fix(auth): use appsettings for azure tenant id; refactor azure lookup url methods
This commit is contained in:
Sarah Vaupel
parent
dc701e5c49
commit
7a510b315d
@ -3,6 +3,7 @@
|
||||
-- SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
{-# OPTIONS_GHC -fno-warn-orphans #-}
|
||||
{-# OPTIONS_GHC -fno-warn-redundant-constraints #-}
|
||||
|
||||
module Auth.OAuth2
|
||||
( apAzure
|
||||
@ -152,12 +153,13 @@ instance Exception UserDataException
|
||||
queryOAuth2User :: forall j m.
|
||||
( FromJSON j
|
||||
, MonadHandler m
|
||||
, HasAppSettings (HandlerSite m)
|
||||
, MonadThrow m
|
||||
)
|
||||
=> Text -- ^ User identifier (arbitrary needle)
|
||||
-> m (Either UserDataException j)
|
||||
queryOAuth2User userID = runExceptT $ do
|
||||
(queryUrl, tokenUrl) <- liftIO mkBaseUrls
|
||||
(queryUrl, tokenUrl) <- mkBaseUrls
|
||||
req <- parseRequest $ "GET " ++ queryUrl ++ unpack userID
|
||||
mTokens <- lookupSessionJson SessionOAuth2Token
|
||||
unless (isJust mTokens) . throwE $ UserDataInternalException "Tried to load session Oauth2 tokens, but there are none"
|
||||
@ -177,14 +179,14 @@ queryOAuth2User userID = runExceptT $ do
|
||||
Right x -> return x
|
||||
|
||||
|
||||
mkBaseUrls :: IO (String, String)
|
||||
mkBaseUrls :: (MonadHandler m, HasAppSettings (HandlerSite m)) => m (String, String)
|
||||
mkBaseUrls = do
|
||||
# ifndef DEVELOPMENT
|
||||
Just tenantID <- lookupEnv "AZURE_TENANT_ID"
|
||||
tenantID <- fmap (maybe (throwM $ UserDataInternalException "Could not determine tenant ID from current app configuration") show) . getsYesod . preview $ _appUserAuthConf . _userAuthConfSingleSource . _AuthSourceConfAzureAdV2 . _azureConfTenantId
|
||||
return ( "https://graph.microsoft.com/v1.0/users/"
|
||||
, "https://login.microsoftonline.com/" ++ tenantID ++ "/oauth2/v2.0" )
|
||||
# else
|
||||
Just port <- lookupEnv "OAUTH2_SERVER_PORT"
|
||||
port :: String <- liftIO $ maybe (throwM $ UserDataInternalException "Development environment variable OAUTH2_SERVER_PORT is unset") id <$> lookupEnv "OAUTH2_SERVER_PORT"
|
||||
let base = "http://localhost:" ++ port
|
||||
return ( base ++ "/users/query?id="
|
||||
, base ++ "/token" )
|
||||
|
||||
Loading…
Reference in New Issue
Block a user