const std::string OAuthTokenEndpoint::idTokenPayload(const std::string &clientId,
const std::string &scope,
const User &user)
{
Json::Object root;
root["iss"] = Json::Value(iss_);
root["sub"] = Json::Value(user.id());
root["aud"] = Json::Value(clientId);
WDateTime curTime = WDateTime::currentDateTime();
root["exp"] = Json::Value(static_cast<long long>(curTime.addSecs(idExpSecs_).toTime_t()));
root["iat"] = Json::Value(static_cast<long long>(curTime.toTime_t()));
root["auth_time"] =
Json::Value(boost::lexical_cast<std::string>(
user.lastLoginAttempt().toTime_t()));
return Json::serialize(root);
}
void AuthService::lostPassword(const std::string& emailAddress,
AbstractUserDatabase& users) const
{
/*
* This will check that a user exists in the database, and if so,
* send an email.
*/
User user = users.findWithEmail(emailAddress);
if (user.isValid()) {
std::string random = WRandom::generateId(randomTokenLength());
std::string hash = tokenHashFunction()->compute(random, std::string());
WDateTime expires = WDateTime::currentDateTime();
expires = expires.addSecs(emailTokenValidity() * 60);
Token t(hash, expires);
user.setEmailToken(t, User::LostPassword);
sendLostPasswordMail(emailAddress, user, random);
}
}
