Skip to content
Permalink
Browse files

Added state location register hook. T712.

  • Loading branch information
ngerakines committed Jan 7, 2020
1 parent 77e0126 commit 28cf4dd5f57472a2376877276e138422d7329bbd
Showing with 96 additions and 27 deletions.
  1. +10 −8 config/config.go
  2. +78 −19 oauth.go
  3. +4 −0 oauth_slack.go
  4. +4 −0 oauth_writeas.go
@@ -59,17 +59,19 @@ type (
}

WriteAsOauthCfg struct {
ClientID string `ini:"client_id"`
ClientSecret string `ini:"client_secret"`
AuthLocation string `ini:"auth_location"`
TokenLocation string `ini:"token_location"`
InspectLocation string `ini:"inspect_location"`
ClientID string `ini:"client_id"`
ClientSecret string `ini:"client_secret"`
AuthLocation string `ini:"auth_location"`
TokenLocation string `ini:"token_location"`
InspectLocation string `ini:"inspect_location"`
StateRegisterLocation string `ini:"state_register_location"`
}

SlackOauthCfg struct {
ClientID string `ini:"client_id"`
ClientSecret string `ini:"client_secret"`
TeamID string `ini:"team_id"`
ClientID string `ini:"client_id"`
ClientSecret string `ini:"client_secret"`
TeamID string `ini:"team_id"`
StateRegisterLocation string `ini:"state_register_location"`
}

// AppCfg holds values that affect how the application functions
@@ -3,6 +3,7 @@ package writefreely
import (
"context"
"encoding/json"
"errors"
"fmt"
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
@@ -12,6 +13,8 @@ import (
"io"
"io/ioutil"
"net/http"
"net/url"
"strings"
"time"
)

@@ -71,17 +74,25 @@ type HttpClient interface {
type oauthClient interface {
GetProvider() string
GetClientID() string
GetCallbackLocation() string
buildLoginURL(state string) (string, error)
exchangeOauthCode(ctx context.Context, code string) (*TokenResponse, error)
inspectOauthAccessToken(ctx context.Context, accessToken string) (*InspectResponse, error)
}

type oauthStateRegisterer struct {
location string
callbackLocation string
httpClient HttpClient
}

type oauthHandler struct {
Config *config.Config
DB OAuthDatastore
Store sessions.Store
EmailKey []byte
oauthClient oauthClient
Config *config.Config
DB OAuthDatastore
Store sessions.Store
EmailKey []byte
oauthClient oauthClient
oauthStateRegisterer *oauthStateRegisterer
}

func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Request) error {
@@ -90,6 +101,13 @@ func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Req
if err != nil {
return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
}

if h.oauthStateRegisterer != nil {
if err := h.oauthStateRegisterer.register(ctx, state); err != nil {
return impart.HTTPError{http.StatusInternalServerError, "could not register state location"}
}
}

location, err := h.oauthClient.buildLoginURL(state)
if err != nil {
return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
@@ -99,39 +117,57 @@ func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Req

func configureSlackOauth(parentHandler *Handler, r *mux.Router, app *App) {
if app.Config().SlackOauth.ClientID != "" {
var stateRegisterClient *oauthStateRegisterer = nil
if app.Config().SlackOauth.StateRegisterLocation != "" {
stateRegisterClient = &oauthStateRegisterer{
location: app.Config().SlackOauth.StateRegisterLocation,
callbackLocation: app.Config().App.Host + "/oauth/callback",
httpClient: config.DefaultHTTPClient(),
}
}
oauthClient := slackOauthClient{
ClientID: app.Config().SlackOauth.ClientID,
ClientSecret: app.Config().SlackOauth.ClientSecret,
TeamID: app.Config().SlackOauth.TeamID,
CallbackLocation: app.Config().App.Host + "/oauth/callback",
HttpClient: config.DefaultHTTPClient(),
ClientID: app.Config().SlackOauth.ClientID,
ClientSecret: app.Config().SlackOauth.ClientSecret,
TeamID: app.Config().SlackOauth.TeamID,
HttpClient: config.DefaultHTTPClient(),
//CallbackLocation: app.Config().App.Host + "/oauth/callback",
CallbackLocation: "http://localhost:5000/callback",
}
configureOauthRoutes(parentHandler, r, app, oauthClient)
configureOauthRoutes(parentHandler, r, app, oauthClient, stateRegisterClient)
}
}

