From 9b267c499709472cd20d95df76b53fc6c571e797 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 12 Mar 2025 16:15:20 -0600
Subject: feat: require a login before authorizing an auth grant

---
 bin/ui | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

(limited to 'bin/ui')

diff --git a/bin/ui b/bin/ui
index c459c4b..9f6f9eb 100755
--- a/bin/ui
+++ b/bin/ui
@@ -20,6 +20,8 @@ $port = ENV.fetch("PORT", 8283).to_i
 $host = ENV.fetch("HOST", "localhost:#{$port}")
 $idp_host = ENV.fetch("IDP_HOST", "localhost:8282")
 
+Net::Hippie.logger = Logger.new($stdout, level: :debug)
+
 class OnDemandRegistry < Saml::Kit::DefaultRegistry
   def metadata_for(entity_id)
     found = super(entity_id)
@@ -90,16 +92,25 @@ class UI
   end
 
   def oauth_callback(request)
-    response = Net::Hippie.default_client.post(
-      "http://#{$idp_host}/oauth/token",
-      headers: { 'Authorization' => Net::Hippie.basic_auth('client_id', 'secret') },
-      body: {
-        grant_type: "authorization_code",
-        code: request.params['code'],
-        code_verifier: "not_implemented"
-      }
-    )
-    [200, { "Content-Type" => "application/json" }, [JSON.pretty_generate(request.params.merge(JSON.parse(response.body)))]]
+    client = Net::Hippie::Client.new
+    response = client.with_retry do |x|
+      client.post(
+        "http://#{$idp_host}/oauth/token",
+        headers: { 'Authorization' => Net::Hippie.basic_auth('client_id', 'secret') },
+        body: {
+          grant_type: "authorization_code",
+          code: request.params['code'],
+          code_verifier: "not_implemented"
+        }
+      )
+    end
+    if response.code.to_i == 200
+      [200, { "Content-Type" => "application/json" }, [JSON.pretty_generate(
+        request.params.merge(JSON.parse(response.body))
+      )]]
+    else
+      [response.code, response.header, [response.body]]
+    end
   end
 
   def saml_post_to_idp(request)
-- 
cgit v1.2.3