Add logic to save OpenID connect grants

2021-04-15 13:41:13 -05:00 · 2021-04-15 13:41:13 -05:00 · d1312fe627
commit d1312fe627
parent bd6eaceaf3
3 changed files with 29 additions and 1 deletions
--- a/app/controllers/OpenID.controller.js
+++ b/app/controllers/OpenID.controller.js
@ -153,6 +153,12 @@ class OpenIDController extends Controller {
            })
        }

+        // If the user has already authorized this app, just redirect
+        if ( req.user.has_authorized({ id: params.client_id }) ) {
+            return res.redirect(`/openid/interaction/${uid.toLowerCase()}/grant`)
+        }
+
+        // Otherwise, prompt them for authorization
        return res.page('public:message', {
            ...this.Vue.data({
                message: `<h3 class="font-weight-light">Authorize ${application.name}?</h3>
@ -170,6 +176,11 @@ class OpenIDController extends Controller {
                    {
                        text: req.T('common.grant'),
                        action: 'redirect',
+                        next: `/openid/grant-and-save/${params.client_id}/${uid.toLowerCase()}`,
+                    },
+                    {
+                        text: req.T('common.grant_once'),
+                        action: 'redirect',
                        next: `/openid/interaction/${uid.toLowerCase()}/grant`,
                    },
                ],
@ -177,6 +188,19 @@ class OpenIDController extends Controller {
        })
    }

+    async grant_and_save(req, res, next) {
+        if ( !req.user.has_authorized({ client_id: req.params.client_id }) ) {
+            req.user.authorize({
+                client_id: req.params.client_id,
+                api_scopes: ['openid-connect'],
+            })
+
+            await req.user.save()
+        }
+
+        return res.redirect(`/openid/interaction/${req.params.uid.toLowerCase()}/grant`)
+    }
+
    async login(req, res, { uid, prompt, params, session }) {
        return res.redirect(`/openid/interaction/${uid.toLowerCase()}/start-session`)
    }
--- a/app/routing/routers/openid.routes.js
+++ b/app/routing/routers/openid.routes.js
@ -7,6 +7,9 @@ const openid = {
    ],

    get: {
+        '/grant-and-save/:client_id/:uid': [
+            'middleware::auth:UserOnly', 'controller::OpenID.grant_and_save',
+        ],
        '/interaction/:uid': [
            'controller::OpenID.handle_interaction',
        ],
--- a/locale/en_US/common.locale.js
+++ b/locale/en_US/common.locale.js
@ -11,7 +11,8 @@ module.exports = exports = {
    yes: 'Yes',
    no: 'No',
    deny: 'Deny',
-    grant: 'Grant Access',
+    grant: 'Allow access',
+    grant_once: 'Allow access once',
    back: 'Back',
    next: 'Next',
    cancel: 'Cancel',