Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
D
dex
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
go
dex
Commits
84784993
Commit
84784993
authored
May 17, 2016
by
Bobby Rullo
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Revert "Fix response_type missing param"
This reverts commit
821b242c
.
parent
b29deb73
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
39 additions
and
94 deletions
+39
-94
http.go
server/http.go
+39
-71
http_test.go
server/http_test.go
+0
-23
No files found.
server/http.go
View file @
84784993
...
@@ -255,7 +255,7 @@ func renderLoginPage(w http.ResponseWriter, r *http.Request, srv OIDCServer, idp
...
@@ -255,7 +255,7 @@ func renderLoginPage(w http.ResponseWriter, r *http.Request, srv OIDCServer, idp
v
:=
r
.
URL
.
Query
()
v
:=
r
.
URL
.
Query
()
v
.
Set
(
"connector_id"
,
idpc
.
ID
())
v
.
Set
(
"connector_id"
,
idpc
.
ID
())
v
.
Set
(
"response_type"
,
q
.
Get
(
"response_type"
)
)
v
.
Set
(
"response_type"
,
"code"
)
link
.
URL
=
httpPathAuth
+
"?"
+
v
.
Encode
()
link
.
URL
=
httpPathAuth
+
"?"
+
v
.
Encode
()
td
.
Links
=
append
(
td
.
Links
,
link
)
td
.
Links
=
append
(
td
.
Links
,
link
)
}
}
...
@@ -273,92 +273,77 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
...
@@ -273,92 +273,77 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
}
}
q
:=
r
.
URL
.
Query
()
q
:=
r
.
URL
.
Query
()
register
:=
q
.
Get
(
"register"
)
==
"1"
&&
registrationEnabled
e
:=
q
.
Get
(
"error"
)
if
e
!=
""
{
sessionKey
:=
q
.
Get
(
"state"
)
if
err
:=
srv
.
KillSession
(
sessionKey
);
err
!=
nil
{
log
.
Errorf
(
"Failed killing sessionKey %q: %v"
,
sessionKey
,
err
)
}
renderLoginPage
(
w
,
r
,
srv
,
idpcs
,
register
,
tpl
)
return
}
// Retrieve client id
connectorID
:=
q
.
Get
(
"connector_id"
)
clientid
:=
q
.
Get
(
"client_id"
)
idpc
,
ok
:=
idx
[
connectorID
]
if
!
ok
{
// Retrieve state
renderLoginPage
(
w
,
r
,
srv
,
idpcs
,
register
,
tpl
)
state
:=
q
.
Get
(
"state"
)
// Retrieve response_type
responseType
:=
q
.
Get
(
"response_type"
)
// Retrieve scopes
qscope
:=
strings
.
Fields
(
q
.
Get
(
"scope"
))
// Check client ID param
if
clientid
==
""
{
log
.
Errorf
(
"Invalid auth request: no client_id received"
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
state
)
return
return
}
}
// Check redirect_uri param, but if it's empty we don't return any error here
acr
,
err
:=
oauth2
.
ParseAuthCodeRequest
(
q
)
qru
:=
q
.
Get
(
"redirect_uri"
)
var
rURL
*
url
.
URL
if
qru
!=
""
{
ru
,
err
:=
url
.
Parse
(
qru
)
if
err
!=
nil
{
if
err
!=
nil
{
log
.
Errorf
(
"Invalid auth request: %v"
,
err
)
log
.
Errorf
(
"Invalid auth request: %v"
,
err
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
s
tate
)
writeAuthError
(
w
,
err
,
acr
.
S
tate
)
return
return
}
}
rURL
=
ru
}
cm
,
err
:=
srv
.
ClientMetadata
(
clientid
)
cm
,
err
:=
srv
.
ClientMetadata
(
acr
.
ClientID
)
if
err
!=
nil
{
if
err
!=
nil
{
log
.
Errorf
(
"Failed fetching client %q from repo: %v"
,
clientid
,
err
)
log
.
Errorf
(
"Failed fetching client %q from repo: %v"
,
acr
.
ClientID
,
err
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorServerError
),
s
tate
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorServerError
),
acr
.
S
tate
)
return
return
}
}
if
cm
==
nil
{
if
cm
==
nil
{
log
.
Errorf
(
"Client %q not found"
,
clientid
)
log
.
Errorf
(
"Client %q not found"
,
acr
.
ClientID
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
s
tate
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
acr
.
S
tate
)
return
return
}
}
if
len
(
cm
.
RedirectURIs
)
==
0
{
if
len
(
cm
.
RedirectURIs
)
==
0
{
log
.
Errorf
(
"Client %q has no redirect URLs"
,
clientid
)
log
.
Errorf
(
"Client %q has no redirect URLs"
,
acr
.
ClientID
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorServerError
),
s
tate
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorServerError
),
acr
.
S
tate
)
return
return
}
}
redirectURL
,
err
:=
client
.
ValidRedirectURL
(
r
URL
,
cm
.
RedirectURIs
)
redirectURL
,
err
:=
client
.
ValidRedirectURL
(
acr
.
Redirect
URL
,
cm
.
RedirectURIs
)
if
err
!=
nil
{
if
err
!=
nil
{
switch
err
{
switch
err
{
case
(
client
.
ErrorCantChooseRedirectURL
)
:
case
(
client
.
ErrorCantChooseRedirectURL
)
:
log
.
Errorf
(
"Request must provide redirect URL as client %q has registered many"
,
clientid
)
log
.
Errorf
(
"Request must provide redirect URL as client %q has registered many"
,
acr
.
ClientID
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
s
tate
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
acr
.
S
tate
)
return
return
case
(
client
.
ErrorInvalidRedirectURL
)
:
case
(
client
.
ErrorInvalidRedirectURL
)
:
log
.
