nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix remarks

Browse source
This commit is contained in:
augier 2015-10-24 16:15:33 -07:00 committed by theworldbright
parent 2f8c391ac6
commit d028b5672e
11 changed files with 30 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
app/controllers/api/openid_connect/authorizations_controller.rb
View file

@ -55,7 +55,7 @@ module Api
def handle_prompt(prompt, auth)
if prompt.include? "select_account"
handle_params_error("account_selection_required",
"There is no support for choosing among multiple accounts")
"There is no support for choosing among multiple accounts")
elsif prompt.include? "none"
handle_prompt_none(prompt, auth)
elsif prompt.include?("login") && logged_in_before?(60)
@ -92,9 +92,9 @@ module Api
return unless claims_json
claims_array = claims_json["userinfo"].try(:keys)
return unless claims_array
claims = claims_array.join(" ")
req = build_rack_request
req.update_param("scope", req[:scope] + " " + claims)
claims = claims_array.unshift(req[:scope]).join(" ")
req.update_param("scope", claims)
end
def logged_in_before?(seconds)
@ -111,16 +111,16 @@ module Api
process_authorization_consent("true")
else
handle_params_error("interaction_required",
"The Authentication Request cannot be completed without end-user interaction")
"The Authentication Request cannot be completed without end-user interaction")
end
else
handle_params_error("invalid_request",
"The 'none' value cannot be used with any other prompt value")
"The 'none' value cannot be used with any other prompt value")
end
end
def handle_start_point_response(endpoint)
_status, header, response = *endpoint.call(request.env)
_status, header, response = endpoint.call(request.env)
if response.redirect?
redirect_to header["Location"]
else
@ -129,10 +129,10 @@ module Api
end
def save_params_and_render_consent_form(endpoint)
@o_auth_application, @response_type, @redirect_uri, @scopes = *[
endpoint.o_auth_application, endpoint.response_type,
endpoint.redirect_uri, endpoint.scopes
]
@o_auth_application = endpoint.o_auth_application
@response_type = endpoint.response_type
@redirect_uri = endpoint.redirect_uri
@scopes = endpoint.scopes
save_request_parameters
@app = UserApplicationPresenter.new @o_auth_application, @scopes
render :new
@ -157,7 +157,7 @@ module Api
end
def handle_confirmation_endpoint_response(endpoint)
_status, header, _response = *endpoint.call(request.env)
_status, header, _response = endpoint.call(request.env)
delete_authorization_session_variables
redirect_to header["Location"]
end
@ -188,11 +188,7 @@ module Api
end
def response_type_as_space_seperated_values
if session[:response_type].respond_to?(:map)
session[:response_type].join(" ")
else
session[:response_type]
end
[*session[:response_type]].join(" ")
end
def handle_params_error(error, error_description)

4
app/controllers/api/openid_connect/clients_controller.rb
View file

@ -6,11 +6,11 @@ module Api
end
rescue_from OpenIDConnect::ValidationFailed,
ActiveRecord::RecordInvalid, Api::OpenidConnect::Exception::InvalidSectorIdentifierUri do |e|
ActiveRecord::RecordInvalid, Api::OpenidConnect::Error::InvalidSectorIdentifierUri do |e|
validation_fail_as_json(e)
end
rescue_from Api::OpenidConnect::Exception::InvalidRedirectUri do |e|
rescue_from Api::OpenidConnect::Error::InvalidRedirectUri do |e|
validation_fail_redirect_uri(e)
end

12
app/models/api/openid_connect/authorization.rb
View file

@ -4,9 +4,8 @@ module Api
belongs_to :user
belongs_to :o_auth_application
validates :user, presence: true
validates :user, presence: true, uniqueness: {scope: :o_auth_application}
validates :o_auth_application, presence: true
validates :user, uniqueness: {scope: :o_auth_application}
validate :validate_scope_names
serialize :scopes, JSON
@ -38,8 +37,7 @@ module Api
def create_code
SecureRandom.hex(32).tap do |code|
self.code = code
save
update!(code: code)
end
end
@ -52,13 +50,13 @@ module Api
end
def self.find_by_client_id_and_user(client_id, user)
app = Api::OpenidConnect::OAuthApplication.find_by(client_id: client_id)
app = Api::OpenidConnect::OAuthApplication.where(client_id: client_id)
find_by(o_auth_application: app, user: user)
end
def self.find_by_refresh_token(client_id, refresh_token)
Api::OpenidConnect::Authorization.joins(:o_auth_application).find_by(
o_auth_applications: {client_id: client_id}, refresh_token: refresh_token)
app = Api::OpenidConnect::OAuthApplication.where(client_id: client_id)
find_by(o_auth_application: app, refresh_token: refresh_token)
end
def self.use_code(code)

2
app/models/api/openid_connect/id_token.rb
View file

@ -39,7 +39,7 @@ module Api
end
def build_sub
Api::OpenidConnect::SubjectIdentifierCreator.createSub(authorization)
Api::OpenidConnect::SubjectIdentifierCreator.create(authorization)
end
end
end

4
app/models/api/openid_connect/o_auth_application.rb
View file

@ -56,7 +56,7 @@ module Api
redirect_uris = attributes[:redirect_uris]
sector_identifier_uri_includes_redirect_uris = (redirect_uris - sector_identifier_uri_json).empty?
return if sector_identifier_uri_includes_redirect_uris
raise Api::OpenidConnect::Exception::InvalidSectorIdentifierUri.new
raise Api::OpenidConnect::Error::InvalidSectorIdentifierUri.new
end
def check_redirect_uris(attributes)
@ -64,7 +64,7 @@ module Api
uri_array = redirect_uris.map {|uri| URI(uri) }
any_uri_contains_fragment = uri_array.any? {|uri| !uri.fragment.nil? }
return unless any_uri_contains_fragment
raise Api::OpenidConnect::Exception::InvalidRedirectUri.new
raise Api::OpenidConnect::Error::InvalidRedirectUri.new
end
def supported_metadata

3
app/presenters/user_application_presenter.rb
View file

@ -43,6 +43,7 @@ class UserApplicationPresenter
def url
client_redirect = URI(@app.redirect_uris[0])
"#{client_redirect.scheme}://#{client_redirect.host}"
client_redirect.path = "/"
client_redirect.to_s
end
end

2
app/serializers/user_info_serializer.rb
View file

@ -3,7 +3,7 @@ class UserInfoSerializer < ActiveModel::Serializer
def sub
auth = serialization_options[:authorization]
Api::OpenidConnect::SubjectIdentifierCreator.createSub(auth)
Api::OpenidConnect::SubjectIdentifierCreator.create(auth)
end
def name

2
lib/api/openid_connect/authorization_point/endpoint_start_point.rb
View file

@ -16,7 +16,7 @@ module Api
def replace_profile_scope_with_specific_claims(req)
profile_claims = %w(sub aud name nickname profile picture)
scopes_as_claims = req.scope.map {|scope| scope == "profile" ? profile_claims : [scope] }.flatten!.uniq
scopes_as_claims = req.scope.flat_map {|scope| scope == "profile" ? profile_claims : [scope] }.uniq
req.update_param("scope", scopes_as_claims)
end

2
lib/api/openid_connect/exception/invalid_redirect_uri.rb → lib/api/openid_connect/error/invalid_redirect_uri.rb
View file

@ -1,6 +1,6 @@
module Api
module OpenidConnect
module Exception
module Error
class InvalidRedirectUri < ::ArgumentError
def initialize
super "Redirect uri contains fragment"

2
lib/api/openid_connect/exception/invalid_sector_identifier_uri.rb → lib/api/openid_connect/error/invalid_sector_identifier_uri.rb
View file

@ -1,6 +1,6 @@
module Api
module OpenidConnect
module Exception
module Error
class InvalidSectorIdentifierUri < ::ArgumentError
def initialize
super "Invalid sector identifier uri"

4
lib/api/openid_connect/subject_identifier_creator.rb
View file

@ -1,7 +1,7 @@
module Api
module OpenidConnect
class SubjectIdentifierCreator
def self.createSub(auth)
module SubjectIdentifierCreator
def self.create(auth)
if auth.o_auth_application.ppid?
identifier = auth.o_auth_application.sector_identifier_uri ||
URI.parse(auth.o_auth_application.redirect_uris[0]).host