include request data in password form
This commit is contained in:
parent
1072f48e9f
commit
da9111c186
|
@ -67,7 +67,48 @@ func userAuthHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Reque
|
||||||
notFoundHandler(repo)(w, r)
|
notFoundHandler(repo)(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
html, err := owl.RenderUserAuthPage(user)
|
// get me, cleint_id, redirect_uri, state and response_type from query
|
||||||
|
me := r.URL.Query().Get("me")
|
||||||
|
clientId := r.URL.Query().Get("client_id")
|
||||||
|
redirectUri := r.URL.Query().Get("redirect_uri")
|
||||||
|
state := r.URL.Query().Get("state")
|
||||||
|
responseType := r.URL.Query().Get("response_type")
|
||||||
|
|
||||||
|
// check if request is valid
|
||||||
|
missing_params := []string{}
|
||||||
|
if clientId == "" {
|
||||||
|
missing_params = append(missing_params, "client_id")
|
||||||
|
}
|
||||||
|
if redirectUri == "" {
|
||||||
|
missing_params = append(missing_params, "redirect_uri")
|
||||||
|
}
|
||||||
|
if responseType == "" {
|
||||||
|
missing_params = append(missing_params, "response_type")
|
||||||
|
}
|
||||||
|
if len(missing_params) > 0 {
|
||||||
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
|
w.Write([]byte(fmt.Sprintf("Missing parameters: %s", strings.Join(missing_params, ", "))))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if responseType != "id" {
|
||||||
|
responseType = "code"
|
||||||
|
}
|
||||||
|
if responseType != "code" {
|
||||||
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
|
w.Write([]byte("Invalid response_type. Must be 'code' ('id' converted to 'code' for legacy support)."))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
reqData := owl.AuthRequestData{
|
||||||
|
Me: me,
|
||||||
|
ClientId: clientId,
|
||||||
|
RedirectUri: redirectUri,
|
||||||
|
State: state,
|
||||||
|
ResponseType: responseType,
|
||||||
|
User: user,
|
||||||
|
}
|
||||||
|
|
||||||
|
html, err := owl.RenderUserAuthPage(reqData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
println("Error rendering auth page: ", err.Error())
|
println("Error rendering auth page: ", err.Error())
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
|
|
|
@ -1,5 +1,11 @@
|
||||||
|
<h2>Authorization for {{.ClientId}}</h2>
|
||||||
|
|
||||||
<form action="" method="post">
|
<form action="" method="post">
|
||||||
<label for="password">Password</label>
|
<label for="password">Password</label>
|
||||||
<input type="password" name="password" placeholder="Password">
|
<input type="password" name="password" placeholder="Password">
|
||||||
|
<input type="hidden" name="client_id" value="{{.ClientId}}">
|
||||||
|
<input type="hidden" name="redirect_uri" value="{{.RedirectUri}}">
|
||||||
|
<input type="hidden" name="response_type" value="{{.ResponseType}}">
|
||||||
|
<input type="hidden" name="state" value="{{.State}}">
|
||||||
<input type="submit" value="Login">
|
<input type="submit" value="Login">
|
||||||
</form>
|
</form>
|
15
renderer.go
15
renderer.go
|
@ -20,6 +20,15 @@ type PostRenderData struct {
|
||||||
Content template.HTML
|
Content template.HTML
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type AuthRequestData struct {
|
||||||
|
Me string
|
||||||
|
ClientId string
|
||||||
|
RedirectUri string
|
||||||
|
State string
|
||||||
|
ResponseType string
|
||||||
|
User User
|
||||||
|
}
|
||||||
|
|
||||||
func renderEmbedTemplate(templateFile string, data interface{}) (string, error) {
|
func renderEmbedTemplate(templateFile string, data interface{}) (string, error) {
|
||||||
templateStr, err := embed_files.ReadFile(templateFile)
|
templateStr, err := embed_files.ReadFile(templateFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -109,13 +118,13 @@ func RenderIndexPage(user User) (string, error) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func RenderUserAuthPage(user User) (string, error) {
|
func RenderUserAuthPage(reqData AuthRequestData) (string, error) {
|
||||||
authHtml, err := renderEmbedTemplate("embed/auth.html", user)
|
authHtml, err := renderEmbedTemplate("embed/auth.html", reqData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
return renderIntoBaseTemplate(user, PageContent{
|
return renderIntoBaseTemplate(reqData.User, PageContent{
|
||||||
Title: "Auth",
|
Title: "Auth",
|
||||||
Content: template.HTML(authHtml),
|
Content: template.HTML(authHtml),
|
||||||
})
|
})
|
||||||
|
|
|
@ -289,7 +289,37 @@ func TestAddFaviconIfExist(t *testing.T) {
|
||||||
func TestRenderUserAuth(t *testing.T) {
|
func TestRenderUserAuth(t *testing.T) {
|
||||||
user := getTestUser()
|
user := getTestUser()
|
||||||
user.ResetPassword("test")
|
user.ResetPassword("test")
|
||||||
result, err := owl.RenderUserAuthPage(user)
|
result, err := owl.RenderUserAuthPage(owl.AuthRequestData{
|
||||||
|
User: user,
|
||||||
|
})
|
||||||
assertions.AssertNoError(t, err, "Error rendering user auth page")
|
assertions.AssertNoError(t, err, "Error rendering user auth page")
|
||||||
assertions.AssertContains(t, result, "<form")
|
assertions.AssertContains(t, result, "<form")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestRenderUserAuthIncludesClientId(t *testing.T) {
|
||||||
|
user := getTestUser()
|
||||||
|
user.ResetPassword("test")
|
||||||
|
result, err := owl.RenderUserAuthPage(owl.AuthRequestData{
|
||||||
|
User: user,
|
||||||
|
ClientId: "https://example.com/",
|
||||||
|
})
|
||||||
|
assertions.AssertNoError(t, err, "Error rendering user auth page")
|
||||||
|
assertions.AssertContains(t, result, "https://example.com/")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestRenderUserAuthHiddenFields(t *testing.T) {
|
||||||
|
user := getTestUser()
|
||||||
|
user.ResetPassword("test")
|
||||||
|
result, err := owl.RenderUserAuthPage(owl.AuthRequestData{
|
||||||
|
User: user,
|
||||||
|
ClientId: "https://example.com/",
|
||||||
|
RedirectUri: "https://example.com/redirect",
|
||||||
|
ResponseType: "code",
|
||||||
|
State: "teststate",
|
||||||
|
})
|
||||||
|
assertions.AssertNoError(t, err, "Error rendering user auth page")
|
||||||
|
assertions.AssertContains(t, result, "name=\"client_id\" value=\"https://example.com/\"")
|
||||||
|
assertions.AssertContains(t, result, "name=\"redirect_uri\" value=\"https://example.com/redirect\"")
|
||||||
|
assertions.AssertContains(t, result, "name=\"response_type\" value=\"code\"")
|
||||||
|
assertions.AssertContains(t, result, "name=\"state\" value=\"teststate\"")
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue