Skip to content
Snippets Groups Projects
Verified Commit 95c3fe36 authored by Andrej Ramašeuski's avatar Andrej Ramašeuski
Browse files

Prepracovana OAuth2

parent 92e6e49b
No related branches found
No related tags found
No related merge requests found
...@@ -55,8 +55,6 @@ sub startup { ...@@ -55,8 +55,6 @@ sub startup {
return 0 if ! $c->session->{user}; return 0 if ! $c->session->{user};
my %user_roles = map { $_ => 1 } @{ $c->session->{user}{roles} }; my %user_roles = map { $_ => 1 } @{ $c->session->{user}{roles} };
$role .= '@' . $cfg->{oauth2}{client_id} if $role !~ /\@/;
return exists $user_roles{$role} ? 1 : 0; return exists $user_roles{$role} ? 1 : 0;
}, },
user_privs => sub {}, user_privs => sub {},
......
...@@ -9,9 +9,10 @@ sub callback { ...@@ -9,9 +9,10 @@ sub callback {
# TODO: ERROR HANDLING # TODO: ERROR HANDLING
$c->session->{refresh_token} = $token->refresh_token;
my $claims = $c->oauth_claims( $token->access_token ); my $claims = $c->oauth_claims( $token->access_token );
$c->session->{refresh_token} = $token->refresh_token;
$c->session->{user} = { $c->session->{user} = {
uuid => $claims->{sub}, uuid => $claims->{sub},
name => $claims->{name}, name => $claims->{name},
...@@ -27,6 +28,7 @@ sub callback { ...@@ -27,6 +28,7 @@ sub callback {
$c->session->{user}{id} = $user->id; $c->session->{user}{id} = $user->id;
$c->session->{user}{token} = $user->token; $c->session->{user}{token} = $user->token;
$c->session->{user}{roles} = $c->oauth_roles($claims); $c->session->{user}{roles} = $c->oauth_roles($claims);
$c->session->{user}{groups} = $c->oauth_groups($claims);
$c->session->{user}{acl} = $c->schema->resultset('ACL')->user_acl( $c->session->{user}{acl} = $c->schema->resultset('ACL')->user_acl(
$c->session->{user} $c->session->{user}
); );
......
...@@ -8,6 +8,7 @@ use constant KEY_FORMAT => "-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY- ...@@ -8,6 +8,7 @@ use constant KEY_FORMAT => "-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-
use base 'Mojolicious::Plugin'; use base 'Mojolicious::Plugin';
use Mojo::JWT; use Mojo::JWT;
use Mojo::UserAgent; use Mojo::UserAgent;
use YAML;
sub register { sub register {
my ($class, $self) = @_; my ($class, $self) = @_;
...@@ -70,20 +71,29 @@ sub register { ...@@ -70,20 +71,29 @@ sub register {
my $c = shift; my $c = shift;
my $claims = shift; my $claims = shift;
my @roles = (); return $claims->{resource_access}{$self->cfg->{oauth2}{client_id}}{roles};
});
CLIENT: $self->helper( oauth_groups => sub {
foreach my $client ( keys %{ $claims->{resource_access} } ) { my $c = shift;
ROLE: my $claims = shift;
foreach my $role ( @{ $claims->{resource_access}{$client}{roles} } ) {
push @roles, $role . '@' . $client;
}
}
return \@roles; return $claims->{groups} // [] ;
}); # JEN Z DUVODU KOMPATIBLITY SE STARYM KEYCLOAK
# my @groups = ();
# CLIENT:
# foreach my $client ( keys %{ $claims->{resource_access} } ) {
# ROLE:
# foreach my $role ( @{ $claims->{resource_access}{$client}{roles} } ) {
# push @groups, $role . '@' . $client;
# }
# }
# return \@groups;
});
} }
1; 1;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment