improve token response handling

This commit is contained in:
Inhji 2024-12-05 15:35:56 +01:00
parent 7f116952f5
commit 7b19e42f57
2 changed files with 82 additions and 14 deletions

View file

@ -11,7 +11,9 @@ defmodule PlugIndie.Token do
) do ) do
case do_verify_token(access_token, token_endpoint, user_agent) do case do_verify_token(access_token, token_endpoint, user_agent) do
{:ok, %{status: 200, body: body}} -> {:ok, %{status: 200, body: body}} ->
verify_token_response(body, required_scope, supported_scopes, own_hostname) body
|> map_keys_to_string()
|> verify_token_response(required_scope, supported_scopes, own_hostname)
{:ok, %{status: status}} -> {:ok, %{status: status}} ->
{:error, :request_error, status} {:error, :request_error, status}
@ -45,19 +47,28 @@ defmodule PlugIndie.Token do
Tesla.get(client, token_endpoint) Tesla.get(client, token_endpoint)
end end
defp verify_token_response( def verify_token_response(
%{ %{
me: host_uri, "me" => host_uri,
scope: scope, "scope" => scope,
client_id: client_id, "client_id" => client_id,
issued_at: _issued_at, "issued_at" => _issued_at,
issued_by: _issued_by, "issued_by" => _issued_by,
nonce: _nonce "nonce" => _nonce
}, },
required_scope, required_scope,
supported_scopes, supported_scopes,
own_hostname own_hostname
) do ) do
# {%{
# "client_id" => "https://indiepass.app/",
# "issued_at" => 1_733_382_601,
# "issued_by" => "https://tokens.indieauth.com/token",
# "me" => "https://blog.inhji.de/",
# "nonce" => 358_618_865,
# "scope" => "create update delete media read follow channels mute block"
# }, "create", ["create", "media"], "inhji.de"}
Logger.info("Host-URI: '#{host_uri}'") Logger.info("Host-URI: '#{host_uri}'")
Logger.info("ClientId: '#{client_id}'") Logger.info("ClientId: '#{client_id}'")
Logger.info("Scopes: '#{scope}'") Logger.info("Scopes: '#{scope}'")
@ -72,6 +83,8 @@ defmodule PlugIndie.Token do
end end
end end
def verify_token_response(_, _, _, _), do: {:error, "verify_token_response", "bad request"}
defp verify_hostname_match(host_uri, own_hostname) do defp verify_hostname_match(host_uri, own_hostname) do
hostnames_match? = get_hostname(host_uri) == own_hostname hostnames_match? = get_hostname(host_uri) == own_hostname
@ -107,4 +120,8 @@ defmodule PlugIndie.Token do
{:error, "verify_scope_support", "scope '#{required_scope}' was not requested"} {:error, "verify_scope_support", "scope '#{required_scope}' was not requested"}
end end
end end
defp map_keys_to_string(map) do
for {key, val} <- map, into: %{}, do: {to_string(key), val}
end
end end

51
test/token_test.exs Normal file
View file

@ -0,0 +1,51 @@
defmodule TokenTest do
use ExUnit.Case
describe "verify_token_response/4" do
test "with atom keyed map" do
body = %{
:client_id => "https://indiepass.app/",
:issued_at => 1_733_382_601,
:issued_by => "https://tokens.indieauth.com/token",
:me => "https://blog.inhji.de/",
:nonce => 358_618_865,
:scope => "create update delete media read follow channels mute block"
}
required_scope = "create"
supported_scopes = ["create", "media"]
hostname = "blog.inhji.de"
assert {:error, _, _} =
PlugIndie.Token.verify_token_response(
body,
required_scope,
supported_scopes,
hostname
)
end
test "with string keyed map" do
body = %{
"client_id" => "https://indiepass.app/",
"issued_at" => 1_733_382_601,
"issued_by" => "https://tokens.indieauth.com/token",
"me" => "https://blog.inhji.de/",
"nonce" => 358_618_865,
"scope" => "create update delete media read follow channels mute block"
}
required_scope = "create"
supported_scopes = ["create", "media"]
hostname = "blog.inhji.de"
assert PlugIndie.Token.verify_token_response(
body,
required_scope,
supported_scopes,
hostname
) ==
:ok
end
end
end