Refactor previous COOPGO Identity service - Initial commit

2022-08-02 12:26:28 +02:00
commit 3e93e6593d
41 changed files with 9026 additions and 0 deletions
--- a/oidc-provider/endpoints_auth.go
+++ b/oidc-provider/endpoints_auth.go
@@ -0,0 +1,101 @@
+package op
+
+import (
+	"fmt"
+	"html/template"
+	"net/http"
+	"time"
+
+	"github.com/gorilla/csrf"
+	"github.com/gorilla/mux"
+	"github.com/ory/fosite"
+	"github.com/ory/fosite/handler/openid"
+	"github.com/ory/fosite/token/jwt"
+)
+
+func (op *OIDCHandler) AuthEndpoint(w http.ResponseWriter, r *http.Request) {
+	namespace := mux.Vars(r)["namespace"]
+	oauth2Provider := op.NamespaceProviders[namespace]
+	templates_dir := op.config.Namespaces[namespace].TemplatesDir
+
+	t := template.New("auth")
+	t = template.Must(t.ParseFiles(
+		templates_dir + "/auth.html",
+	))
+
+	ctx := r.Context()
+	ar, err := oauth2Provider.NewAuthorizeRequest(ctx, r)
+	if err != nil {
+		oauth2Provider.WriteAuthorizeError(w, ar, err)
+		return
+	}
+
+	if r.Method == "POST" {
+		if r.Form.Get("username") == "" || r.Form.Get("password") == "" {
+			oauth2Provider.WriteAuthorizeError(w, ar, fosite.ErrAccessDenied)
+			return
+		}
+
+		account, err := op.handler.Login(r.Form.Get("username"), r.Form.Get("password"), namespace)
+		if err != nil {
+			if err = t.ExecuteTemplate(w, "auth", map[string]any{
+				csrf.TemplateTag: csrf.TemplateField(r),
+				"error":          fmt.Sprintf("Wrong username (%v) or password (%v) in namespace \"%v\"", r.Form.Get("username"), r.Form.Get("password"), namespace),
+				"realError":      err,
+			}); err != nil {
+				oauth2Provider.WriteAuthorizeError(w, ar, err)
+			}
+			return
+		}
+
+		sessionData := &openid.DefaultSession{
+			Claims: &jwt.IDTokenClaims{
+				Issuer:      fmt.Sprintf("http://%s/%s", r.Host, namespace),
+				Subject:     account.ID,
+				Audience:    []string{},
+				ExpiresAt:   time.Now().Add(time.Hour * 30),
+				IssuedAt:    time.Now(),
+				RequestedAt: time.Now(),
+				AuthTime:    time.Now(),
+				Extra:       make(map[string]interface{}),
+			},
+			Username: r.Form.Get("username"),
+			Subject:  account.ID,
+			Headers: &jwt.Headers{
+				Extra: make(map[string]interface{}),
+			},
+		}
+
+		// Manage claims
+		for _, v := range ar.GetRequestedScopes() {
+			ar.GrantScope(v)
+
+			if v != "openid" { // TODO handle standard claims like profile, email, ...
+				if mc, ok := op.config.Namespaces[namespace].MatchClaims[v]; ok {
+					if d, ok := account.Data[mc]; ok {
+						sessionData.Claims.Extra[v] = d
+					}
+				} else if d, ok := account.Data[v]; ok {
+					sessionData.Claims.Extra[v] = d
+				}
+			}
+		}
+
+		response, err := oauth2Provider.NewAuthorizeResponse(ctx, ar, sessionData)
+		if err != nil {
+			oauth2Provider.WriteAuthorizeError(w, ar, err)
+			return
+		}
+
+		oauth2Provider.WriteAuthorizeResponse(w, ar, response)
+		return
+	}
+
+	err = t.ExecuteTemplate(w, "auth", map[string]any{
+		// csrf.TemplateTag: csrf.TemplateField(r),
+	})
+
+	if err != nil {
+		panic(err)
+	}
+}