mobility-accounts/oidc-provider/endpoints_auth.go

102 lines
2.6 KiB
Go
Raw Normal View History

package op
import (
"fmt"
"html/template"
"net/http"
"time"
"github.com/gorilla/csrf"
"github.com/gorilla/mux"
"github.com/ory/fosite"
"github.com/ory/fosite/handler/openid"
"github.com/ory/fosite/token/jwt"
)
func (op *OIDCHandler) AuthEndpoint(w http.ResponseWriter, r *http.Request) {
namespace := mux.Vars(r)["namespace"]
oauth2Provider := op.NamespaceProviders[namespace]
templates_dir := op.config.Namespaces[namespace].TemplatesDir
t := template.New("auth")
t = template.Must(t.ParseFiles(
templates_dir + "/auth.html",
))
ctx := r.Context()
ar, err := oauth2Provider.NewAuthorizeRequest(ctx, r)
if err != nil {
oauth2Provider.WriteAuthorizeError(w, ar, err)
return
}
if r.Method == "POST" {
if r.Form.Get("username") == "" || r.Form.Get("password") == "" {
oauth2Provider.WriteAuthorizeError(w, ar, fosite.ErrAccessDenied)
return
}
account, err := op.handler.Login(r.Form.Get("username"), r.Form.Get("password"), namespace)
if err != nil {
if err = t.ExecuteTemplate(w, "auth", map[string]any{
csrf.TemplateTag: csrf.TemplateField(r),
"error": fmt.Sprintf("Wrong username (%v) or password (%v) in namespace \"%v\"", r.Form.Get("username"), r.Form.Get("password"), namespace),
"realError": err,
}); err != nil {
oauth2Provider.WriteAuthorizeError(w, ar, err)
}
return
}
sessionData := &openid.DefaultSession{
Claims: &jwt.IDTokenClaims{
Issuer: fmt.Sprintf("%s://%s/%s", op.Protocol, r.Host, namespace),
Subject: account.ID,
Audience: []string{},
ExpiresAt: time.Now().Add(time.Hour * 30),
IssuedAt: time.Now(),
RequestedAt: time.Now(),
AuthTime: time.Now(),
Extra: make(map[string]interface{}),
},
Username: r.Form.Get("username"),
Subject: account.ID,
Headers: &jwt.Headers{
Extra: make(map[string]interface{}),
},
}
// Manage claims
for _, v := range ar.GetRequestedScopes() {
ar.GrantScope(v)
if v != "openid" { // TODO handle standard claims like profile, email, ...
if mc, ok := op.config.Namespaces[namespace].MatchClaims[v]; ok {
if d, ok := account.Data[mc]; ok {
sessionData.Claims.Extra[v] = d
}
} else if d, ok := account.Data[v]; ok {
sessionData.Claims.Extra[v] = d
}
}
}
response, err := oauth2Provider.NewAuthorizeResponse(ctx, ar, sessionData)
if err != nil {
oauth2Provider.WriteAuthorizeError(w, ar, err)
return
}
oauth2Provider.WriteAuthorizeResponse(w, ar, response)
return
}
err = t.ExecuteTemplate(w, "auth", map[string]any{
// csrf.TemplateTag: csrf.TemplateField(r),
})
if err != nil {
panic(err)
}
}