Mercurial Mercurial > prosody > prosody-modules / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2/mod_http_oauth2.lua
changeset 5246 4746609a6656
parent 5245 65892dd1d4ae
child 5247 d5dc8edb2695
equal deleted inserted replaced
5245:65892dd1d4ae 5246:4746609a6656 
   598 
   598 
   599 	if not schema.validate(registration_schema, client_metadata) then
 
   599 	if not schema.validate(registration_schema, client_metadata) then
 
   600 		return oauth_error("invalid_request", "Failed schema validation.");
 
   600 		return oauth_error("invalid_request", "Failed schema validation.");
 
   601 	end
 
   601 	end
 
   602 
   602 
       
   603 	local redirect_hosts = set.new();
 
   603 	for _, redirect_uri in ipairs(client_metadata.redirect_uris) do
 
   604 	for _, redirect_uri in ipairs(client_metadata.redirect_uris) do
 
   604 		local components = url.parse(redirect_uri);
 
   605 		local components = url.parse(redirect_uri);
 
   605 		if not components or not components.scheme then
 
   606 		if not components or not components.scheme then
 
   606 			return oauth_error("invalid_request", "Invalid redirect URI.");
 
   607 			return oauth_error("invalid_request", "Invalid redirect URI.");
 
   607 		elseif components.scheme == "http" and components.host ~= "localhost" then
 
   608 		elseif components.scheme == "http" and components.host ~= "localhost" then
 
   608 			return oauth_error("invalid_request", "Insecure redirect URI forbidden (except http://localhost)");
 
   609 			return oauth_error("invalid_request", "Insecure redirect URI forbidden (except http://localhost)");
 
       
   610 		elseif components.scheme == "https" then
 
       
   611 			redirect_hosts:add(components.host);
 
       
   612 		end
 
       
   613 	end
 
       
   614 
       
   615 	for field, prop_schema in pairs(registration_schema) do
 
       
   616 		if prop_schema.format == "uri" and client_metadata[field] then
 
       
   617 			local components = url.parse(client_metadata[field]);
 
       
   618 			if components.scheme ~= "https" then
 
       
   619 				return oauth_error("invalid_request", "Insecure URI forbidden");
 
       
   620 			end
 
       
   621 			if not redirect_hosts:contains(components.host) then
 
       
   622 				return oauth_error("invalid_request", "Informative URI must match redirect URIs");
 
       
   623 			end
 
   609 		end
 
   624 		end
 
   610 	end
 
   625 	end
 
   611 
   626 
   612 	-- Ensure each signed client_id JWT is unique
 
   627 	-- Ensure each signed client_id JWT is unique
 
   613 	client_metadata.nonce = uuid.generate();
 
   628 	client_metadata.nonce = uuid.generate();
prosody-modules