comparison mod_auth_oauth_external/mod_auth_oauth_external.lua @ 6528:6241b2f5e92f

mod_auth_oauth_external: Minor code cleanup Attempt to reduce differences between SASL PLAIN and OAUTHBERARER code paths, which overlap in the validation endpoint interaction and response handling.
author Kim Alvefur <zash@zash.se>
date Sat, 02 May 2026 17:11:49 +0200
parents 1216f6befbe7
children
comparison
equal deleted inserted replaced
6527:6f2f21b00233 6528:6241b2f5e92f
35 assert(validation_endpoint or token_endpoint, 35 assert(validation_endpoint or token_endpoint,
36 "One or both of 'oauth_external_validation_endpoint' and 'oauth_external_token_endpoint' must be configured"); 36 "One or both of 'oauth_external_validation_endpoint' and 'oauth_external_token_endpoint' must be configured");
37 37
38 local accounts = module:open_store("accounts"); 38 local accounts = module:open_store("accounts");
39 39
40 local host = module.host;
41 local provider = {}; 40 local provider = {};
42 41
43 -- TODO remove, not needed after https://hg.prosody.im/trunk/rev/01f95f3de6fc 42 -- TODO remove, not needed after https://hg.prosody.im/trunk/rev/01f95f3de6fc
44 local function not_implemented() 43 local function not_implemented()
45 return nil, "method not implemented" 44 return nil, "method not implemented"
121 end 120 end
122 if not (ret.code >= 200 and ret.code < 300) then 121 if not (ret.code >= 200 and ret.code < 300) then
123 return false, nil; 122 return false, nil;
124 end 123 end
125 local response = json.decode(ret.body); 124 local response = json.decode(ret.body);
126 if type(response) ~= "table" then 125 if type(response) ~= "table" or type(response[username_field]) ~= "string" then
127 return false, nil, nil;
128 elseif type(response[username_field]) ~= "string" then
129 return false, nil, nil; 126 return false, nil, nil;
130 end 127 end
128 self.token_info = response;
131 self.username = jid.escape(response[username_field]); 129 self.username = jid.escape(response[username_field]);
132 self.token_info = response;
133 accounts:set(self.username, { exists = true }); 130 accounts:set(self.username, { exists = true });
134 return true, true; 131 return true, true;
135 end 132 end
136 end 133 end
137 if validation_endpoint then 134 if validation_endpoint then
144 headers = { ["Authorization"] = "Bearer " .. token; ["Accept"] = "application/json" }; 141 headers = { ["Authorization"] = "Bearer " .. token; ["Accept"] = "application/json" };
145 })); 142 }));
146 if err then 143 if err then
147 return false, nil, extra; 144 return false, nil, extra;
148 end 145 end
149 local response = ret and json.decode(ret.body); 146 -- response decoded earlier since it can include an error struct that should be returned to client
147 local response = json.decode(ret.body);
150 if not (ret.code >= 200 and ret.code < 300) then 148 if not (ret.code >= 200 and ret.code < 300) then
151 return false, nil, response or extra; 149 return false, nil, response or extra;
152 end 150 end
153 if type(response) ~= "table" or type(response[username_field]) ~= "string" then 151 if type(response) ~= "table" or type(response[username_field]) ~= "string" then
154 return false, nil, nil; 152 return false, nil, nil;
155 end 153 end
154 self.token_info = response;
156 155
157 return jid.escape(response[username_field]), true, response; 156 return jid.escape(response[username_field]), true, response;
158 end 157 end
159 end 158 end
160 return sasl.new(host, profile); 159 return sasl.new(module.host, profile);
161 end 160 end
162 161
163 module:provides("auth", provider); 162 module:provides("auth", provider);