lib/rodauth/features/oauth.rb in rodauth-oauth-0.0.5 vs lib/rodauth/features/oauth.rb in rodauth-oauth-0.0.6
- old
+ new
@@ -187,24 +187,10 @@
:before_introspection_request
)
auth_value_methods(:only_json?)
- redirect(:oauth_application) do |id|
- "/#{oauth_applications_path}/#{id}"
- end
-
- redirect(:require_authorization) do
- if logged_in?
- oauth_authorize_path
- elsif respond_to?(:login_redirect)
- login_redirect
- else
- default_redirect
- end
- end
-
auth_value_method :json_request_regexp, %r{\bapplication/(?:vnd\.api\+)?json\b}i
SERVER_METADATA = OAuth::TtlStore.new
def check_csrf?
@@ -244,39 +230,23 @@
def initialize(scope)
@scope = scope
end
- def state
- param_or_nil("state")
- end
-
def scopes
(param_or_nil("scope") || oauth_application_default_scope).split(" ")
end
- def client_id
- param_or_nil("client_id")
- end
-
def redirect_uri
param_or_nil("redirect_uri") || begin
return unless oauth_application
redirect_uris = oauth_application[oauth_applications_redirect_uri_column].split(" ")
redirect_uris.size == 1 ? redirect_uris.first : nil
end
end
- def token_type_hint
- param_or_nil("token_type_hint") || "access_token"
- end
-
- def token
- param_or_nil("token")
- end
-
def oauth_application
return @oauth_application if defined?(@oauth_application)
@oauth_application = begin
client_id = param_or_nil("client_id")
@@ -346,10 +316,12 @@
new_oauth_application_view
end
request.on(oauth_applications_id_pattern) do |id|
oauth_application = db[oauth_applications_table].where(oauth_applications_id_column => id).first
+ next unless oauth_application
+
scope.instance_variable_set(:@oauth_application, oauth_application)
request.is do
request.get do
oauth_application_view
@@ -357,11 +329,13 @@
end
request.on(oauth_tokens_path) do
oauth_tokens = db[oauth_tokens_table].where(oauth_tokens_oauth_application_id_column => id)
scope.instance_variable_set(:@oauth_tokens, oauth_tokens)
- oauth_tokens_view
+ request.get do
+ oauth_tokens_view
+ end
end
end
request.get do
scope.instance_variable_set(:@oauth_applications, db[:oauth_applications])
@@ -375,11 +349,11 @@
transaction do
before_create_oauth_application
id = create_oauth_application
after_create_oauth_application
set_notice_flash create_oauth_application_notice_flash
- redirect oauth_application_redirect(id)
+ redirect "#{request.path}/#{id}"
end
end
set_error_flash create_oauth_application_error_flash
new_oauth_application_view
end
@@ -875,12 +849,12 @@
# Token introspect
def validate_oauth_introspect_params
# check if valid token hint type
- if token_type_hint
- redirect_response_error("unsupported_token_type") unless TOKEN_HINT_TYPES.include?(token_type_hint)
+ if param_or_nil("token_type_hint")
+ redirect_response_error("unsupported_token_type") unless TOKEN_HINT_TYPES.include?(param("token_type_hint"))
end
redirect_response_error("invalid_request") unless param_or_nil("token")
end
@@ -904,21 +878,24 @@
require_oauth_application
end
def validate_oauth_revoke_params
# check if valid token hint type
- redirect_response_error("unsupported_token_type") unless TOKEN_HINT_TYPES.include?(token_type_hint)
+ if param_or_nil("token_type_hint")
+ redirect_response_error("unsupported_token_type") unless TOKEN_HINT_TYPES.include?(param("token_type_hint"))
+ end
redirect_response_error("invalid_request") unless param_or_nil("token")
end
def revoke_oauth_token
- oauth_token = case token_type_hint
- when "access_token"
- oauth_token_by_token(token)
- when "refresh_token"
+ token = param("token")
+
+ oauth_token = if param("token_type_hint") == "refresh_token"
oauth_token_by_refresh_token(token)
+ else
+ oauth_token_by_token(token)
end
redirect_response_error("invalid_request") unless oauth_token
if oauth_application
@@ -1016,11 +993,11 @@
def authorization_required
if accepts_json?
throw_json_response_error(authorization_required_error_status, "invalid_client")
else
set_redirect_error_flash(require_authorization_error_flash)
- redirect(require_authorization_redirect)
+ redirect(oauth_authorize_path)
end
end
def check_valid_uri?(uri)
URI::DEFAULT_PARSER.make_regexp(oauth_valid_uri_schemes).match?(uri)
@@ -1184,11 +1161,10 @@
# /oauth-revoke
route(:oauth_revoke) do |r|
before_revoke
- # access-token
r.post do
catch_error do
validate_oauth_revoke_params
oauth_token = nil
@@ -1206,11 +1182,11 @@
set_notice_flash revoke_oauth_token_notice_flash
redirect request.referer || "/"
end
end
- throw_json_response_error(invalid_oauth_response_status, "invalid_request")
+ redirect_response_error("invalid_request", request.referer || "/")
end
end
# /oauth-authorize
route(:oauth_authorize) do |r|
@@ -1251,10 +1227,10 @@
end
after_authorize
end
redirect_url = URI.parse(redirect_uri)
- query_params << "state=#{state}" if state
+ query_params << "state=#{param('state')}" if param_or_nil("state")
query_params << redirect_url.query if redirect_url.query
redirect_url.query = query_params.join("&") unless query_params.empty?
redirect_url.fragment = fragment_params.join("&") unless fragment_params.empty?
redirect(redirect_url.to_s)