Add logic to save OpenID connect grants
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone Build is passing

This commit is contained in:
Garrett Mills 2021-04-15 13:41:13 -05:00
parent bd6eaceaf3
commit d1312fe627
Signed by: garrettmills
GPG Key ID: D2BF5FBA8298F246
3 changed files with 29 additions and 1 deletions

View File

@ -153,6 +153,12 @@ class OpenIDController extends Controller {
}) })
} }
// If the user has already authorized this app, just redirect
if ( req.user.has_authorized({ id: params.client_id }) ) {
return res.redirect(`/openid/interaction/${uid.toLowerCase()}/grant`)
}
// Otherwise, prompt them for authorization
return res.page('public:message', { return res.page('public:message', {
...this.Vue.data({ ...this.Vue.data({
message: `<h3 class="font-weight-light">Authorize ${application.name}?</h3> message: `<h3 class="font-weight-light">Authorize ${application.name}?</h3>
@ -170,6 +176,11 @@ class OpenIDController extends Controller {
{ {
text: req.T('common.grant'), text: req.T('common.grant'),
action: 'redirect', action: 'redirect',
next: `/openid/grant-and-save/${params.client_id}/${uid.toLowerCase()}`,
},
{
text: req.T('common.grant_once'),
action: 'redirect',
next: `/openid/interaction/${uid.toLowerCase()}/grant`, next: `/openid/interaction/${uid.toLowerCase()}/grant`,
}, },
], ],
@ -177,6 +188,19 @@ class OpenIDController extends Controller {
}) })
} }
async grant_and_save(req, res, next) {
if ( !req.user.has_authorized({ client_id: req.params.client_id }) ) {
req.user.authorize({
client_id: req.params.client_id,
api_scopes: ['openid-connect'],
})
await req.user.save()
}
return res.redirect(`/openid/interaction/${req.params.uid.toLowerCase()}/grant`)
}
async login(req, res, { uid, prompt, params, session }) { async login(req, res, { uid, prompt, params, session }) {
return res.redirect(`/openid/interaction/${uid.toLowerCase()}/start-session`) return res.redirect(`/openid/interaction/${uid.toLowerCase()}/start-session`)
} }

View File

@ -7,6 +7,9 @@ const openid = {
], ],
get: { get: {
'/grant-and-save/:client_id/:uid': [
'middleware::auth:UserOnly', 'controller::OpenID.grant_and_save',
],
'/interaction/:uid': [ '/interaction/:uid': [
'controller::OpenID.handle_interaction', 'controller::OpenID.handle_interaction',
], ],

View File

@ -11,7 +11,8 @@ module.exports = exports = {
yes: 'Yes', yes: 'Yes',
no: 'No', no: 'No',
deny: 'Deny', deny: 'Deny',
grant: 'Grant Access', grant: 'Allow access',
grant_once: 'Allow access once',
back: 'Back', back: 'Back',
next: 'Next', next: 'Next',
cancel: 'Cancel', cancel: 'Cancel',