From d1312fe627ef544d800a99e8e98fc97433e33fc8 Mon Sep 17 00:00:00 2001
From: garrettmills <shout@garrettmills.dev>
Date: Thu, 15 Apr 2021 13:41:13 -0500
Subject: [PATCH] Add logic to save OpenID connect grants

---
 app/controllers/OpenID.controller.js | 24 ++++++++++++++++++++++++
 app/routing/routers/openid.routes.js |  3 +++
 locale/en_US/common.locale.js        |  3 ++-
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/app/controllers/OpenID.controller.js b/app/controllers/OpenID.controller.js
index fb2110b..196f635 100644
--- a/app/controllers/OpenID.controller.js
+++ b/app/controllers/OpenID.controller.js
@@ -153,6 +153,12 @@ class OpenIDController extends Controller {
             })
         }
 
+        // If the user has already authorized this app, just redirect
+        if ( req.user.has_authorized({ id: params.client_id }) ) {
+            return res.redirect(`/openid/interaction/${uid.toLowerCase()}/grant`)
+        }
+
+        // Otherwise, prompt them for authorization
         return res.page('public:message', {
             ...this.Vue.data({
                 message: `<h3 class="font-weight-light">Authorize ${application.name}?</h3>
@@ -170,6 +176,11 @@ class OpenIDController extends Controller {
                     {
                         text: req.T('common.grant'),
                         action: 'redirect',
+                        next: `/openid/grant-and-save/${params.client_id}/${uid.toLowerCase()}`,
+                    },
+                    {
+                        text: req.T('common.grant_once'),
+                        action: 'redirect',
                         next: `/openid/interaction/${uid.toLowerCase()}/grant`,
                     },
                 ],
@@ -177,6 +188,19 @@ class OpenIDController extends Controller {
         })
     }
 
+    async grant_and_save(req, res, next) {
+        if ( !req.user.has_authorized({ client_id: req.params.client_id }) ) {
+            req.user.authorize({
+                client_id: req.params.client_id,
+                api_scopes: ['openid-connect'],
+            })
+
+            await req.user.save()
+        }
+
+        return res.redirect(`/openid/interaction/${req.params.uid.toLowerCase()}/grant`)
+    }
+
     async login(req, res, { uid, prompt, params, session }) {
         return res.redirect(`/openid/interaction/${uid.toLowerCase()}/start-session`)
     }
diff --git a/app/routing/routers/openid.routes.js b/app/routing/routers/openid.routes.js
index 0e97c7c..b8ce43d 100644
--- a/app/routing/routers/openid.routes.js
+++ b/app/routing/routers/openid.routes.js
@@ -7,6 +7,9 @@ const openid = {
     ],
 
     get: {
+        '/grant-and-save/:client_id/:uid': [
+            'middleware::auth:UserOnly', 'controller::OpenID.grant_and_save',
+        ],
         '/interaction/:uid': [
             'controller::OpenID.handle_interaction',
         ],
diff --git a/locale/en_US/common.locale.js b/locale/en_US/common.locale.js
index 1f5cee3..b5b9a71 100644
--- a/locale/en_US/common.locale.js
+++ b/locale/en_US/common.locale.js
@@ -11,7 +11,8 @@ module.exports = exports = {
     yes: 'Yes',
     no: 'No',
     deny: 'Deny',
-    grant: 'Grant Access',
+    grant: 'Allow access',
+    grant_once: 'Allow access once',
     back: 'Back',
     next: 'Next',
     cancel: 'Cancel',