add endpoint for initial authorization
This commit is contained in:
Konstantin Haase
parent
1e903129a3
commit
1a7a9daf46
|
|
@ -77,30 +77,16 @@ class Travis::Api::App
|
||||||
{ 'access_token' => github_to_travis(params[:token], app_id: 1) }
|
{ 'access_token' => github_to_travis(params[:token], app_id: 1) }
|
||||||
end
|
end
|
||||||
|
|
||||||
get '/post_message' do
|
get '/handshake' do
|
||||||
config = Travis.config.oauth2
|
handshake do |*, redirect_uri|
|
||||||
endpoint = Addressable::URI.parse(config.authorization_server)
|
redirect redirect_uri
|
||||||
values = {
|
end
|
||||||
client_id: config.client_id,
|
end
|
||||||
scope: config.scope,
|
|
||||||
redirect_uri: url
|
|
||||||
}
|
|
||||||
|
|
||||||
if params[:code] and state_ok?(params[:state])
|
get '/post_message' do
|
||||||
endpoint.path = config.access_token_path
|
handshake do |user, token|
|
||||||
values[:state] = params[:state]
|
rendered_user = service(:user, user).find_one
|
||||||
values[:code] = params[:code]
|
|
||||||
values[:client_secret] = config.client_secret
|
|
||||||
github_token = get_token(endpoint.to_s, values)
|
|
||||||
user = user_for_github_token(github_token)
|
|
||||||
token = generate_token(user: user, app_id: 0)
|
|
||||||
rendered_user = service(:user, user).find_one
|
|
||||||
post_message(token: token, user: rendered_user)
|
post_message(token: token, user: rendered_user)
|
||||||
else
|
|
||||||
values[:state] = create_state
|
|
||||||
endpoint.path = config.authorize_path
|
|
||||||
endpoint.query_values = values
|
|
||||||
redirect to(endpoint.to_s)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -110,15 +96,43 @@ class Travis::Api::App
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
|
def handshake
|
||||||
|
config = Travis.config.oauth2
|
||||||
|
endpoint = Addressable::URI.parse(config.authorization_server)
|
||||||
|
values = {
|
||||||
|
client_id: config.client_id,
|
||||||
|
scope: config.scope,
|
||||||
|
redirect_uri: url
|
||||||
|
}
|
||||||
|
|
||||||
|
if params[:code] and state_ok?(params[:state])
|
||||||
|
endpoint.path = config.access_token_path
|
||||||
|
values[:state] = params[:state]
|
||||||
|
values[:code] = params[:code]
|
||||||
|
values[:client_secret] = config.client_secret
|
||||||
|
github_token = get_token(endpoint.to_s, values)
|
||||||
|
user = user_for_github_token(github_token)
|
||||||
|
token = generate_token(user: user, app_id: 0)
|
||||||
|
payload = params[:state].split(":::", 2)[1]
|
||||||
|
yield user, token, payload
|
||||||
|
else
|
||||||
|
values[:state] = create_state
|
||||||
|
endpoint.path = config.authorize_path
|
||||||
|
endpoint.query_values = values
|
||||||
|
redirect to(endpoint.to_s)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def create_state
|
def create_state
|
||||||
state = SecureRandom.urlsafe_base64(16)
|
state = SecureRandom.urlsafe_base64(16)
|
||||||
redis.sadd('github:states', state)
|
redis.sadd('github:states', state)
|
||||||
redis.expire('github:states', 1800)
|
redis.expire('github:states', 1800)
|
||||||
|
state << ":::" << params[:redirect_uri] if params[:redirect_uri]
|
||||||
state
|
state
|
||||||
end
|
end
|
||||||
|
|
||||||
def state_ok?(state)
|
def state_ok?(state)
|
||||||
redis.srem('github:states', state) if state
|
redis.srem('github:states', state.split(":::", 1)) if state
|
||||||
end
|
end
|
||||||
|
|
||||||
def github_to_travis(token, options = {})
|
def github_to_travis(token, options = {})
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user