1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
module Rack
module OAuth2
module Server
class Authorize < Abstract::Handler
def _call(env)
request = Request.new(env)
response_type_for(request).new(&@authenticator)._call(env).finish
rescue Rack::OAuth2::Server::Abstract::Error => e
e.finish
end
private
def response_type_for(request)
response_type = request.params['response_type'].to_s
case response_type
when 'code'
Code
when 'token'
Token
when ''
request.attr_missing!
else
extensions.detect do |extension|
extension.response_type_for? response_type
end || request.unsupported_response_type!
end
end
def extensions
Extension.constants.sort.collect do |key|
Extension.const_get key
end
end
class Request < Abstract::Request
include Server::Extension::ResponseMode::AuthorizationRequest
attr_required :response_type
attr_optional :redirect_uri, :state
attr_accessor :verified_redirect_uri
def initialize(env)
super
# NOTE: Raise before redirect_uri is saved not to redirect back to unverified redirect_uri.
invalid_request! '"client_id" missing' if client_id.blank?
@redirect_uri = Util.parse_uri(params['redirect_uri']) if params['redirect_uri']
@response_mode = params['response_mode']
@state = params['state']
end
def verify_redirect_uri!(pre_registered, allow_partial_match = false)
@verified_redirect_uri = if redirect_uri.present?
verified = Array(pre_registered).any? do |_pre_registered_|
if allow_partial_match
Util.uri_match?(_pre_registered_, redirect_uri)
else
_pre_registered_.to_s == redirect_uri.to_s
end
end
if verified
redirect_uri
else
invalid_request! '"redirect_uri" mismatch'
end
elsif pre_registered.present? && Array(pre_registered).size == 1 && !allow_partial_match
Array(pre_registered).first
else
invalid_request! '"redirect_uri" missing'
end
self.verified_redirect_uri.to_s
end
def error_params_location
nil # => All errors are raised immediately and no error response are returned to client.
end
end
class Response < Abstract::Response
attr_required :redirect_uri
attr_optional :state, :session_state, :approval
def initialize(request)
@state = request.state
super
end
def approved?
@approval
end
def approve!
@approval = true
end
def protocol_params
{state: state, session_state: session_state}
end
def redirect_uri_with_credentials
Util.redirect_uri(redirect_uri, protocol_params_location, protocol_params)
end
def finish
if approved?
attr_missing!
redirect redirect_uri_with_credentials
end
super
end
end
end
end
end
end
require 'rack/oauth2/server/authorize/code'
require 'rack/oauth2/server/authorize/token'
require 'rack/oauth2/server/authorize/extension'
require 'rack/oauth2/server/authorize/error'
|
