From da9111c186ede5fa0e812ee3afe692d13045df0a Mon Sep 17 00:00:00 2001 From: Niko Abeler Date: Fri, 4 Nov 2022 21:53:14 +0100 Subject: [PATCH] include request data in password form --- cmd/owl/web/handler.go | 43 +++++++++++++++++++++++++++++++++++++++++- embed/auth.html | 6 ++++++ renderer.go | 15 ++++++++++++--- renderer_test.go | 32 ++++++++++++++++++++++++++++++- 4 files changed, 91 insertions(+), 5 deletions(-) diff --git a/cmd/owl/web/handler.go b/cmd/owl/web/handler.go index f7d6b2f..3228371 100644 --- a/cmd/owl/web/handler.go +++ b/cmd/owl/web/handler.go @@ -67,7 +67,48 @@ func userAuthHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Reque notFoundHandler(repo)(w, r) return } - html, err := owl.RenderUserAuthPage(user) + // get me, cleint_id, redirect_uri, state and response_type from query + me := r.URL.Query().Get("me") + clientId := r.URL.Query().Get("client_id") + redirectUri := r.URL.Query().Get("redirect_uri") + state := r.URL.Query().Get("state") + responseType := r.URL.Query().Get("response_type") + + // check if request is valid + missing_params := []string{} + if clientId == "" { + missing_params = append(missing_params, "client_id") + } + if redirectUri == "" { + missing_params = append(missing_params, "redirect_uri") + } + if responseType == "" { + missing_params = append(missing_params, "response_type") + } + if len(missing_params) > 0 { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte(fmt.Sprintf("Missing parameters: %s", strings.Join(missing_params, ", ")))) + return + } + if responseType != "id" { + responseType = "code" + } + if responseType != "code" { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("Invalid response_type. Must be 'code' ('id' converted to 'code' for legacy support).")) + return + } + + reqData := owl.AuthRequestData{ + Me: me, + ClientId: clientId, + RedirectUri: redirectUri, + State: state, + ResponseType: responseType, + User: user, + } + + html, err := owl.RenderUserAuthPage(reqData) if err != nil { println("Error rendering auth page: ", err.Error()) w.WriteHeader(http.StatusInternalServerError) diff --git a/embed/auth.html b/embed/auth.html index 65ba4bc..56ea3f7 100644 --- a/embed/auth.html +++ b/embed/auth.html @@ -1,5 +1,11 @@ +

Authorization for {{.ClientId}}

+
+ + + +
\ No newline at end of file diff --git a/renderer.go b/renderer.go index cfb6018..bd455d0 100644 --- a/renderer.go +++ b/renderer.go @@ -20,6 +20,15 @@ type PostRenderData struct { Content template.HTML } +type AuthRequestData struct { + Me string + ClientId string + RedirectUri string + State string + ResponseType string + User User +} + func renderEmbedTemplate(templateFile string, data interface{}) (string, error) { templateStr, err := embed_files.ReadFile(templateFile) if err != nil { @@ -109,13 +118,13 @@ func RenderIndexPage(user User) (string, error) { }) } -func RenderUserAuthPage(user User) (string, error) { - authHtml, err := renderEmbedTemplate("embed/auth.html", user) +func RenderUserAuthPage(reqData AuthRequestData) (string, error) { + authHtml, err := renderEmbedTemplate("embed/auth.html", reqData) if err != nil { return "", err } - return renderIntoBaseTemplate(user, PageContent{ + return renderIntoBaseTemplate(reqData.User, PageContent{ Title: "Auth", Content: template.HTML(authHtml), }) diff --git a/renderer_test.go b/renderer_test.go index 8db4f13..d67cc08 100644 --- a/renderer_test.go +++ b/renderer_test.go @@ -289,7 +289,37 @@ func TestAddFaviconIfExist(t *testing.T) { func TestRenderUserAuth(t *testing.T) { user := getTestUser() user.ResetPassword("test") - result, err := owl.RenderUserAuthPage(user) + result, err := owl.RenderUserAuthPage(owl.AuthRequestData{ + User: user, + }) assertions.AssertNoError(t, err, "Error rendering user auth page") assertions.AssertContains(t, result, "