From f60e417caf60ed45821f4baee72cd0ca318fcae5 Mon Sep 17 00:00:00 2001
From: Martin Fenner <martin.fenner@datacite.org>
Date: Wed, 21 Aug 2019 09:03:33 +0200
Subject: [PATCH] parse oidc-token via post. datacite/datacite#829

---
 app/controllers/sessions_controller.rb | 14 ++++++--------
 config/routes.rb                       |  4 ++--
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index f8dce3597..eda9f4e14 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,5 +1,5 @@
 class SessionsController < ApplicationController
-  def create
+  def create_token
     error_response("Wrong grant type.") && return if safe_params[:grant_type] != "password"
     error_response("Missing account ID or password.") && return if
       safe_params[:username].blank? || safe_params[:username] == "undefined" ||
@@ -14,16 +14,14 @@ def create
     render json: { "access_token" => user.jwt, "expires_in" => 3600 * 24 * 30 }.to_json, status: 200
   end
 
-  def oidc_token
-    credentials = request.headers["x-amzn-oidc-data"]
-    error_response("Missing token.") && return if credentials.blank?
+  def create_oidc_token
+    error_response("Missing token.") && return if
+    safe_params[:token].blank? || safe_params[:token] == "undefined" 
 
-    user = User.new(credentials, type: "oidc")
+    user = User.new(safe_params[:token], type: "oidc")
     error_response(user.errors) && return if user.errors.present?
 
-    response.set_header('access_token', user.jwt)
-    response.set_header('expires_in', 3600 * 24 * 30)
-    render plain: "OK", status: 200
+    render json: { "access_token" => user.jwt, "expires_in" => 3600 * 24 * 30 }.to_json, status: 200
   end
 
   def reset
diff --git a/config/routes.rb b/config/routes.rb
index 68ca273da..a2682febb 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -5,10 +5,10 @@
   root :to => 'index#index'
 
   # authentication
-  post 'token', :to => 'sessions#create'
+  post 'token', :to => 'sessions#create_token'
 
   # authentication via openid connect in load balancer
-  get 'oidc-token', :to => 'sessions#oidc_token'
+  post 'oidc-token', :to => 'sessions#create_oidc_token'
 
   # send reset link
   post 'reset', :to => 'sessions#reset'