dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OAuth2 handler: return 401 when missing or bad access token (#2167)

Browse Source
This commit is contained in:
Maxime Besson 2020-04-22 17:24:09 +02:00
parent 91ba11b898
commit 250761f115
1 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/OAuth2.pm
View File

@ -2,7 +2,7 @@ package Lemonldap::NG::Handler::Lib::OAuth2;
use strict;
our $VERSION = '2.0.4';
our $VERSION = '2.0.8';
sub retrieveSession {
my ( $class, $req, $id ) = @_;
@ -88,7 +88,11 @@ sub fetchId {
return "O-$_session_id";
}
return $class->Lemonldap::NG::Handler::Main::fetchId($req);
my $value = $class->Lemonldap::NG::Handler::Main::fetchId($req);
unless ($value) {
$req->data->{oauth2_error} = 'invalid_token';
}
return $value;
}
## @rmethod protected hash getOIDCInfos(id)
@ -123,4 +127,18 @@ sub getOIDCInfos {
return $infos;
}
## The OAuth2 handler does not redirect, we simply return a 401 with relevant
# information as described in https://tools.ietf.org/html/rfc6750#section-3
sub goToPortal {
my ( $class, $req, $url, $arg, $path ) = @_;
my $oauth2_error = '';
if ( $req->data->{oauth2_error} ) {
$oauth2_error = ' error="' . $req->data->{oauth2_error} . '"';
}
$class->set_header_out( $req,
'WWW-Authenticate' => "Bearer" . $oauth2_error );
return $class->HTTP_UNAUTHORIZED;
}
1;