oauth/oidc

2023-11-07 19:35:03 +00:00
parent a0fc306df1
commit 54db8727b0
20 changed files with 670 additions and 3 deletions
--- a/lib/sso_bsn_web/controllers/oauth/authorize_controller.ex
+++ b/lib/sso_bsn_web/controllers/oauth/authorize_controller.ex
@@ -0,0 +1,90 @@
+defmodule SsoBsnWeb.Oauth.AuthorizeController do
+  @behaviour Boruta.Oauth.AuthorizeApplication
+
+  use SsoBsnWeb, :controller
+
+  alias Boruta.Oauth.AuthorizeResponse
+  alias Boruta.Oauth.Error
+  alias Boruta.Oauth.ResourceOwner
+  alias SsoBsnWeb.OauthView
+
+  def oauth_module, do: Application.get_env(:sso_bsn, :oauth_module, Boruta.Oauth)
+
+  def authorize(%Plug.Conn{} = conn, _params) do
+    current_user = conn.assigns[:current_user]
+    conn = store_user_return_to(conn)
+
+    authorize_response(
+      conn,
+      current_user
+    )
+  end
+
+  defp authorize_response(conn, %_{} = current_user) do
+    conn
+    |> oauth_module().authorize(
+      %ResourceOwner{sub: to_string(current_user.id), username: current_user.email},
+      __MODULE__
+    )
+  end
+
+  defp authorize_response(conn, _params) do
+    redirect_to_login(conn)
+  end
+
+  @impl Boruta.Oauth.AuthorizeApplication
+  def authorize_success(
+        conn,
+        %AuthorizeResponse{} = response
+      ) do
+    redirect(conn, external: AuthorizeResponse.redirect_to_url(response))
+  end
+
+  @impl Boruta.Oauth.AuthorizeApplication
+  def authorize_error(
+        %Plug.Conn{} = conn,
+        %Error{status: :unauthorized}
+      ) do
+    redirect_to_login(conn)
+  end
+
+  def authorize_error(
+        conn,
+        %Error{format: format} = error
+      )
+      when not is_nil(format) do
+    conn
+    |> redirect(external: Error.redirect_to_url(error))
+  end
+
+  def authorize_error(
+        conn,
+        %Error{status: status, error: error, error_description: error_description}
+      ) do
+    conn
+    |> put_status(status)
+    |> put_view(OauthView)
+    |> render("error.html", error: error, error_description: error_description)
+  end
+
+  @impl Boruta.Oauth.AuthorizeApplication
+  def preauthorize_success(_conn, _response), do: :ok
+
+  @impl Boruta.Oauth.AuthorizeApplication
+  def preauthorize_error(_conn, _response), do: :ok
+
+  defp store_user_return_to(conn) do
+    conn
+    |> put_session(
+      :user_return_to,
+      current_path(conn)
+    )
+  end
+
+  defp redirect_to_login(_conn) do
+    raise """
+    Here occurs the login process. After login, user may be redirected to
+    get_session(conn, :user_return_to)
+    """
+  end
+end