Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 3920:cf92e3b30c18
mod_http_oauth2: Use component_secret setting as password on Components
Same setting as used by external components.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 27 Feb 2020 23:17:31 +0100 |
| parents | 8ed261a08a9c |
| children | 469408682152 |
comparison
equal
deleted
inserted
replaced
| 3919:8ed261a08a9c | 3920:cf92e3b30c18 |
|---|---|
| 43 return json.encode(new_access_token(granted_jid, request_host, nil, nil)); | 43 return json.encode(new_access_token(granted_jid, request_host, nil, nil)); |
| 44 end | 44 end |
| 45 return oauth_error("invalid_grant", "incorrect credentials"); | 45 return oauth_error("invalid_grant", "incorrect credentials"); |
| 46 end | 46 end |
| 47 | 47 |
| 48 if module:get_host_type() == "component" then | |
| 49 local component_secret = assert(module:get_option_string("component_secret"), "'component_secret' is a required setting when loaded on a Component"); | |
| 50 | |
| 51 function grant_type_handlers.password(params) | |
| 52 local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)")); | |
| 53 local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); | |
| 54 local request_username, request_host, request_resource = jid.prepped_split(request_jid); | |
| 55 if params.scope then | |
| 56 return oauth_error("invalid_scope", "unknown scope requested"); | |
| 57 end | |
| 58 if not request_host or request_host ~= module.host then | |
| 59 return oauth_error("invalid_request", "invalid JID"); | |
| 60 end | |
| 61 if request_password == component_secret then | |
| 62 local granted_jid = jid.join(request_username, request_host, request_resource); | |
| 63 return json.encode(new_access_token(granted_jid, request_host, nil, nil)); | |
| 64 end | |
| 65 return oauth_error("invalid_grant", "incorrect credentials"); | |
| 66 end | |
| 67 end | |
| 68 | |
| 48 function handle_token_grant(event) | 69 function handle_token_grant(event) |
| 49 local params = http.formdecode(event.request.body); | 70 local params = http.formdecode(event.request.body); |
| 50 if not params then | 71 if not params then |
| 51 return oauth_error("invalid_request"); | 72 return oauth_error("invalid_request"); |
| 52 end | 73 end |
