39 lines
1.1 KiB
Ruby
39 lines
1.1 KiB
Ruby
module OpenidConnect
|
|
class TokenEndpoint
|
|
attr_accessor :app
|
|
delegate :call, to: :app
|
|
|
|
def initialize
|
|
@app = Rack::OAuth2::Server::Token.new do |req, res|
|
|
case req.grant_type
|
|
when :password
|
|
user = User.find_for_database_authentication(username: req.username)
|
|
if user
|
|
o_auth_app = retrieveOrCreateNewClientApplication(req, user)
|
|
if o_auth_app && user.valid_password?(req.password)
|
|
res.access_token = o_auth_app.tokens.create!.bearer_token
|
|
else
|
|
req.invalid_grant!
|
|
end
|
|
else
|
|
req.invalid_grant! # TODO: Change to user login
|
|
end
|
|
else
|
|
res.unsupported_grant_type!
|
|
end
|
|
end
|
|
end
|
|
|
|
def retrieveOrCreateNewClientApplication(req, user)
|
|
retrieveClient(req, user) || createClient(req, user)
|
|
end
|
|
|
|
def retrieveClient(req, user)
|
|
user.o_auth_applications.find_by_client_id req.client_id
|
|
end
|
|
|
|
def createClient(req, user)
|
|
user.o_auth_applications.create!(client_id: req.client_id, client_secret: req.client_secret)
|
|
end
|
|
end
|
|
end
|