Permalink
Browse files

oauth2: Use html templates in fallback endpoints (#1202)

Signed-off-by: aeneasr <aeneas@ory.sh>
  • Loading branch information...
aeneasr committed Dec 6, 2018
1 parent 7f50b94 commit 9b5bbd48a72096930af08402c5e07fce7dd770f3
Showing with 50 additions and 90 deletions.
  1. +1 −1 go.mod
  2. +2 −0 go.sum
  3. +0 −78 main_test.go.bak
  4. +47 −11 oauth2/handler_fallback_endpoints.go
2 go.mod
@@ -42,7 +42,7 @@ require (
github.com/urfave/negroni v1.0.0
github.com/ziutek/mymysql v1.5.4 // indirect
go.uber.org/atomic v1.3.2 // indirect
golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
golang.org/x/net v0.0.0-20181029044818-c44066c5c816 // indirect
golang.org/x/oauth2 v0.0.0-20181003184128-c57b0facaced
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
2 go.sum
@@ -266,6 +266,8 @@ golang.org/x/crypto v0.0.0-20180830192347-182538f80094/go.mod h1:6SG95UA2DQfeDnf
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4 h1:Vk3wNqEZwyGyei9yq5ekj7frek2u7HUfffJ1/opblzc=
golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180611182652-db08ff08e862 h1:JZi6BqOZ+iSgmLWe6llhGrNnEnK+YB/MRkStwnEfbqM=
golang.org/x/net v0.0.0-20180611182652-db08ff08e862/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

This file was deleted.

Oops, something went wrong.
@@ -21,7 +21,7 @@
package oauth2

import (
"fmt"
"html/template"
"net/http"

"github.com/julienschmidt/httprouter"
@@ -31,7 +31,7 @@ func (h *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request,
h.L.Warnln("It looks like no consent/login URL was set. All OAuth2 flows except client credentials will fail.")
h.L.Warnln("A client requested the default login & consent URL, environment variable OAUTH2_CONSENT_URL or OAUTH2_LOGIN_URL or both are probably not set.")

w.Write([]byte(`
t, err := template.New("consent").Parse(`
<html>
<head>
<title>Misconfigured consent/login URL</title>
@@ -47,13 +47,22 @@ func (h *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request,
</p>
</body>
</html>
`))
`)
if err != nil {
h.H.WriteError(w, r, err)
return
}

if err := t.Execute(w, nil); err != nil {
h.H.WriteError(w, r, err)
return
}
}

func (h *Handler) DefaultErrorHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
h.L.Warnln("A client requested the default error URL, environment variable OAUTH2_ERROR_URL is probably not set.")

fmt.Fprintf(w, `
t, err := template.New("consent").Parse(`
<html>
<head>
<title>An OAuth 2.0 Error Occurred</title>
@@ -63,10 +72,10 @@ func (h *Handler) DefaultErrorHandler(w http.ResponseWriter, r *http.Request, _
The OAuth2 request resulted in an error.
</h1>
<ul>
<li>Error: %s</li>
<li>Description: %s</li>
<li>Hint: %s</li>
<li>Debug: %s</li>
<li>Error: {{ .Name }}</li>
<li>Description: {{ .Description }}</li>
<li>Hint: {{ .Hint }}</li>
<li>Debug: {{ .Debug }}</li>
</ul>
<p>
You are seeing this default error page because the administrator has not set a dedicated error URL (environment variable <code>OAUTH2_ERROR_URL</code> is not set).
@@ -75,13 +84,31 @@ func (h *Handler) DefaultErrorHandler(w http.ResponseWriter, r *http.Request, _
</p>
</body>
</html>
`, r.URL.Query().Get("error"), r.URL.Query().Get("error_description"), r.URL.Query().Get("error_hint"), r.URL.Query().Get("error_debug"))
`)
if err != nil {
h.H.WriteError(w, r, err)
return
}

if err := t.Execute(w, struct {
Name string
Description string
Hint string
Debug string
}{
Name: r.URL.Query().Get("error"),
Description: r.URL.Query().Get("error_description"),
Hint: r.URL.Query().Get("error_hint"),
Debug: r.URL.Query().Get("error_debug"),
}); err != nil {
h.H.WriteError(w, r, err)
return
}
}

func (h *Handler) DefaultLogoutHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
h.L.Warnln("A client requested the default logout URL, environment variable OAUTH2_LOGOUT_REDIRECT_URL is probably not set.")

fmt.Fprintf(w, `
t, err := template.New("consent").Parse(`
<html>
<head>
<title>You logged out successfully</title>
@@ -98,4 +125,13 @@ func (h *Handler) DefaultLogoutHandler(w http.ResponseWriter, r *http.Request, _
</body>
</html>
`)
if err != nil {
h.H.WriteError(w, r, err)
return
}

if err := t.Execute(w, nil); err != nil {
h.H.WriteError(w, r, err)
return
}
}

0 comments on commit 9b5bbd4

Please sign in to comment.