Mercurial > prosody-modules
comparison mod_auth_oauth_external/mod_auth_oauth_external.lua @ 6528:6241b2f5e92f
mod_auth_oauth_external: Minor code cleanup
Attempt to reduce differences between SASL PLAIN and OAUTHBERARER code
paths, which overlap in the validation endpoint interaction and response
handling.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 02 May 2026 17:11:49 +0200 |
| parents | 1216f6befbe7 |
| children |
comparison
equal
deleted
inserted
replaced
| 6527:6f2f21b00233 | 6528:6241b2f5e92f |
|---|---|
| 35 assert(validation_endpoint or token_endpoint, | 35 assert(validation_endpoint or token_endpoint, |
| 36 "One or both of 'oauth_external_validation_endpoint' and 'oauth_external_token_endpoint' must be configured"); | 36 "One or both of 'oauth_external_validation_endpoint' and 'oauth_external_token_endpoint' must be configured"); |
| 37 | 37 |
| 38 local accounts = module:open_store("accounts"); | 38 local accounts = module:open_store("accounts"); |
| 39 | 39 |
| 40 local host = module.host; | |
| 41 local provider = {}; | 40 local provider = {}; |
| 42 | 41 |
| 43 -- TODO remove, not needed after https://hg.prosody.im/trunk/rev/01f95f3de6fc | 42 -- TODO remove, not needed after https://hg.prosody.im/trunk/rev/01f95f3de6fc |
| 44 local function not_implemented() | 43 local function not_implemented() |
| 45 return nil, "method not implemented" | 44 return nil, "method not implemented" |
| 121 end | 120 end |
| 122 if not (ret.code >= 200 and ret.code < 300) then | 121 if not (ret.code >= 200 and ret.code < 300) then |
| 123 return false, nil; | 122 return false, nil; |
| 124 end | 123 end |
| 125 local response = json.decode(ret.body); | 124 local response = json.decode(ret.body); |
| 126 if type(response) ~= "table" then | 125 if type(response) ~= "table" or type(response[username_field]) ~= "string" then |
| 127 return false, nil, nil; | |
| 128 elseif type(response[username_field]) ~= "string" then | |
| 129 return false, nil, nil; | 126 return false, nil, nil; |
| 130 end | 127 end |
| 128 self.token_info = response; | |
| 131 self.username = jid.escape(response[username_field]); | 129 self.username = jid.escape(response[username_field]); |
| 132 self.token_info = response; | |
| 133 accounts:set(self.username, { exists = true }); | 130 accounts:set(self.username, { exists = true }); |
| 134 return true, true; | 131 return true, true; |
| 135 end | 132 end |
| 136 end | 133 end |
| 137 if validation_endpoint then | 134 if validation_endpoint then |
| 144 headers = { ["Authorization"] = "Bearer " .. token; ["Accept"] = "application/json" }; | 141 headers = { ["Authorization"] = "Bearer " .. token; ["Accept"] = "application/json" }; |
| 145 })); | 142 })); |
| 146 if err then | 143 if err then |
| 147 return false, nil, extra; | 144 return false, nil, extra; |
| 148 end | 145 end |
| 149 local response = ret and json.decode(ret.body); | 146 -- response decoded earlier since it can include an error struct that should be returned to client |
| 147 local response = json.decode(ret.body); | |
| 150 if not (ret.code >= 200 and ret.code < 300) then | 148 if not (ret.code >= 200 and ret.code < 300) then |
| 151 return false, nil, response or extra; | 149 return false, nil, response or extra; |
| 152 end | 150 end |
| 153 if type(response) ~= "table" or type(response[username_field]) ~= "string" then | 151 if type(response) ~= "table" or type(response[username_field]) ~= "string" then |
| 154 return false, nil, nil; | 152 return false, nil, nil; |
| 155 end | 153 end |
| 154 self.token_info = response; | |
| 156 | 155 |
| 157 return jid.escape(response[username_field]), true, response; | 156 return jid.escape(response[username_field]), true, response; |
| 158 end | 157 end |
| 159 end | 158 end |
| 160 return sasl.new(host, profile); | 159 return sasl.new(module.host, profile); |
| 161 end | 160 end |
| 162 | 161 |
| 163 module:provides("auth", provider); | 162 module:provides("auth", provider); |
