Merge pull request #252 from arcivanov/issue_251

Lifecycle hooks
zmartzone · Mar 19, 2019 · b8277e2 · b8277e2
2 parents 1e92cce + 8882814
commit b8277e2
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 1 deletion.
diff --git a/ChangeLog b/ChangeLog
@@ -3,6 +3,10 @@
   see #253, #254; thanks @arcivanov
 - fixed a few additional cases of using global symbols detected by lualint
 
+03/15/2019
+- allow to tap into authentication workflow by providing an option
+  to specify lifecycle hooks via `opts.lifecycle`
+
 03/07/2019
 - made the checks for certain HTTP headers handle the case where
   multiple headers exist; thanks @ci42

diff --git a/README.md b/README.md
@@ -206,6 +206,26 @@ h2JHukolz9xf6qN61QMLSd83+kwoBr2drp6xg3eGDLIkQCQLrkY=
              --    https_proxy = "http://<proxy_host>:<proxy_port>/"
              -- }
 
+             -- Lifecycle Hooks
+             -- 
+             -- lifecycle = {
+             --    on_created = handle_created,
+             --    on_authenticated = handle_authenticated,
+             --    on_logout = handle_logout
+             -- }
+             -- 
+             -- where `handle_created`, `handle_authenticated` and `handle_logout` are callables
+             -- accepting a single argument `session`
+             --
+             --  -- `on_created` hook is invoked *after* a session has been created in 
+             --     `openidc_authorize` immediately prior to saving the session
+             --  -- `on_authenticated` hook is invoked *after* receiving authorization response in
+             --     `openidc_authorization_response` immediately prior to saving the session
+             --  -- `on_logout` hook is invoked *before* a session is destroyed in
+             --     `openidc_logout`
+             --
+             --  Any, all or none of the hooks may be used. Empty `lifecycle` does nothing.
+             
              -- Optional : add decorator for HTTP request that is
              -- applied when lua-resty-openidc talks to the OpenID Connect
              -- provider directly. Can be used to provide extra HTTP headers

diff --git a/lib/resty/openidc.lua b/lib/resty/openidc.lua
@@ -350,6 +350,11 @@ local function openidc_authorize(opts, session, target_url, prompt)
   session.data.state = state
   session.data.nonce = nonce
   session.data.last_authenticated = ngx.time()
+
+  if opts.lifecycle and opts.lifecycle.on_created then
+    opts.lifecycle.on_created(session)
+  end
+
   session:save()
 
   -- redirect to the /authorization endpoint
@@ -1134,6 +1139,10 @@ local function openidc_authorization_response(opts, session)
     end
   end
 
+  if opts.lifecycle and opts.lifecycle.on_authenticated then
+    opts.lifecycle.on_authenticated(session)
+  end
+
   -- save the session with the obtained id_token
   session:save()
 
@@ -1188,6 +1197,11 @@ local function openidc_logout(opts, session)
   local session_token = session.data.enc_id_token
   local access_token = session.data.access_token
   local refresh_token = session.data.refresh_token
+
+  if opts.lifecycle and opts.lifecycle.on_logout then
+    opts.lifecycle.on_logout(session)
+  end
+
   session:destroy()
 
   if opts.revoke_tokens_on_logout then

diff --git a/tests/spec/userinfo_spec.lua b/tests/spec/userinfo_spec.lua
@@ -62,7 +62,7 @@ describe("when userinfo endpoint is not resolvable", function()
   })
   teardown(test_support.stop_server)
   local _, status = test_support.login()
-  it("login aucceeds", function()
+  it("login succeeds", function()
     assert.are.equals(302, status)
   end)
   it("an error has been logged", function()