Check if moodle permissions are given

Old users migrating to v2.4.0 use an refreshToken which only gives access to l2p, but not to moodle. Thus, a check of the scopes is added.
RobertKrajewski · Apr 27, 2019 · dc46e36 · dc46e36
1 parent 4f32442
commit dc46e36
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 5 deletions.
diff --git a/include/login.h b/include/login.h
@@ -27,6 +27,7 @@ public slots:
     void getAccess();
     void stopLoginSlot();
     void deleteAccess();
+    void getTokenInfo();
 
 private:
     void postRequest(QUrlQuery &query, QUrl url);

diff --git a/src/login.cpp b/src/login.cpp
@@ -6,6 +6,7 @@
 #include "clientId.h"
 #include "qslog/QsLog.h"
 #include "login.h"
+#include "utils.h"
 
 #define BASEURL QString("https://oauth.campus.rwth-aachen.de/oauth2waitress/oauth2.svc/")
 
@@ -140,6 +141,17 @@ void Login::refreshAccess()
     postRequest(query, url);
 }
 
+void Login::getTokenInfo()
+{
+    QUrlQuery query;
+    query.addQueryItem("client_id", CLIENTID);
+    query.addQueryItem("access_token", accessToken);
+
+    QUrl url(BASEURL + "tokeninfo");
+
+    postRequest(query, url);
+}
+
 void Login::finishedSlot(QNetworkReply *reply)
 {
     QJsonDocument document = QJsonDocument::fromJson(reply->readAll());
@@ -190,19 +202,36 @@ void Login::finishedSlot(QNetworkReply *reply)
         else if(!object["access_token"].toString().isEmpty())
         {
             // Zugriff erneuert
-
             QLOG_DEBUG() << tr("Zugriff durch Refreshtoken erneuert.");
             accessToken = object["access_token"].toString();
 
             QTimer::singleShot(object["expires_in"].toInt() * 1000, this, SLOT(refreshAccess()));
+            QLOG_DEBUG() << tr("Neuer accesstoken: ") << accessToken;
 
-            stopLoginTimer.stop();
-            emit newAccessToken(accessToken);
-            QLOG_DEBUG() << tr("Accesstoken: ") << accessToken;
+            // Check if necessary scopes are given
+            getTokenInfo();
+        }
+        else if(!object["scope"].toString().isEmpty())
+        {
+            auto scopes = object["scope"].toString();
+            QLOG_DEBUG() << tr("Zugriff auf folgende Scopes: ") << scopes;
+            if(scopes.contains("moodle.rwth"))
+            {
+                stopLoginTimer.stop();
+                emit newAccessToken(accessToken);
+            }
+            else
+            {
+                Utils::errorMessageBox(tr("Authorisierung für Moodle fehlt!"),
+                                       tr("Du hast Sync-my-L2P noch nicht die Berechtigung erteilt, "
+                                          "auf Moodle zuzugreifen. Bitte logge dich neu ein."));
+                deleteAccess();
+                getAccess();
+            }
         }
         else
         {
-            QLOG_ERROR() << tr("Status der Antwort ok, aber Antworttyp nicht bekannt.\n")<< object;
+            QLOG_ERROR() << tr("Status der Antwort ok, aber Antworttyp nicht bekannt.\n") << object;
 
             stopLoginSlot();
         }