|
@@ -20,7 +20,8 @@ var (
|
|
|
)
|
|
)
|
|
|
|
|
|
|
|
type oauth2State struct {
|
|
type oauth2State struct {
|
|
|
- provider *oauth2.Config
|
|
|
|
|
|
|
+ providerConfig *oauth2.Config
|
|
|
|
|
+ providerName string
|
|
|
Username string
|
|
Username string
|
|
|
Usergroup string
|
|
Usergroup string
|
|
|
}
|
|
}
|
|
@@ -116,17 +117,18 @@ func handleOAuthLogin(w http.ResponseWriter, r *http.Request) {
|
|
|
providerName := r.URL.Query().Get("provider")
|
|
providerName := r.URL.Query().Get("provider")
|
|
|
provider, err := getOAuth2Config(cfg, providerName)
|
|
provider, err := getOAuth2Config(cfg, providerName)
|
|
|
|
|
|
|
|
- registeredStates[state] = &oauth2State{
|
|
|
|
|
- provider: provider,
|
|
|
|
|
- Username: "",
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
if err != nil {
|
|
if err != nil {
|
|
|
log.Errorf("Failed to get provider config: %v %v", providerName, err)
|
|
log.Errorf("Failed to get provider config: %v %v", providerName, err)
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
return
|
|
return
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ registeredStates[state] = &oauth2State{
|
|
|
|
|
+ providerConfig: provider,
|
|
|
|
|
+ providerName: providerName,
|
|
|
|
|
+ Username: "",
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
setOauthCallbackCookie(w, r, "olivetin-sid-oauth", state)
|
|
setOauthCallbackCookie(w, r, "olivetin-sid-oauth", state)
|
|
|
|
|
|
|
|
log.Infof("OAuth2 state: %v mapped to provider %v (found: %v), now redirecting", state, providerName, provider != nil)
|
|
log.Infof("OAuth2 state: %v mapped to provider %v (found: %v), now redirecting", state, providerName, provider != nil)
|
|
@@ -183,7 +185,7 @@ func handleOAuthCallback(w http.ResponseWriter, r *http.Request) {
|
|
|
ctx := context.Background()
|
|
ctx := context.Background()
|
|
|
ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
|
|
ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
|
|
|
|
|
|
|
|
- tok, err := registeredState.provider.Exchange(ctx, code)
|
|
|
|
|
|
|
+ tok, err := registeredState.providerConfig.Exchange(ctx, code)
|
|
|
|
|
|
|
|
if err != nil {
|
|
if err != nil {
|
|
|
log.Errorf("Failed to exchange code: %v", err)
|
|
log.Errorf("Failed to exchange code: %v", err)
|
|
@@ -191,9 +193,9 @@ func handleOAuthCallback(w http.ResponseWriter, r *http.Request) {
|
|
|
return
|
|
return
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- client := registeredState.provider.Client(ctx, tok)
|
|
|
|
|
|
|
+ client := registeredState.providerConfig.Client(ctx, tok)
|
|
|
|
|
|
|
|
- username := getUsername(client)
|
|
|
|
|
|
|
+ username := getUsername(client, cfg.AuthOAuth2Providers[registeredState.providerName])
|
|
|
|
|
|
|
|
registeredStates[state].Username = username
|
|
registeredStates[state].Username = username
|
|
|
|
|
|
|
@@ -211,9 +213,7 @@ func handleOAuthCallback(w http.ResponseWriter, r *http.Request) {
|
|
|
w.Write([]byte(loginMessage))
|
|
w.Write([]byte(loginMessage))
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-func getUsername(client *http.Client) string {
|
|
|
|
|
- provider := cfg.AuthOAuth2Providers["github"]
|
|
|
|
|
-
|
|
|
|
|
|
|
+func getUsername(client *http.Client, provider *config.OAuth2Provider) string {
|
|
|
res, err := client.Get(provider.WhoamiUrl)
|
|
res, err := client.Get(provider.WhoamiUrl)
|
|
|
|
|
|
|
|
if res.StatusCode != http.StatusOK {
|
|
if res.StatusCode != http.StatusOK {
|