60 lines
1.8 KiB
Ruby
60 lines
1.8 KiB
Ruby
module Api
|
|
module OpenidConnect
|
|
module AuthorizationPoint
|
|
class Endpoint
|
|
attr_accessor :app, :user, :o_auth_application, :redirect_uri, :response_type,
|
|
:scopes, :_request_, :request_uri, :request_object, :nonce
|
|
delegate :call, to: :app
|
|
|
|
def initialize(user)
|
|
@user = user
|
|
@app = Rack::OAuth2::Server::Authorize.new do |req, res|
|
|
build_attributes(req, res)
|
|
if OAuthApplication.available_response_types.include? Array(req.response_type).join(" ")
|
|
handle_response_type(req, res)
|
|
else
|
|
req.unsupported_response_type!
|
|
end
|
|
end
|
|
end
|
|
|
|
def build_attributes(req, res)
|
|
build_client(req)
|
|
build_redirect_uri(req, res)
|
|
verify_nonce(req, res)
|
|
build_scopes(req)
|
|
end
|
|
|
|
def handle_response_type(_req, _res)
|
|
raise NotImplementedError # Implemented by subclass
|
|
end
|
|
|
|
private
|
|
|
|
def build_client(req)
|
|
@o_auth_application = OAuthApplication.find_by_client_id(req.client_id) || req.bad_request!
|
|
end
|
|
|
|
def build_redirect_uri(req, res)
|
|
res.redirect_uri = @redirect_uri = req.verify_redirect_uri!(@o_auth_application.redirect_uris)
|
|
end
|
|
|
|
def verify_nonce(req, res)
|
|
req.invalid_request! "nonce required" if res.protocol_params_location == :fragment && req.nonce.blank?
|
|
end
|
|
|
|
def build_scopes(req)
|
|
@scopes = req.scope.map {|scope|
|
|
scope.tap do |scope_name|
|
|
req.invalid_scope! "Unknown scope: #{scope_name}" unless scopes.include? scope_name
|
|
end
|
|
}
|
|
end
|
|
|
|
def scopes
|
|
Api::OpenidConnect::Authorization.scopes
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|