diff options
author | Paweł Chmielowski <pchmielowski@process-one.net> | 2019-09-06 17:46:03 +0300 |
---|---|---|
committer | Paweł Chmielowski <pchmielowski@process-one.net> | 2019-09-06 17:47:22 +0300 |
commit | 6d08ecc41fe236fd9effb08ad784f95caadc9c5b (patch) | |
tree | 657531ccefaf15ba9c4bc6de1c33ccecc322ddce /src/ejabberd_oauth.erl | |
parent | 9a8245b8e6a17b306d07cd96f2483044dd4981d2 (diff) |
Add ejabberd_oauth:verify_resowner_scope callback back
This fixes issue #2982
Diffstat (limited to 'src/ejabberd_oauth.erl')
-rw-r--r-- | src/ejabberd_oauth.erl | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/ejabberd_oauth.erl b/src/ejabberd_oauth.erl index 31826fa53..d7f440751 100644 --- a/src/ejabberd_oauth.erl +++ b/src/ejabberd_oauth.erl @@ -45,10 +45,11 @@ check_token/2, scope_in_scope_list/2, process/2, - config_reloaded/0]). + config_reloaded/0, + verify_resowner_scope/3]). -export([get_commands_spec/0, - oauth_issue_token/3, oauth_list_tokens/0, oauth_revoke_token/1]). + oauth_issue_token/3, oauth_list_tokens/0, oauth_revoke_token/1]). -include("xmpp.hrl"). -include("logger.hrl"). @@ -211,6 +212,21 @@ authenticate_user({User, Server}, Ctx) -> authenticate_client(Client, Ctx) -> {ok, {Ctx, {client, Client}}}. +-spec verify_resowner_scope({user, binary(), binary()}, [binary()], any()) -> + {ok, any(), [binary()]} | {error, any()}. +verify_resowner_scope({user, _User, _Server}, Scope, Ctx) -> + Cmds = [atom_to_binary(Name, utf8) || {Name, _, _} <- ejabberd_commands:list_commands()], + AllowedScopes = [<<"ejabberd:user">>, <<"ejabberd:admin">>, <<"sasl_auth">>] ++ Cmds, + case oauth2_priv_set:is_subset(oauth2_priv_set:new(Scope), + oauth2_priv_set:new(AllowedScopes)) of + true -> + {ok, {Ctx, Scope}}; + false -> + {error, badscope} + end; +verify_resowner_scope(_, _, _) -> + {error, badscope}. + %% This is callback for oauth tokens generated through the command line. Only open and admin commands are %% made available. %verify_client_scope({client, ejabberd_ctl}, Scope, Ctx) -> |