equal
deleted
inserted
replaced
546 return response_handler(client, params, user_jid, id_token); |
546 return response_handler(client, params, user_jid, id_token); |
547 end |
547 end |
548 |
548 |
549 local function handle_revocation_request(event) |
549 local function handle_revocation_request(event) |
550 local request, response = event.request, event.response; |
550 local request, response = event.request, event.response; |
551 if request.headers.content_type ~= "application/x-www-form-urlencoded" |
|
552 or not request.body or request.body == "" then |
|
553 return 400; |
|
554 end |
|
555 if request.headers.authorization then |
551 if request.headers.authorization then |
556 local credentials = get_request_credentials(request); |
552 local credentials = get_request_credentials(request); |
557 if not credentials or credentials.type ~= "basic" then |
553 if not credentials or credentials.type ~= "basic" then |
558 response.headers.www_authenticate = string.format("Basic realm=%q", module.host.."/"..module.name); |
554 response.headers.www_authenticate = string.format("Basic realm=%q", module.host.."/"..module.name); |
559 return 401; |
555 return 401; |
562 if not verify_client_secret(credentials.username, credentials.password) then |
558 if not verify_client_secret(credentials.username, credentials.password) then |
563 return 401; |
559 return 401; |
564 end |
560 end |
565 end |
561 end |
566 |
562 |
567 local form_data = http.formdecode(event.request.body); |
563 local form_data = http.formdecode(event.request.body or ""); |
568 if not form_data or not form_data.token then |
564 if not form_data or not form_data.token then |
569 return 400; |
565 response.headers.accept = "application/x-www-form-urlencoded"; |
|
566 return 415; |
570 end |
567 end |
571 local ok, err = tokens.revoke_token(form_data.token); |
568 local ok, err = tokens.revoke_token(form_data.token); |
572 if not ok then |
569 if not ok then |
573 module:log("warn", "Unable to revoke token: %s", tostring(err)); |
570 module:log("warn", "Unable to revoke token: %s", tostring(err)); |
574 return 500; |
571 return 500; |