forked from vmware-archive/atc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
oauth_begin_handler.go
110 lines (92 loc) · 2.46 KB
/
oauth_begin_handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package auth
import (
"crypto/rsa"
"encoding/base64"
"encoding/json"
"net/http"
"time"
"github.com/concourse/atc/db"
"code.cloudfoundry.org/lager"
)
const OAuthStateCookie = "_concourse_oauth_state"
type OAuthState struct {
Redirect string `json:"redirect"`
TeamName string `json:"team_name"`
}
type OAuthBeginHandler struct {
logger lager.Logger
providerFactory ProviderFactory
privateKey *rsa.PrivateKey
teamDBFactory db.TeamDBFactory
expire time.Duration
}
func NewOAuthBeginHandler(
logger lager.Logger,
providerFactory ProviderFactory,
privateKey *rsa.PrivateKey,
teamDBFactory db.TeamDBFactory,
expire time.Duration,
) http.Handler {
return &OAuthBeginHandler{
logger: logger,
providerFactory: providerFactory,
privateKey: privateKey,
teamDBFactory: teamDBFactory,
expire: expire,
}
}
func (handler *OAuthBeginHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
hLog := handler.logger.Session("oauth-begin")
providerName := r.FormValue(":provider")
teamName := r.FormValue("team_name")
teamDB := handler.teamDBFactory.GetTeamDB(teamName)
team, found, err := teamDB.GetTeam()
if err != nil {
hLog.Error("failed-to-get-team", err, lager.Data{
"teamName": teamName,
})
w.WriteHeader(http.StatusInternalServerError)
return
}
if !found {
hLog.Info("failed-to-find-team", lager.Data{
"teamName": teamName,
})
w.WriteHeader(http.StatusNotFound)
return
}
provider, found, err := handler.providerFactory.GetProvider(team, providerName)
if err != nil {
handler.logger.Error("failed-to-get-provider", err, lager.Data{
"provider": providerName,
"teamName": teamName,
})
w.WriteHeader(http.StatusInternalServerError)
return
}
if !found {
handler.logger.Info("team-does-not-have-auth-provider", lager.Data{
"provider": providerName,
})
w.WriteHeader(http.StatusNotFound)
return
}
oauthState, err := json.Marshal(OAuthState{
Redirect: r.FormValue("redirect"),
TeamName: teamName,
})
if err != nil {
handler.logger.Error("failed-to-marshal-state", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
encodedState := base64.RawURLEncoding.EncodeToString(oauthState)
authCodeURL := provider.AuthCodeURL(encodedState)
http.SetCookie(w, &http.Cookie{
Name: OAuthStateCookie,
Value: encodedState,
Path: "/",
Expires: time.Now().Add(handler.expire),
})
http.Redirect(w, r, authCodeURL, http.StatusTemporaryRedirect)
}