mirror of
https://github.com/opf/openproject.git
synced 2026-06-13 19:20:00 +00:00
Jan Sandbrink
d1e2099dd5
Allowing OAuth clients to discover automatically how the OAuth authorization server integrated into OpenProject is behaving.
87 lines
2.8 KiB
Ruby
87 lines
2.8 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
#-- copyright
|
|
# OpenProject is an open source project management software.
|
|
# Copyright (C) the OpenProject GmbH
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License version 3.
|
|
#
|
|
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
|
|
# Copyright (C) 2006-2013 Jean-Philippe Lang
|
|
# Copyright (C) 2010-2013 the ChiliProject Team
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License
|
|
# as published by the Free Software Foundation; either version 2
|
|
# of the License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
#
|
|
# See COPYRIGHT and LICENSE files for more details.
|
|
#++
|
|
|
|
class OAuthMetadataController < ApplicationController
|
|
no_authorization_required! :authorization_server, :protected_resource
|
|
|
|
skip_before_action :check_if_login_required
|
|
|
|
def authorization_server
|
|
grant_types = Doorkeeper.configuration.grant_flows
|
|
grant_types += ["refresh_token"] if Doorkeeper.configuration.refresh_token_enabled?
|
|
render json: {
|
|
issuer: local_issuer,
|
|
authorization_endpoint: oauth_authorization_url,
|
|
token_endpoint: oauth_token_url,
|
|
introspection_endpoint: oauth_introspect_url,
|
|
scopes_supported: Doorkeeper.configuration.scopes.to_a,
|
|
response_types_supported: response_types(Doorkeeper.configuration.grant_flows),
|
|
grant_types_supported: grant_types,
|
|
service_documentation: OpenProject::Static::Links.url_for(:oauth_applications)
|
|
}
|
|
end
|
|
|
|
def protected_resource
|
|
render json: {
|
|
resource: resource_url,
|
|
resource_name: Setting.app_title,
|
|
authorization_servers:,
|
|
scopes_supported: OpenProject::Authentication::Scope.values,
|
|
bearer_methods_supported: ["header"],
|
|
resource_documentation: OpenProject::Static::Links.url_for(:api_docs)
|
|
}
|
|
end
|
|
|
|
private
|
|
|
|
def response_types(grant_types)
|
|
grant_types.filter_map do |grant|
|
|
case grant
|
|
when "authorization_code"
|
|
"code"
|
|
when "implicit"
|
|
"token"
|
|
end
|
|
end
|
|
end
|
|
|
|
def authorization_servers
|
|
OpenIDConnect::Provider.where(available: true).map(&:issuer) + [local_issuer]
|
|
end
|
|
|
|
def instance_base_url
|
|
"http#{'s' if request.ssl?}://#{Setting.host_name}"
|
|
end
|
|
|
|
alias resource_url instance_base_url
|
|
|
|
alias local_issuer instance_base_url
|
|
end
|