120 lines
3.8 KiB
Ruby
120 lines
3.8 KiB
Ruby
module Api
|
|
module OpenidConnect
|
|
class AuthorizationsController < ApplicationController
|
|
rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e|
|
|
logger.info e.backtrace[0, 10].join("\n")
|
|
render json: {error: e.message || :error, status: e.status}
|
|
end
|
|
|
|
before_action :authenticate_user!
|
|
|
|
def new
|
|
request_authorization_consent_form
|
|
end
|
|
|
|
def create
|
|
restore_request_parameters
|
|
process_authorization_consent(params[:approve])
|
|
end
|
|
|
|
def destroy
|
|
# TODO: Specs
|
|
begin
|
|
Api::OpenidConnect::Authorization.find_by(id: params[:id]).destroy
|
|
rescue
|
|
# TODO: Log something here?
|
|
end
|
|
redirect_to user_applications_url
|
|
end
|
|
|
|
private
|
|
|
|
def request_authorization_consent_form # TODO: Add support for prompt params
|
|
if Api::OpenidConnect::Authorization.find_by_client_id_and_user(params[:client_id], current_user)
|
|
process_authorization_consent("true")
|
|
else
|
|
endpoint = Api::OpenidConnect::AuthorizationPoint::EndpointStartPoint.new(current_user)
|
|
handle_start_point_response(endpoint)
|
|
end
|
|
end
|
|
|
|
def handle_start_point_response(endpoint)
|
|
_status, header, response = *endpoint.call(request.env)
|
|
if response.redirect?
|
|
redirect_to header["Location"]
|
|
else
|
|
save_params_and_render_consent_form(endpoint)
|
|
end
|
|
end
|
|
|
|
def save_params_and_render_consent_form(endpoint)
|
|
@o_auth_application, @response_type, @redirect_uri, @scopes, @request_object = *[
|
|
endpoint.o_auth_application, endpoint.response_type,
|
|
endpoint.redirect_uri, endpoint.scopes, endpoint.request_object
|
|
]
|
|
save_request_parameters
|
|
render :new
|
|
end
|
|
|
|
def save_request_parameters
|
|
session[:client_id] = @o_auth_application.client_id
|
|
session[:response_type] = @response_type
|
|
session[:redirect_uri] = @redirect_uri
|
|
session[:scopes] = scopes_as_space_seperated_values
|
|
session[:request_object] = @request_object
|
|
session[:nonce] = params[:nonce]
|
|
end
|
|
|
|
def scopes_as_space_seperated_values
|
|
@scopes.map(&:name).join(" ")
|
|
end
|
|
|
|
def process_authorization_consent(approvedString)
|
|
endpoint = Api::OpenidConnect::AuthorizationPoint::EndpointConfirmationPoint.new(
|
|
current_user, to_boolean(approvedString))
|
|
handle_confirmation_endpoint_response(endpoint)
|
|
end
|
|
|
|
def handle_confirmation_endpoint_response(endpoint)
|
|
_status, header, _response = *endpoint.call(request.env)
|
|
delete_authorization_session_variables
|
|
redirect_to header["Location"]
|
|
end
|
|
|
|
def delete_authorization_session_variables
|
|
session.delete(:client_id)
|
|
session.delete(:response_type)
|
|
session.delete(:redirect_uri)
|
|
session.delete(:scopes)
|
|
session.delete(:request_object)
|
|
session.delete(:nonce)
|
|
end
|
|
|
|
def to_boolean(str)
|
|
str.downcase == "true"
|
|
end
|
|
|
|
def restore_request_parameters
|
|
req = build_rack_request
|
|
req.update_param("client_id", session[:client_id])
|
|
req.update_param("redirect_uri", session[:redirect_uri])
|
|
req.update_param("response_type", response_type_as_space_seperated_values)
|
|
req.update_param("scope", session[:scopes])
|
|
req.update_param("request_object", session[:request_object])
|
|
req.update_param("nonce", session[:nonce])
|
|
end
|
|
|
|
def build_rack_request
|
|
Rack::Request.new(request.env)
|
|
end
|
|
|
|
def response_type_as_space_seperated_values
|
|
if session[:response_type].respond_to?(:map)
|
|
session[:response_type].map(&:to_s).join(" ")
|
|
else
|
|
session[:response_type]
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|