CoreID/app/controllers/auth/Oauth2.controller.js

const Oauth2Controller = require('flitter-auth/controllers/Oauth2')

/*
 * Handles views, processing, and data retrieval for flitter-auth's
 * built-in OAuth2 server, if it is enabled. Most handlers are inherited
 * from flitter-auth/controllers/Oauth2, but you can override them here
 * as you need.
 */
class Oauth2 extends Oauth2Controller {
    static get services() {
        return [...super.services, 'Vue', 'configs', 'models', 'output']
    }

    async authorize_post(req, res, next) {
        const client = await this._get_authorize_client({query: req.body})
        if ( !client ) return this._uniform(res, req.T('auth.unable_to_authorize'))

        const StarshipClient = this.models.get('oauth:Client')
        const starship_client = await StarshipClient.findOne({ active: true, uuid: client.clientID })

        // Make sure the user has IAM access before proceeding
        const Application = this.models.get('Application')
        const Policy = this.models.get('iam:Policy')
        const application = await Application.findOne({ oauth_client_ids: starship_client.id })
        if ( !application ) {
            this.output.warn('IAM Denial!')
            return this.Vue.auth_message(res, {
                message: req.T('saml.no_access').replace('APP_NAME', application.name),
                next_destination: '/dash',
            })
        } else if ( !(await Policy.check_user_access(req.user, application.id)) ) {
            this.output.warn('IAM Denial!')
            return this.Vue.auth_message(res, {
                message: req.T('saml.no_access').replace('APP_NAME', application.name),
                next_destination: '/dash',
            })
        }

        req.user.authorize(starship_client)
        await req.user.save()
        return super.authorize_post(req, res, next)
    }

    async authorize_get(req, res, next) {
        const client = await this._get_authorize_client(req)
        if ( !client ) return this._uniform(res, req.T('auth.unable_to_authorize'))
        const uri = new URL(req.query.redirect_uri)

        const StarshipClient = this.models.get('oauth:Client')
        const starship_client = await StarshipClient.findOne({ active: true, uuid: client.clientID })

        // Make sure the user has IAM access before proceeding
        const Application = this.models.get('Application')
        const Policy = this.models.get('iam:Policy')
        const application = await Application.findOne({ oauth_client_ids: starship_client.id })
        if ( !application ) {
            this.output.warn('IAM Denial!')
            return this.Vue.auth_message(res, {
                message: req.T('saml.no_access').replace('APP_NAME', application.name),
                next_destination: '/dash',
            })
        } else if ( !(await Policy.check_user_access(req.user, application.id)) ) {
            this.output.warn('IAM Denial!')
            return this.Vue.auth_message(res, {
                message: req.T('saml.no_access').replace('APP_NAME', application.name),
                next_destination: '/dash',
            })
        }

        if ( req.user.has_authorized(starship_client) ) {
            return this.Vue.invoke_action(res, {
                text: 'Grant Access',
                action: 'post',
                params: {
                    redirect_uri: uri.toString(),
                    client_id: client.clientID,
                },
            })
        }

        return res.page('public:message', {
            ...this.Vue.data({
                message: `<h3 class="font-weight-light">Authorize ${client.name}?</h3>
<br>
${req.T('auth.oauth_prompt').replace('CLIENT_NAME', client.name).replace('APP_NAME', this.configs.get('app.name'))}
<br><br><br>
<i><small>${req.T('auth.will_redirect')} ${uri.host}</small></i>`,

                actions: [
                    {
                        text: req.T('common.deny'),
                        action: 'redirect',
                        next: '/dash',
                    },
                    {
                        text: req.T('common.grant'),
                        action: 'post',
                        params: {
                            redirect_uri: uri.toString(),
                            client_id: client.clientID,
                        },
                    },
                ],
            })
        })
    }

}

module.exports = exports = Oauth2
Start basic LDAP server groundwork 2020-04-17 00:59:48 +00:00			`const Oauth2Controller = require('flitter-auth/controllers/Oauth2')`

			`/*`
			`* Handles views, processing, and data retrieval for flitter-auth's`
			`* built-in OAuth2 server, if it is enabled. Most handlers are inherited`
			`* from flitter-auth/controllers/Oauth2, but you can override them here`
			`* as you need.`
			`*/`
			`class Oauth2 extends Oauth2Controller {`
Settings resource; oauth2 app authorization model; UI cleanup 2020-05-18 02:13:38 +00:00			`static get services() {`
Add missing service injection... 2020-10-19 14:53:27 +00:00			`return [...super.services, 'Vue', 'configs', 'models', 'output']`
Settings resource; oauth2 app authorization model; UI cleanup 2020-05-18 02:13:38 +00:00			`}`

			`async authorize_post(req, res, next) {`
			`const client = await this._get_authorize_client({query: req.body})`
Fix missing translation scope 2020-08-13 03:19:42 +00:00			`if ( !client ) return this._uniform(res, req.T('auth.unable_to_authorize'))`
Settings resource; oauth2 app authorization model; UI cleanup 2020-05-18 02:13:38 +00:00
			`const StarshipClient = this.models.get('oauth:Client')`
			`const starship_client = await StarshipClient.findOne({ active: true, uuid: client.clientID })`

