Add logic to save OpenID connect grants
continuous-integration/drone/push Build is passing Details
continuous-integration/drone Build is passing Details

master
Garrett Mills 3 years ago
parent bd6eaceaf3
commit d1312fe627
Signed by: garrettmills
GPG Key ID: D2BF5FBA8298F246

@ -153,6 +153,12 @@ class OpenIDController extends Controller {
})
}
// If the user has already authorized this app, just redirect
if ( req.user.has_authorized({ id: params.client_id }) ) {
return res.redirect(`/openid/interaction/${uid.toLowerCase()}/grant`)
}
// Otherwise, prompt them for authorization
return res.page('public:message', {
...this.Vue.data({
message: `<h3 class="font-weight-light">Authorize ${application.name}?</h3>
@ -170,6 +176,11 @@ class OpenIDController extends Controller {
{
text: req.T('common.grant'),
action: 'redirect',
next: `/openid/grant-and-save/${params.client_id}/${uid.toLowerCase()}`,
},
{
text: req.T('common.grant_once'),
action: 'redirect',
next: `/openid/interaction/${uid.toLowerCase()}/grant`,
},
],
@ -177,6 +188,19 @@ class OpenIDController extends Controller {
})
}
async grant_and_save(req, res, next) {
if ( !req.user.has_authorized({ client_id: req.params.client_id }) ) {
req.user.authorize({
client_id: req.params.client_id,
api_scopes: ['openid-connect'],
})
await req.user.save()
}
return res.redirect(`/openid/interaction/${req.params.uid.toLowerCase()}/grant`)
}
async login(req, res, { uid, prompt, params, session }) {
return res.redirect(`/openid/interaction/${uid.toLowerCase()}/start-session`)
}

@ -7,6 +7,9 @@ const openid = {
],
get: {
'/grant-and-save/:client_id/:uid': [
'middleware::auth:UserOnly', 'controller::OpenID.grant_and_save',
],
'/interaction/:uid': [
'controller::OpenID.handle_interaction',
],

@ -11,7 +11,8 @@ module.exports = exports = {
yes: 'Yes',
no: 'No',
deny: 'Deny',
grant: 'Grant Access',
grant: 'Allow access',
grant_once: 'Allow access once',
back: 'Back',
next: 'Next',
cancel: 'Cancel',

Loading…
Cancel
Save