# HG changeset patch # User Kim Alvefur # Date 1685497444 -7200 # Node ID 7998b49d6512769600ec1fceaabff3c203628105 # Parent 1bcf755c7bae0d14f138179b4eaac1a5e99339ef mod_http_oauth2: Create proper template for OOB code delivery This also improves security by reusing the security and cache headers, where mod_http_errors/http-message doesn't add such headers. Colors selected by taking rotating the error colors, rrggbb -> ggbbrr diff -r 1bcf755c7bae -r 7998b49d6512 mod_http_oauth2/html/oob.html --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_http_oauth2/html/oob.html Wed May 31 03:44:04 2023 +0200 @@ -0,0 +1,19 @@ + + + + + +{site_name} - Authorization Code + + + +
+

{site_name}

+

Your Authorization Code

+

Here’s your authorization code, copy and paste it into {client.client_name}

+
+

{authorization_code}

+
+
+ + diff -r 1bcf755c7bae -r 7998b49d6512 mod_http_oauth2/html/style.css --- a/mod_http_oauth2/html/style.css Fri May 26 15:49:39 2023 +0200 +++ b/mod_http_oauth2/html/style.css Wed May 31 03:44:04 2023 +0200 @@ -27,6 +27,19 @@ border: solid 1px #f5c2c7; } +.oob +{ + background-color: #d7daf8; + border: solid 1px #c2c7f5; + color: #202984; + margin: 0.75em; +} +.oob tt { + font-size: xx-large; + font-family: monospace; + +} + input { margin: 0.3rem; padding: 0.2rem; @@ -71,6 +84,10 @@ color: #f8d7da; background-color: #842029; } + .oob { + color: #d7daf8; + background-color: #202984; + } :link diff -r 1bcf755c7bae -r 7998b49d6512 mod_http_oauth2/mod_http_oauth2.lua --- a/mod_http_oauth2/mod_http_oauth2.lua Fri May 26 15:49:39 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Wed May 31 03:44:04 2023 +0200 @@ -45,6 +45,7 @@ local templates = { login = read_file(template_path, "login.html", true); consent = read_file(template_path, "consent.html", true); + oob = read_file(template_path, "oob.html", true); error = read_file(template_path, "error.html", true); css = read_file(template_path, "style.css"); js = read_file(template_path, "script.js"); @@ -328,17 +329,7 @@ local redirect_uri = get_redirect_uri(client, params.redirect_uri); if redirect_uri == oob_uri then - -- TODO some nicer template page - -- mod_http_errors will set content-type to text/html if it catches this - -- event, if not text/plain is kept for the fallback text. - local response = { status_code = 200; headers = { content_type = "text/plain" } } - response.body = module:context("*"):fire_event("http-message", { - response = response; - title = "Your authorization code"; - message = "Here's your authorization code, copy and paste it into " .. (client.client_name or "your client"); - extra = code; - }) or ("Here's your authorization code:\n%s\n"):format(code); - return response; + return render_page(templates.oob, { client = client; authorization_code = code }, true); elseif not redirect_uri then return oauth_error("invalid_redirect_uri"); end