Check IAM policy for OAuth2 logins 2020-10-19 14:51:36 +00:00			`// Make sure the user has IAM access before proceeding`
			`const Application = this.models.get('Application')`
			`const Policy = this.models.get('iam:Policy')`
			`const application = await Application.findOne({ oauth_client_ids: starship_client.id })`
			`if ( !application ) {`
Fix bad logging method call names 2020-10-19 14:55:26 +00:00			`this.output.warn('IAM Denial!')`
Check IAM policy for OAuth2 logins 2020-10-19 14:51:36 +00:00			`return this.Vue.auth_message(res, {`
			`message: req.T('saml.no_access').replace('APP_NAME', application.name),`
			`next_destination: '/dash',`
			`})`
			`} else if ( !(await Policy.check_user_access(req.user, application.id)) ) {`
Fix bad logging method call names 2020-10-19 14:55:26 +00:00			`this.output.warn('IAM Denial!')`
Check IAM policy for OAuth2 logins 2020-10-19 14:51:36 +00:00			`return this.Vue.auth_message(res, {`
			`message: req.T('saml.no_access').replace('APP_NAME', application.name),`
			`next_destination: '/dash',`
			`})`
			`}`

Settings resource; oauth2 app authorization model; UI cleanup 2020-05-18 02:13:38 +00:00			`req.user.authorize(starship_client)`
			`await req.user.save()`
			`return super.authorize_post(req, res, next)`
			`}`

			`async authorize_get(req, res, next) {`
			`const client = await this._get_authorize_client(req)`
Fix missing translation scope 2020-08-13 03:19:42 +00:00			`if ( !client ) return this._uniform(res, req.T('auth.unable_to_authorize'))`
Settings resource; oauth2 app authorization model; UI cleanup 2020-05-18 02:13:38 +00:00			`const uri = new URL(req.query.redirect_uri)`

			`const StarshipClient = this.models.get('oauth:Client')`
			`const starship_client = await StarshipClient.findOne({ active: true, uuid: client.clientID })`

Check IAM policy for OAuth2 logins 2020-10-19 14:51:36 +00:00			`// Make sure the user has IAM access before proceeding`
			`const Application = this.models.get('Application')`
			`const Policy = this.models.get('iam:Policy')`
			`const application = await Application.findOne({ oauth_client_ids: starship_client.id })`
			`if ( !application ) {`
Fix bad logging method call names 2020-10-19 14:55:26 +00:00			`this.output.warn('IAM Denial!')`
Check IAM policy for OAuth2 logins 2020-10-19 14:51:36 +00:00			`return this.Vue.auth_message(res, {`
			`message: req.T('saml.no_access').replace('APP_NAME', application.name),`
			`next_destination: '/dash',`
			`})`
			`} else if ( !(await Policy.check_user_access(req.user, application.id)) ) {`
Fix bad logging method call names 2020-10-19 14:55:26 +00:00			`this.output.warn('IAM Denial!')`
Check IAM policy for OAuth2 logins 2020-10-19 14:51:36 +00:00			`return this.Vue.auth_message(res, {`
			`message: req.T('saml.no_access').replace('APP_NAME', application.name),`
			`next_destination: '/dash',`
			`})`
			`}`

Settings resource; oauth2 app authorization model; UI cleanup 2020-05-18 02:13:38 +00:00			`if ( req.user.has_authorized(starship_client) ) {`
			`return this.Vue.invoke_action(res, {`
			`text: 'Grant Access',`
			`action: 'post',`
			`params: {`
			`redirect_uri: uri.toString(),`
			`client_id: client.clientID,`
			`},`
			`})`
			`}`

			`return res.page('public:message', {`
			`...this.Vue.data({`
			message: `<h3 class="font-weight-light">Authorize ${client.name}?</h3>
			`<br>`
Finish server-side translations in controllers 2020-05-31 01:16:10 +00:00			`${req.T('auth.oauth_prompt').replace('CLIENT_NAME', client.name).replace('APP_NAME', this.configs.get('app.name'))}`
Settings resource; oauth2 app authorization model; UI cleanup 2020-05-18 02:13:38 +00:00			`<br><br><br>`
Finish server-side translations in controllers 2020-05-31 01:16:10 +00:00			<i><small>${req.T('auth.will_redirect')} ${uri.host}</small></i>`,
Settings resource; oauth2 app authorization model; UI cleanup 2020-05-18 02:13:38 +00:00
			`actions: [`
			`{`
Finish server-side translations in controllers 2020-05-31 01:16:10 +00:00			`text: req.T('common.deny'),`
Settings resource; oauth2 app authorization model; UI cleanup 2020-05-18 02:13:38 +00:00			`action: 'redirect',`
			`next: '/dash',`
			`},`
			`{`
Finish server-side translations in controllers 2020-05-31 01:16:10 +00:00			`text: req.T('common.grant'),`
Settings resource; oauth2 app authorization model; UI cleanup 2020-05-18 02:13:38 +00:00			`action: 'post',`
			`params: {`
			`redirect_uri: uri.toString(),`
			`client_id: client.clientID,`
			`},`
			`},`
			`],`
			`})`
			`})`
			`}`
Start basic LDAP server groundwork 2020-04-17 00:59:48 +00:00
			`}`

			`module.exports = exports = Oauth2`