Errorf
(
"Request provided unregistered redirect URL: %s"
,
r
URL
)
log
.
Errorf
(
"Request provided unregistered redirect URL: %s"
,
acr
.
Redirect
URL
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
s
tate
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
acr
.
S
tate
)
return
return
case
(
client
.
ErrorNoValidRedirectURLs
)
:
case
(
client
.
ErrorNoValidRedirectURLs
)
:
log
.
Errorf
(
"There are no registered URLs for the requested client: %s"
,
rURL
)
log
.
Errorf
(
"There are no registered URLs for the requested client: %s"
,
acr
.
RedirectURL
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
state
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
acr
.
State
)
return
default
:
log
.
Errorf
(
"Unexpected error checking redirect URL for client %q: %v"
,
clientid
,
err
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorServerError
),
state
)
return
return
}
}
}
}
// Response type check
if
acr
.
ResponseType
!=
oauth2
.
ResponseTypeCode
{
switch
responseType
{
log
.
Errorf
(
"unexpected ResponseType: %v: "
,
acr
.
ResponseType
)
case
"code"
:
// Add more cases as we support more response types
redirectAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorUnsupportedResponseType
),
acr
.
State
,
redirectURL
)
default
:
log
.
Errorf
(
"Invalid auth request: unsupported response_type"
)
redirectAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorUnsupportedResponseType
),
state
,
redirectURL
)
return
return
}
}
// Check scopes.
// Check scopes.
var
scopes
[]
string
var
scopes
[]
string
foundOpenIDScope
:=
false
foundOpenIDScope
:=
false
for
_
,
scope
:=
range
qs
cope
{
for
_
,
scope
:=
range
acr
.
S
cope
{
switch
scope
{
switch
scope
{
case
"openid"
:
case
"openid"
:
foundOpenIDScope
=
true
foundOpenIDScope
=
true
...
@@ -379,33 +364,16 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
...
@@ -379,33 +364,16 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
if
!
foundOpenIDScope
{
if
!
foundOpenIDScope
{
log
.
Errorf
(
"Invalid auth request: missing 'openid' in 'scope'"
)
log
.
Errorf
(
"Invalid auth request: missing 'openid' in 'scope'"
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
state
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
acr
.
State
)
return
}
register
:=
q
.
Get
(
"register"
)
==
"1"
&&
registrationEnabled
e
:=
q
.
Get
(
"error"
)
if
e
!=
""
{
if
err
:=
srv
.
KillSession
(
state
);
err
!=
nil
{
log
.
Errorf
(
"Failed killing sessionKey %q: %v"
,
state
,
err
)
}
renderLoginPage
(
w
,
r
,
srv
,
idpcs
,
register
,
tpl
)
return
}
connectorID
:=
q
.
Get
(
"connector_id"
)
idpc
,
ok
:=
idx
[
connectorID
]
if
!
ok
{
renderLoginPage
(
w
,
r
,
srv
,
idpcs
,
register
,
tpl
)
return
return
}
}
nonce
:=
q
.
Get
(
"nonce"
)
nonce
:=
q
.
Get
(
"nonce"
)
key
,
err
:=
srv
.
NewSession
(
connectorID
,
clientid
,
state
,
redirectURL
,
nonce
,
register
,
qs
cope
)
key
,
err
:=
srv
.
NewSession
(
connectorID
,
acr
.
ClientID
,
acr
.
State
,
redirectURL
,
nonce
,
register
,
acr
.
S
cope
)
if
err
!=
nil
{
if
err
!=
nil
{
log
.
Errorf
(
"Error creating new session: %v: "
,
err
)
log
.
Errorf
(
"Error creating new session: %v: "
,
err
)
redirectAuthError
(
w
,
err
,
s
tate
,
redirectURL
)
redirectAuthError
(
w
,
err
,
acr
.
S
tate
,
redirectURL
)
return
return
}
}
...
@@ -431,7 +399,7 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
...
@@ -431,7 +399,7 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
lu
,
err
:=
idpc
.
LoginURL
(
key
,
p
)
lu
,
err
:=
idpc
.
LoginURL
(
key
,
p
)
if
err
!=
nil
{
if
err
!=
nil
{
log
.
Errorf
(
"Connector.LoginURL failed: %v"
,
err
)
log
.
Errorf
(
"Connector.LoginURL failed: %v"
,
err
)
redirectAuthError
(
w
,
err
,
s
tate
,
redirectURL
)
redirectAuthError
(
w
,
err
,
acr
.
S
tate
,
redirectURL
)
return
return
}
}
...
...
server/http_test.go
View file @
84784993
...
@@ -175,29 +175,6 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
...
@@ -175,29 +175,6 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
},
},
wantCode
:
http
.
StatusBadRequest
,
wantCode
:
http
.
StatusBadRequest
,
},
},
// empty response_type
{
query
:
url
.
Values
{
"redirect_uri"
:
[]
string
{
"http://client.example.com/callback"
},
"client_id"
:
[]
string
{
"XXX"
},
"connector_id"
:
[]
string
{
"fake"
},
"scope"
:
[]
string
{
"openid"
},
},
wantCode
:
http
.
StatusFound
,
wantLocation
:
"http://client.example.com/callback?error=unsupported_response_type&state="
,
},
// empty client_id
{
query
:
url
.
Values
{
"response_type"
:
[]
string
{
"code"
},
"redirect_uri"
:
[]
string
{
"http://unrecognized.example.com/callback"
},
"connector_id"
:
[]
string
{
"fake"
},
"scope"
:
[]
string
{
"openid"
},
},
wantCode
:
http
.
StatusBadRequest
,
},
}
}
for
i
,
tt
:=
range
tests
{
for
i
,
tt
:=
range
tests
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment