malach-it / boruta_auth / 350fa49e102b52eed8d621f54a7efffe0698a4f4-PR-13

defmodule Boruta.Oauth.Request.Base do

  @moduledoc false

  alias Boruta.BasicAuth

  alias Boruta.Oauth.AuthorizationCodeRequest

  alias Boruta.Oauth.ClientCredentialsRequest

  alias Boruta.Oauth.CodeRequest

  alias Boruta.Oauth.HybridRequest

  alias Boruta.Oauth.IntrospectRequest

  alias Boruta.Oauth.PasswordRequest

  alias Boruta.Oauth.PreauthorizationCodeRequest

  alias Boruta.Oauth.PreauthorizedCodeRequest

  alias Boruta.Oauth.RefreshTokenRequest

  alias Boruta.Oauth.RevokeRequest

  alias Boruta.Oauth.SiopV2Request

  alias Boruta.Oauth.TokenRequest

  @spec authorization_header(req_headers :: list()) ::

          {:ok, header :: String.t()}

          | {:error, :no_authorization_header}

  def authorization_header(req_headers) do

    end

  end

    {:ok,

     %ClientCredentialsRequest{

       client_id: params["client_id"],

       client_authentication: client_authentication_from_params(params),

       scope: params["scope"]

     }}

  end

    {:ok,

     %PasswordRequest{

       client_id: params["client_id"],

       client_authentication: client_authentication_from_params(params),

       username: params["username"],

       password: params["password"],

       scope: params["scope"]

     }}

  end

    {:ok,

     %AuthorizationCodeRequest{

       client_id: params["client_id"],

       client_authentication: client_authentication_from_params(params),

       code: params["code"],

       redirect_uri: params["redirect_uri"],

       code_verifier: params["code_verifier"]

     }}

  end

        %{"grant_type" => "urn:ietf:params:oauth:grant-type:pre-authorized_code"} = params

      ) do

    {:ok,

     %PreauthorizationCodeRequest{

       preauthorized_code: params["pre-authorized_code"],

       code_verifier: params["code_verifier"]

     }}

  end

        %{"response_type" => "urn:ietf:params:oauth:response-type:pre-authorized_code"} = params

      ) do

    {:ok,

     %PreauthorizedCodeRequest{

       client_id: params["client_id"],

       redirect_uri: params["redirect_uri"],

       resource_owner: params["resource_owner"],

       state: params["state"],

       prompt: params["prompt"],

       scope: params["scope"]

     }}

  end

    {:ok,

     %RefreshTokenRequest{

       client_id: params["client_id"],

       client_authentication: client_authentication_from_params(params),

       refresh_token: params["refresh_token"],

       scope: params["scope"]

     }}

  end

  def build_request(%{"response_type" => "code", "client_metadata" => client_metadata} = params) do

      client_id: params["client_id"],

      redirect_uri: params["redirect_uri"],

      state: params["state"],

      nonce: params["nonce"],

      prompt: params["prompt"],

      code_challenge: params["code_challenge"],

      code_challenge_method: params["code_challenge_method"],

      scope: params["scope"],

      client_metadata: client_metadata

    }

      case params["authorization_details"] do

      end

    {:ok, request}

  end

  def build_request(%{"response_type" => "code"} = params) do

      client_id: params["client_id"],

      redirect_uri: params["redirect_uri"],

      resource_owner: params["resource_owner"],

      state: params["state"],

      nonce: params["nonce"],

      prompt: params["prompt"],

      code_challenge: params["code_challenge"],

      code_challenge_method: params["code_challenge_method"],

      scope: params["scope"]

    }

      case params["authorization_details"] do

      end

    {:ok, request}

  end

    {:ok,

     %IntrospectRequest{

       client_id: params["client_id"],

       client_authentication: client_authentication_from_params(params),

       token: params["token"]

     }}

  end

  def build_request(%{"response_type" => response_type} = params) do

      true ->

          client_id: params["client_id"],

          code_challenge: params["code_challenge"],

          code_challenge_method: params["code_challenge_method"],

          nonce: params["nonce"],

          prompt: params["prompt"],

          redirect_uri: params["redirect_uri"],

          resource_owner: params["resource_owner"],

          response_mode: params["response_mode"],

          response_types: response_types,

          scope: params["scope"],

          state: params["state"]

        }

          case params["authorization_details"] do

          end

        {:ok, request}

        {:ok,

         %TokenRequest{

           client_id: params["client_id"],

           nonce: params["nonce"],

           prompt: params["prompt"],

           redirect_uri: params["redirect_uri"],

           resource_owner: params["resource_owner"],

           response_types: response_types,

           scope: params["scope"],

           state: params["state"]

         }}

    end

  end

  # revoke request

    {:ok,

     %RevokeRequest{

       client_id: params["client_id"],

       client_authentication: client_authentication_from_params(params),

       token: params["token"],

       token_type_hint: params["token_type_hint"]

     }}

  end

  def fetch_unsigned_request(%{query_params: %{"request" => request}}) do

        {:ok, params}

        {:error, "Unsigned request jwt param is malformed."}

    end

  end

  def fetch_unsigned_request(%{query_params: %{"request_uri" => request_uri}}) do

           Finch.build(:get, request_uri) |> Finch.request(OpenIDHttpClient),

      {:ok, params}

    else

      _ ->

        {:error, "Could not fetch unsigned request parameter from given URI."}

    end

  end

  def fetch_unsigned_request(%{body_params: %{"request" => request}}) do

        {:ok, params}

        {:error, "Unsigned request jwt param is malformed."}

    end

  end

  def fetch_unsigned_request(%{body_params: %{"request_uri" => request_uri}}) do

           Finch.build(:get, request_uri) |> Finch.request(OpenIDHttpClient),

      {:ok, params}

    else

      _ ->

        {:error, "Could not fetch unsigned request parameter from given URI."}

    end

  end

    {:ok, %{}}

  end

  def fetch_client_authentication(%{

        query_params: %{

          "client_assertion_type" => "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",

          "client_assertion" => client_assertion

        }

      }) do

      {:ok, claims} ->

            "client_id" => claims["sub"],

            "client_authentication" => %{"type" => "jwt", "value" => client_assertion}

          }

          {:ok, client_authentication_params}

        end

        {:error, "Could not decode client assertion JWT."}

    end

  end

  def fetch_client_authentication(%{

        body_params: %{

          "client_assertion_type" => "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",

          "client_assertion" => client_assertion

        }

      }) do

      {:ok, claims} ->

            "client_id" => claims["sub"],

            "client_authentication" => %{"type" => "jwt", "value" => client_assertion}

          }

          {:ok, client_authentication_params}

        end

        {:error, "Could not decode client assertion JWT."}

    end

  end

  def fetch_client_authentication(%{

        req_headers: req_headers,

        body_params: %{} = body_params

      }) do

        "client_id" => client_id,

        "client_authentication" => %{"type" => "basic", "value" => client_secret}

      }

      {:ok, client_authentication_params}

    else

      {:error, :no_authorization_header} ->

          {:ok,

           %{

             "client_authentication" => %{

               "type" => "post",

               "value" => body_params["client_secret"]

             }

           }}

        rescue

            {:error, "No client authentication method found in request."}

        end

      {:error, reason} ->

        {:error, reason}

    end

  end

    do: {:error, "Client assertion iss claim not found in client assertion JWT."}

  defp check_audience(%{"aud" => aud}) do

        :ok

        {:error,

    end

  end

    do: {:error, "Client assertion aud claim not found in client assertion JWT."}

    do: {:error, "Client assertion exp claim not found in client assertion JWT."}

  defp client_authentication_from_params(%{"client_authentication" => client_authentication}) do

  end

end