Module: Legion::API::Routes::AuthTeams
- Defined in:
- lib/legion/api/auth_teams.rb
Defined Under Namespace
Modules: TeamsTokenHelper
Class Attribute Summary collapse
-
.mutex ⇒ Object
readonly
Returns the value of attribute mutex.
-
.pending ⇒ Object
readonly
Returns the value of attribute pending.
Class Method Summary collapse
- .register_authorize(app) ⇒ Object
- .register_callback(app) ⇒ Object
- .register_status(app) ⇒ Object
- .register_store_helper(app) ⇒ Object
- .registered(app) ⇒ Object
Class Attribute Details
.mutex ⇒ Object (readonly)
Returns the value of attribute mutex.
14 15 16 |
# File 'lib/legion/api/auth_teams.rb', line 14 def mutex @mutex end |
.pending ⇒ Object (readonly)
Returns the value of attribute pending.
14 15 16 |
# File 'lib/legion/api/auth_teams.rb', line 14 def pending @pending end |
Class Method Details
.register_authorize(app) ⇒ Object
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/legion/api/auth_teams.rb', line 24 def self.(app) app.post '/api/auth/teams/authorize' do teams_settings = Legion::Settings[:microsoft_teams] || {} auth_settings = teams_settings[:auth] || {} tenant_id = teams_settings[:tenant_id] || auth_settings[:tenant_id] client_id = teams_settings[:client_id] || auth_settings[:client_id] halt 422, json_error('missing_config', 'microsoft_teams.tenant_id and client_id required', status_code: 422) unless tenant_id && client_id body = parse_request_body delegated = auth_settings[:delegated] || {} scopes = body[:scopes] || delegated[:scopes] || 'OnlineMeetings.Read OnlineMeetingTranscript.Read.All offline_access' state = SecureRandom.hex(32) verifier = SecureRandom.urlsafe_base64(32) challenge = Base64.urlsafe_encode64( Digest::SHA256.digest(verifier), padding: false ) port = Legion::Settings.dig(:api, :port) || 4567 redirect_uri = "http://127.0.0.1:#{port}/api/auth/teams/callback" = "https://login.microsoftonline.com/#{tenant_id}/oauth2/v2.0/authorize?" \ "client_id=#{client_id}&response_type=code&redirect_uri=#{::URI.encode_www_form_component(redirect_uri)}" \ "&scope=#{::URI.encode_www_form_component(scopes)}" \ "&state=#{state}&code_challenge=#{challenge}&code_challenge_method=S256" AuthTeams.mutex.synchronize do AuthTeams.pending[state] = { verifier: verifier, created_at: Time.now, result: nil, tenant_id: tenant_id, client_id: client_id, redirect_uri: redirect_uri, scopes: scopes } end json_response({ authorize_url: , state: state }) end end |
.register_callback(app) ⇒ Object
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/legion/api/auth_teams.rb', line 80 def self.register_callback(app) app.get '/api/auth/teams/callback' do code = params[:code] state = params[:state] error = params[:error] entry = AuthTeams.mutex.synchronize { AuthTeams.pending[state] } if error || !entry msg = error || 'unknown state' AuthTeams.mutex.synchronize { entry[:result] = { authenticated: false, error: msg } } if entry content_type :html return '<html><body><h2>Authentication failed.</h2><p>You can close this tab.</p></body></html>' end # Exchange code for token require 'net/http' token_uri = ::URI.parse("https://login.microsoftonline.com/#{entry[:tenant_id]}/oauth2/v2.0/token") token_response = ::Net::HTTP.post_form(token_uri, { 'client_id' => entry[:client_id], 'grant_type' => 'authorization_code', 'code' => code, 'redirect_uri' => entry[:redirect_uri], 'code_verifier' => entry[:verifier], 'scope' => entry[:scopes] }) token_body = Legion::JSON.load(token_response.body) if token_body[:access_token] # Store token via TokenCache if available store_teams_token(token_body, entry[:scopes]) AuthTeams.mutex.synchronize { entry[:result] = { authenticated: true } } content_type :html '<html><body><h2>Authentication successful!</h2><p>You can close this tab.</p></body></html>' else err = token_body[:error_description] || token_body[:error] || 'token exchange failed' Legion::Logging.error "Teams OAuth token exchange failed: #{err}" if defined?(Legion::Logging) AuthTeams.mutex.synchronize { entry[:result] = { authenticated: false, error: err } } content_type :html "<html><body><h2>Authentication failed.</h2><p>#{err}</p></body></html>" end rescue StandardError => e Legion::Logging.error "Teams OAuth callback error: #{e.}" if defined?(Legion::Logging) AuthTeams.mutex.synchronize { entry[:result] = { authenticated: false, error: e. } } if entry content_type :html '<html><body><h2>Authentication error.</h2><p>Check daemon logs.</p></body></html>' end end |
.register_status(app) ⇒ Object
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/legion/api/auth_teams.rb', line 63 def self.register_status(app) app.get '/api/auth/teams/status' do state = params[:state] halt 422, json_error('missing_state', 'state parameter required', status_code: 422) unless state entry = AuthTeams.mutex.synchronize { AuthTeams.pending[state] } halt 404, json_error('unknown_state', 'no pending auth for this state', status_code: 404) unless entry if entry[:result] AuthTeams.mutex.synchronize { AuthTeams.pending.delete(state) } json_response(entry[:result]) else json_response({ authenticated: false, waiting: true }) end end end |
.register_store_helper(app) ⇒ Object
147 148 149 |
# File 'lib/legion/api/auth_teams.rb', line 147 def self.register_store_helper(app) app.helpers TeamsTokenHelper end |
.registered(app) ⇒ Object
17 18 19 20 21 22 |
# File 'lib/legion/api/auth_teams.rb', line 17 def self.registered(app) register_store_helper(app) (app) register_status(app) register_callback(app) end |