Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/processone/ejabberd.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/ejabberd_oauth.erl
diff options
context:
space:
mode:
authorPaweł Chmielowski <pchmielowski@process-one.net>2019-09-06 17:46:03 +0300
committerPaweł Chmielowski <pchmielowski@process-one.net>2019-09-06 17:47:22 +0300
commit6d08ecc41fe236fd9effb08ad784f95caadc9c5b (patch)
tree657531ccefaf15ba9c4bc6de1c33ccecc322ddce /src/ejabberd_oauth.erl
parent9a8245b8e6a17b306d07cd96f2483044dd4981d2 (diff)
Add ejabberd_oauth:verify_resowner_scope callback back
This fixes issue #2982
Diffstat (limited to 'src/ejabberd_oauth.erl')
-rw-r--r--src/ejabberd_oauth.erl20
1 files changed, 18 insertions, 2 deletions
diff --git a/src/ejabberd_oauth.erl b/src/ejabberd_oauth.erl
index 31826fa53..d7f440751 100644
--- a/src/ejabberd_oauth.erl
+++ b/src/ejabberd_oauth.erl
@@ -45,10 +45,11 @@
check_token/2,
scope_in_scope_list/2,
process/2,
- config_reloaded/0]).
+ config_reloaded/0,
+ verify_resowner_scope/3]).
-export([get_commands_spec/0,
- oauth_issue_token/3, oauth_list_tokens/0, oauth_revoke_token/1]).
+ oauth_issue_token/3, oauth_list_tokens/0, oauth_revoke_token/1]).
-include("xmpp.hrl").
-include("logger.hrl").
@@ -211,6 +212,21 @@ authenticate_user({User, Server}, Ctx) ->
authenticate_client(Client, Ctx) -> {ok, {Ctx, {client, Client}}}.
+-spec verify_resowner_scope({user, binary(), binary()}, [binary()], any()) ->
+ {ok, any(), [binary()]} | {error, any()}.
+verify_resowner_scope({user, _User, _Server}, Scope, Ctx) ->
+ Cmds = [atom_to_binary(Name, utf8) || {Name, _, _} <- ejabberd_commands:list_commands()],
+ AllowedScopes = [<<"ejabberd:user">>, <<"ejabberd:admin">>, <<"sasl_auth">>] ++ Cmds,
+ case oauth2_priv_set:is_subset(oauth2_priv_set:new(Scope),
+ oauth2_priv_set:new(AllowedScopes)) of
+ true ->
+ {ok, {Ctx, Scope}};
+ false ->
+ {error, badscope}
+ end;
+verify_resowner_scope(_, _, _) ->
+ {error, badscope}.
+
%% This is callback for oauth tokens generated through the command line. Only open and admin commands are
%% made available.
%verify_client_scope({client, ejabberd_ctl}, Scope, Ctx) ->
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 08:15:35 +0300