c1cc91d3d6
mod_adhoc_oauth2_client/mod_adhoc_oauth2_client.lua
Software / code / prosody-modules
Comparison
mod_adhoc_oauth2_client/mod_adhoc_oauth2_client.lua @ 5260:a9c1cc91d3d6
mod_adhoc_oauth2_client: Update to call into mod_http_oauth2
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 19 Mar 2023 22:21:41 +0100 |
| parent | 4268:871d140d61bb |
comparison
equal
deleted
inserted
replaced
| 5259:8fba651b10ef | 5260:a9c1cc91d3d6 |
|---|---|
| 1 local adhoc = require "util.adhoc"; | 1 local adhoc = require "util.adhoc"; |
| 2 local dataforms = require "util.dataforms"; | 2 local dataforms = require "util.dataforms"; |
| 3 local errors = require "util.error"; | |
| 4 local hashes = require "util.hashes"; | |
| 5 local id = require "util.id"; | |
| 6 local jid = require "util.jid"; | |
| 7 local base64 = require"util.encodings".base64; | |
| 8 | 3 |
| 9 local clients = module:open_store("oauth2_clients", "map"); | 4 local mod_http_oauth2 = module:depends"http_oauth2"; |
| 10 | |
| 11 local iteration_count = module:get_option_number("oauth2_client_iteration_count", 10000); | |
| 12 local pepper = module:get_option_string("oauth2_client_pepper", ""); | |
| 13 | 5 |
| 14 local new_client = dataforms.new({ | 6 local new_client = dataforms.new({ |
| 15 title = "Create OAuth2 client"; | 7 title = "Create OAuth2 client"; |
| 16 {var = "FORM_TYPE"; type = "hidden"; value = "urn:uuid:ff0d55ed-2187-4ee0-820a-ab633a911c14#create"}; | 8 { var = "FORM_TYPE"; type = "hidden"; value = "urn:uuid:ff0d55ed-2187-4ee0-820a-ab633a911c14#create" }; |
| 17 {name = "name"; type = "text-single"; label = "Client name"; required = true}; | 9 { name = "client_name"; type = "text-single"; label = "Client name"; required = true }; |
| 18 {name = "description"; type = "text-multi"; label = "Description"}; | 10 { |
| 19 {name = "info_url"; type = "text-single"; label = "Informative URL"; desc = "Link to information about your client"; datatype = "xs:anyURI"}; | 11 name = "client_uri"; |
| 12 type = "text-single"; | |
| 13 label = "Informative URL"; | |
| 14 desc = "Link to information about your client. MUST be https URI."; | |
| 15 datatype = "xs:anyURI"; | |
| 16 required = true; | |
| 17 }; | |
| 20 { | 18 { |
| 21 name = "redirect_uri"; | 19 name = "redirect_uri"; |
| 22 type = "text-single"; | 20 type = "text-single"; |
| 23 label = "Redirection URI"; | 21 label = "Redirection URI"; |
| 24 desc = "Where to redirect the user after authorizing."; | 22 desc = "Where to redirect the user after authorizing."; |
| 28 }) | 26 }) |
| 29 | 27 |
| 30 local client_created = dataforms.new({ | 28 local client_created = dataforms.new({ |
| 31 title = "New OAuth2 client created"; | 29 title = "New OAuth2 client created"; |
| 32 instructions = "Save these details, they will not be shown again"; | 30 instructions = "Save these details, they will not be shown again"; |
| 33 {var = "FORM_TYPE"; type = "hidden"; value = "urn:uuid:ff0d55ed-2187-4ee0-820a-ab633a911c14#created"}; | 31 { var = "FORM_TYPE"; type = "hidden"; value = "urn:uuid:ff0d55ed-2187-4ee0-820a-ab633a911c14#created" }; |
| 34 {name = "client_id"; type = "text-single"; label = "Client ID"}; | 32 { name = "client_id"; type = "text-single"; label = "Client ID" }; |
| 35 {name = "client_secret"; type = "text-single"; label = "Client secret"}; | 33 { name = "client_secret"; type = "text-single"; label = "Client secret" }; |
| 36 }) | 34 }) |
| 37 | 35 |
| 38 local function create_client(client, formerr, data) | 36 local function create_client(client, formerr, data) |
| 39 if formerr then | 37 if formerr then |
| 40 local errmsg = {"Error in form:"}; | 38 local errmsg = {"Error in form:"}; |
| 41 for field, err in pairs(formerr) do table.insert(errmsg, field .. ": " .. err); end | 39 for field, err in pairs(formerr) do table.insert(errmsg, field .. ": " .. err); end |
| 42 return {status = "error"; error = {message = table.concat(errmsg, "\n")}}; | 40 return {status = "error"; error = {message = table.concat(errmsg, "\n")}}; |
| 43 end | 41 end |
| 42 client.redirect_uris = { client.redirect_uri }; | |
| 43 client.redirect_uri = nil; | |
| 44 | 44 |
| 45 local creator = jid.split(data.from); | 45 local client_metadata, err = mod_http_oauth2.create_client(client); |
| 46 local client_uid = id.short(); | 46 if err then return { status = "error"; error = err }; end |
| 47 local client_id = jid.join(creator, module.host, client_uid); | |
| 48 local client_secret = id.long(); | |
| 49 local salt = id.medium(); | |
| 50 local i = iteration_count; | |
| 51 | 47 |
| 52 client.secret_hash = base64.encode(hashes.pbkdf2_hmac_sha256(client_secret, salt .. pepper, i)); | 48 module:log("info", "OAuth2 client %q %q created by %s", client.name, client.info_uri, data.from); |
| 53 client.iteration_count = i; | |
| 54 client.salt = salt; | |
| 55 | 49 |
| 56 local ok, err = errors.coerce(clients:set(creator, client_uid, client)); | 50 return { status = "completed"; result = { layout = client_created; values = client_metadata } }; |
| 57 module:log("info", "OAuth2 client %q created by %s", client_id, data.from); | |
| 58 if not ok then return {status = "canceled"; error = {message = err}}; end | |
| 59 | |
| 60 return {status = "completed"; result = {layout = client_created; values = {client_id = client_id; client_secret = client_secret}}}; | |
| 61 end | 51 end |
| 62 | 52 |
| 63 local handler = adhoc.new_simple_form(new_client, create_client); | 53 local handler = adhoc.new_simple_form(new_client, create_client); |
| 64 | 54 |
| 65 module:provides("adhoc", module:require "adhoc".new(new_client.title, new_client[1].value, handler, "local_user")); | 55 module:provides("adhoc", module:require "adhoc".new(new_client.title, new_client[1].value, handler, "local_user")); |
