forked from vmware-archive/atc
/
oauth_begin_handler.go
85 lines (69 loc) · 1.81 KB
/
oauth_begin_handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package auth
import (
"crypto/rsa"
"encoding/base64"
"encoding/json"
"net/http"
"time"
"code.cloudfoundry.org/lager"
)
const OAuthStateCookie = "_concourse_oauth_state"
type OAuthState struct {
Redirect string `json:"redirect"`
TeamName string `json:"team_name"`
}
type OAuthBeginHandler struct {
logger lager.Logger
providerFactory ProviderFactory
privateKey *rsa.PrivateKey
}
func NewOAuthBeginHandler(
logger lager.Logger,
providerFactory ProviderFactory,
privateKey *rsa.PrivateKey,
) http.Handler {
return &OAuthBeginHandler{
logger: logger,
providerFactory: providerFactory,
privateKey: privateKey,
}
}
func (handler *OAuthBeginHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
providerName := r.FormValue(":provider")
teamName := r.FormValue("team_name")
providers, err := handler.providerFactory.GetProviders(teamName)
if err != nil {
handler.logger.Error("unknown-provider", err, lager.Data{
"provider": providerName,
"teamName": teamName,
})
w.WriteHeader(http.StatusNotFound)
return
}
provider, found := providers[providerName]
if !found {
handler.logger.Info("unknown-provider", lager.Data{
"provider": providerName,
})
w.WriteHeader(http.StatusNotFound)
return
}
oauthState, err := json.Marshal(OAuthState{
Redirect: r.FormValue("redirect"),
TeamName: teamName,
})
if err != nil {
handler.logger.Error("failed-to-marshal-state", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
encodedState := base64.RawURLEncoding.EncodeToString(oauthState)
authCodeURL := provider.AuthCodeURL(encodedState)
http.SetCookie(w, &http.Cookie{
Name: OAuthStateCookie,
Value: encodedState,
Path: "/",
Expires: time.Now().Add(CookieAge),
})
http.Redirect(w, r, authCodeURL, http.StatusTemporaryRedirect)
}