include request data in password form

This commit is contained in:
Niko Abeler 2022-11-04 21:53:14 +01:00
parent 1072f48e9f
commit da9111c186
4 changed files with 91 additions and 5 deletions

View File

@ -67,7 +67,48 @@ func userAuthHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Reque
notFoundHandler(repo)(w, r)
return
}
html, err := owl.RenderUserAuthPage(user)
// get me, cleint_id, redirect_uri, state and response_type from query
me := r.URL.Query().Get("me")
clientId := r.URL.Query().Get("client_id")
redirectUri := r.URL.Query().Get("redirect_uri")
state := r.URL.Query().Get("state")
responseType := r.URL.Query().Get("response_type")
// check if request is valid
missing_params := []string{}
if clientId == "" {
missing_params = append(missing_params, "client_id")
}
if redirectUri == "" {
missing_params = append(missing_params, "redirect_uri")
}
if responseType == "" {
missing_params = append(missing_params, "response_type")
}
if len(missing_params) > 0 {
w.WriteHeader(http.StatusBadRequest)
w.Write([]byte(fmt.Sprintf("Missing parameters: %s", strings.Join(missing_params, ", "))))
return
}
if responseType != "id" {
responseType = "code"
}
if responseType != "code" {
w.WriteHeader(http.StatusBadRequest)
w.Write([]byte("Invalid response_type. Must be 'code' ('id' converted to 'code' for legacy support)."))
return
}
reqData := owl.AuthRequestData{
Me: me,
ClientId: clientId,
RedirectUri: redirectUri,
State: state,
ResponseType: responseType,
User: user,
}
html, err := owl.RenderUserAuthPage(reqData)
if err != nil {
println("Error rendering auth page: ", err.Error())
w.WriteHeader(http.StatusInternalServerError)

View File

@ -1,5 +1,11 @@
<h2>Authorization for {{.ClientId}}</h2>
<form action="" method="post">
<label for="password">Password</label>
<input type="password" name="password" placeholder="Password">
<input type="hidden" name="client_id" value="{{.ClientId}}">
<input type="hidden" name="redirect_uri" value="{{.RedirectUri}}">
<input type="hidden" name="response_type" value="{{.ResponseType}}">
<input type="hidden" name="state" value="{{.State}}">
<input type="submit" value="Login">
</form>

View File

@ -20,6 +20,15 @@ type PostRenderData struct {
Content template.HTML
}
type AuthRequestData struct {
Me string
ClientId string
RedirectUri string
State string
ResponseType string
User User
}
func renderEmbedTemplate(templateFile string, data interface{}) (string, error) {
templateStr, err := embed_files.ReadFile(templateFile)
if err != nil {
@ -109,13 +118,13 @@ func RenderIndexPage(user User) (string, error) {
})
}
func RenderUserAuthPage(user User) (string, error) {
authHtml, err := renderEmbedTemplate("embed/auth.html", user)
func RenderUserAuthPage(reqData AuthRequestData) (string, error) {
authHtml, err := renderEmbedTemplate("embed/auth.html", reqData)
if err != nil {
return "", err
}
return renderIntoBaseTemplate(user, PageContent{
return renderIntoBaseTemplate(reqData.User, PageContent{
Title: "Auth",
Content: template.HTML(authHtml),
})

View File

@ -289,7 +289,37 @@ func TestAddFaviconIfExist(t *testing.T) {
func TestRenderUserAuth(t *testing.T) {
user := getTestUser()
user.ResetPassword("test")
result, err := owl.RenderUserAuthPage(user)
result, err := owl.RenderUserAuthPage(owl.AuthRequestData{
User: user,
})
assertions.AssertNoError(t, err, "Error rendering user auth page")
assertions.AssertContains(t, result, "<form")
}
func TestRenderUserAuthIncludesClientId(t *testing.T) {
user := getTestUser()
user.ResetPassword("test")
result, err := owl.RenderUserAuthPage(owl.AuthRequestData{
User: user,
ClientId: "https://example.com/",
})
assertions.AssertNoError(t, err, "Error rendering user auth page")
assertions.AssertContains(t, result, "https://example.com/")
}
func TestRenderUserAuthHiddenFields(t *testing.T) {
user := getTestUser()
user.ResetPassword("test")
result, err := owl.RenderUserAuthPage(owl.AuthRequestData{
User: user,
ClientId: "https://example.com/",
RedirectUri: "https://example.com/redirect",
ResponseType: "code",
State: "teststate",
})
assertions.AssertNoError(t, err, "Error rendering user auth page")
assertions.AssertContains(t, result, "name=\"client_id\" value=\"https://example.com/\"")
assertions.AssertContains(t, result, "name=\"redirect_uri\" value=\"https://example.com/redirect\"")
assertions.AssertContains(t, result, "name=\"response_type\" value=\"code\"")
assertions.AssertContains(t, result, "name=\"state\" value=\"teststate\"")
}