102 lines
2.6 KiB
Go
102 lines
2.6 KiB
Go
package op
|
|
|
|
import (
|
|
"fmt"
|
|
"html/template"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/gorilla/csrf"
|
|
"github.com/gorilla/mux"
|
|
"github.com/ory/fosite"
|
|
"github.com/ory/fosite/handler/openid"
|
|
"github.com/ory/fosite/token/jwt"
|
|
)
|
|
|
|
func (op *OIDCHandler) AuthEndpoint(w http.ResponseWriter, r *http.Request) {
|
|
namespace := mux.Vars(r)["namespace"]
|
|
oauth2Provider := op.NamespaceProviders[namespace]
|
|
templates_dir := op.config.Namespaces[namespace].TemplatesDir
|
|
|
|
t := template.New("auth")
|
|
t = template.Must(t.ParseFiles(
|
|
templates_dir + "/auth.html",
|
|
))
|
|
|
|
ctx := r.Context()
|
|
ar, err := oauth2Provider.NewAuthorizeRequest(ctx, r)
|
|
if err != nil {
|
|
oauth2Provider.WriteAuthorizeError(w, ar, err)
|
|
return
|
|
}
|
|
|
|
if r.Method == "POST" {
|
|
if r.Form.Get("username") == "" || r.Form.Get("password") == "" {
|
|
oauth2Provider.WriteAuthorizeError(w, ar, fosite.ErrAccessDenied)
|
|
return
|
|
}
|
|
|
|
account, err := op.handler.Login(r.Form.Get("username"), r.Form.Get("password"), namespace)
|
|
if err != nil {
|
|
if err = t.ExecuteTemplate(w, "auth", map[string]any{
|
|
csrf.TemplateTag: csrf.TemplateField(r),
|
|
"error": fmt.Sprintf("Wrong username (%v) or password (%v) in namespace \"%v\"", r.Form.Get("username"), r.Form.Get("password"), namespace),
|
|
"realError": err,
|
|
}); err != nil {
|
|
oauth2Provider.WriteAuthorizeError(w, ar, err)
|
|
}
|
|
return
|
|
}
|
|
|
|
sessionData := &openid.DefaultSession{
|
|
Claims: &jwt.IDTokenClaims{
|
|
Issuer: fmt.Sprintf("http://%s/%s", r.Host, namespace),
|
|
Subject: account.ID,
|
|
Audience: []string{},
|
|
ExpiresAt: time.Now().Add(time.Hour * 30),
|
|
IssuedAt: time.Now(),
|
|
RequestedAt: time.Now(),
|
|
AuthTime: time.Now(),
|
|
Extra: make(map[string]interface{}),
|
|
},
|
|
Username: r.Form.Get("username"),
|
|
Subject: account.ID,
|
|
Headers: &jwt.Headers{
|
|
Extra: make(map[string]interface{}),
|
|
},
|
|
}
|
|
|
|
// Manage claims
|
|
for _, v := range ar.GetRequestedScopes() {
|
|
ar.GrantScope(v)
|
|
|
|
if v != "openid" { // TODO handle standard claims like profile, email, ...
|
|
if mc, ok := op.config.Namespaces[namespace].MatchClaims[v]; ok {
|
|
if d, ok := account.Data[mc]; ok {
|
|
sessionData.Claims.Extra[v] = d
|
|
}
|
|
} else if d, ok := account.Data[v]; ok {
|
|
sessionData.Claims.Extra[v] = d
|
|
}
|
|
}
|
|
}
|
|
|
|
response, err := oauth2Provider.NewAuthorizeResponse(ctx, ar, sessionData)
|
|
if err != nil {
|
|
oauth2Provider.WriteAuthorizeError(w, ar, err)
|
|
return
|
|
}
|
|
|
|
oauth2Provider.WriteAuthorizeResponse(w, ar, response)
|
|
return
|
|
}
|
|
|
|
err = t.ExecuteTemplate(w, "auth", map[string]any{
|
|
// csrf.TemplateTag: csrf.TemplateField(r),
|
|
})
|
|
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
}
|