func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) {
if app.Config().WriteAsOauth.ClientID != "" {
var stateRegisterClient *oauthStateRegisterer = nil
if app.Config().WriteAsOauth.StateRegisterLocation != "" {
stateRegisterClient = &oauthStateRegisterer{
location: app.Config().WriteAsOauth.StateRegisterLocation,
callbackLocation: app.Config().App.Host + "/oauth/callback",
httpClient: config.DefaultHTTPClient(),
}
}
oauthClient := writeAsOauthClient{
ClientID: app.Config().WriteAsOauth.ClientID,
ClientSecret: app.Config().WriteAsOauth.ClientSecret,
ExchangeLocation: config.OrDefaultString(app.Config().WriteAsOauth.TokenLocation, writeAsExchangeLocation),
InspectLocation: config.OrDefaultString(app.Config().WriteAsOauth.InspectLocation, writeAsIdentityLocation),
AuthLocation: config.OrDefaultString(app.Config().WriteAsOauth.AuthLocation, writeAsAuthLocation),
HttpClient: config.DefaultHTTPClient(),
CallbackLocation: app.Config().App.Host + "/oauth/callback",
CallbackLocation: "http://localhost:5000/callback",
}
configureOauthRoutes(parentHandler, r, app, oauthClient)
configureOauthRoutes(parentHandler, r, app, oauthClient, stateRegisterClient)
}
}

func configureOauthRoutes(parentHandler *Handler, r *mux.Router, app *App, oauthClient oauthClient) {
func configureOauthRoutes(parentHandler *Handler, r *mux.Router, app *App, oauthClient oauthClient, stateRegisterClient *oauthStateRegisterer) {
handler := &oauthHandler{
Config: app.Config(),
DB: app.DB(),
Store: app.SessionStore(),
oauthClient: oauthClient,
EmailKey: app.keys.EmailKey,
Config: app.Config(),
DB: app.DB(),
Store: app.SessionStore(),
oauthClient: oauthClient,
EmailKey: app.keys.EmailKey,
oauthStateRegisterer: stateRegisterClient,
}
r.HandleFunc("/oauth/"+oauthClient.GetProvider(), parentHandler.OAuth(handler.viewOauthInit)).Methods("GET")
r.HandleFunc("/oauth/callback", parentHandler.OAuth(handler.viewOauthCallback)).Methods("GET")
@@ -197,6 +233,29 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
return h.showOauthSignupPage(app, w, r, tp, nil)
}

func (r *oauthStateRegisterer) register(ctx context.Context, state string) error {
form := url.Values{}
form.Add("state", state)
form.Add("location", r.callbackLocation)
req, err := http.NewRequestWithContext(ctx, "POST", r.location, strings.NewReader(form.Encode()))
if err != nil {
return err
}
req.Header.Set("User-Agent", "writefreely")
req.Header.Set("Accept", "application/json")
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")

resp, err := r.httpClient.Do(req)
if err != nil {
return err
}
if resp.StatusCode != http.StatusCreated {
return errors.New("register state and location")
}

return nil
}

func limitedJsonUnmarshal(body io.ReadCloser, n int, thing interface{}) error {
lr := io.LimitReader(body, int64(n+1))
data, err := ioutil.ReadAll(lr)
@@ -62,6 +62,10 @@ func (c slackOauthClient) GetClientID() string {
return c.ClientID
}

func (c slackOauthClient) GetCallbackLocation() string {
return c.CallbackLocation
}

func (c slackOauthClient) buildLoginURL(state string) (string, error) {
u, err := url.Parse(slackAuthLocation)
if err != nil {
@@ -34,6 +34,10 @@ func (c writeAsOauthClient) GetClientID() string {
return c.ClientID
}

func (c writeAsOauthClient) GetCallbackLocation() string {
return c.CallbackLocation
}

func (c writeAsOauthClient) buildLoginURL(state string) (string, error) {
u, err := url.Parse(c.AuthLocation)
if err != nil {

0 comments on commit 28cf4dd

Please sign in to comment.
You can’t perform that action at this time.