2015-05-21 05:23:48 +02:00
|
|
|
package providers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
|
|
|
"errors"
|
2015-06-06 20:15:43 +02:00
|
|
|
"fmt"
|
2015-05-21 05:23:48 +02:00
|
|
|
"io/ioutil"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
2015-06-06 20:15:43 +02:00
|
|
|
"strings"
|
2015-06-23 13:23:39 +02:00
|
|
|
|
|
|
|
"github.com/bitly/oauth2_proxy/cookie"
|
2015-05-21 05:23:48 +02:00
|
|
|
)
|
|
|
|
|
2015-11-09 01:47:44 +02:00
|
|
|
func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error) {
|
2015-05-21 05:23:48 +02:00
|
|
|
if code == "" {
|
|
|
|
err = errors.New("missing code")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
params := url.Values{}
|
2015-11-09 01:47:44 +02:00
|
|
|
params.Add("redirect_uri", redirectURL)
|
2015-05-21 05:23:48 +02:00
|
|
|
params.Add("client_id", p.ClientID)
|
|
|
|
params.Add("client_secret", p.ClientSecret)
|
|
|
|
params.Add("code", code)
|
|
|
|
params.Add("grant_type", "authorization_code")
|
2015-11-09 10:28:34 +02:00
|
|
|
if p.ProtectedResource != nil && p.ProtectedResource.String() != "" {
|
|
|
|
params.Add("resource", p.ProtectedResource.String())
|
|
|
|
}
|
|
|
|
|
2015-06-23 13:23:39 +02:00
|
|
|
var req *http.Request
|
2015-11-09 01:47:44 +02:00
|
|
|
req, err = http.NewRequest("POST", p.RedeemURL.String(), bytes.NewBufferString(params.Encode()))
|
2015-05-21 05:23:48 +02:00
|
|
|
if err != nil {
|
2015-06-23 13:23:39 +02:00
|
|
|
return
|
2015-05-21 05:23:48 +02:00
|
|
|
}
|
|
|
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
|
|
|
2015-06-23 13:23:39 +02:00
|
|
|
var resp *http.Response
|
|
|
|
resp, err = http.DefaultClient.Do(req)
|
2015-05-21 05:23:48 +02:00
|
|
|
if err != nil {
|
2015-06-23 13:23:39 +02:00
|
|
|
return nil, err
|
2015-05-21 05:23:48 +02:00
|
|
|
}
|
2015-06-23 13:23:39 +02:00
|
|
|
var body []byte
|
2015-05-21 05:23:48 +02:00
|
|
|
body, err = ioutil.ReadAll(resp.Body)
|
|
|
|
resp.Body.Close()
|
|
|
|
if err != nil {
|
2015-06-23 13:23:39 +02:00
|
|
|
return
|
2015-05-21 05:23:48 +02:00
|
|
|
}
|
|
|
|
|
2015-06-06 20:15:43 +02:00
|
|
|
if resp.StatusCode != 200 {
|
2015-11-09 01:47:44 +02:00
|
|
|
err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemURL.String(), body)
|
2015-06-23 13:23:39 +02:00
|
|
|
return
|
2015-06-06 20:15:43 +02:00
|
|
|
}
|
|
|
|
|
2015-05-21 05:23:48 +02:00
|
|
|
// blindly try json and x-www-form-urlencoded
|
|
|
|
var jsonResponse struct {
|
|
|
|
AccessToken string `json:"access_token"`
|
|
|
|
}
|
|
|
|
err = json.Unmarshal(body, &jsonResponse)
|
|
|
|
if err == nil {
|
2015-06-23 13:23:39 +02:00
|
|
|
s = &SessionState{
|
|
|
|
AccessToken: jsonResponse.AccessToken,
|
|
|
|
}
|
|
|
|
return
|
2015-05-21 05:23:48 +02:00
|
|
|
}
|
|
|
|
|
2015-06-23 13:23:39 +02:00
|
|
|
var v url.Values
|
|
|
|
v, err = url.ParseQuery(string(body))
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if a := v.Get("access_token"); a != "" {
|
|
|
|
s = &SessionState{AccessToken: a}
|
|
|
|
} else {
|
|
|
|
err = fmt.Errorf("no access token found %s", body)
|
|
|
|
}
|
|
|
|
return
|
2015-05-21 05:23:48 +02:00
|
|
|
}
|
2015-06-06 20:15:43 +02:00
|
|
|
|
2015-06-23 19:23:47 +02:00
|
|
|
// GetLoginURL with typical oauth parameters
|
2015-06-06 20:15:43 +02:00
|
|
|
func (p *ProviderData) GetLoginURL(redirectURI, finalRedirect string) string {
|
2015-06-23 19:23:47 +02:00
|
|
|
var a url.URL
|
2015-11-09 01:47:44 +02:00
|
|
|
a = *p.LoginURL
|
2015-06-23 19:23:47 +02:00
|
|
|
params, _ := url.ParseQuery(a.RawQuery)
|
|
|
|
params.Set("redirect_uri", redirectURI)
|
2015-07-26 01:27:49 +02:00
|
|
|
params.Set("approval_prompt", p.ApprovalPrompt)
|
2015-06-06 20:15:43 +02:00
|
|
|
params.Add("scope", p.Scope)
|
2015-06-23 19:23:47 +02:00
|
|
|
params.Set("client_id", p.ClientID)
|
|
|
|
params.Set("response_type", "code")
|
2017-03-28 03:11:15 +02:00
|
|
|
if strings.HasPrefix(finalRedirect, "/") && !strings.HasPrefix(finalRedirect,"//") {
|
2015-06-06 20:15:43 +02:00
|
|
|
params.Add("state", finalRedirect)
|
|
|
|
}
|
2015-06-23 19:23:47 +02:00
|
|
|
a.RawQuery = params.Encode()
|
|
|
|
return a.String()
|
2015-06-06 20:15:43 +02:00
|
|
|
}
|
2015-06-23 13:23:39 +02:00
|
|
|
|
|
|
|
// CookieForSession serializes a session state for storage in a cookie
|
|
|
|
func (p *ProviderData) CookieForSession(s *SessionState, c *cookie.Cipher) (string, error) {
|
|
|
|
return s.EncodeSessionState(c)
|
|
|
|
}
|
|
|
|
|
|
|
|
// SessionFromCookie deserializes a session from a cookie value
|
|
|
|
func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *SessionState, err error) {
|
|
|
|
return DecodeSessionState(v, c)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (p *ProviderData) GetEmailAddress(s *SessionState) (string, error) {
|
|
|
|
return "", errors.New("not implemented")
|
|
|
|
}
|
|
|
|
|
2015-08-20 12:07:02 +02:00
|
|
|
// ValidateGroup validates that the provided email exists in the configured provider
|
|
|
|
// email group(s).
|
|
|
|
func (p *ProviderData) ValidateGroup(email string) bool {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2015-06-23 13:23:39 +02:00
|
|
|
func (p *ProviderData) ValidateSessionState(s *SessionState) bool {
|
|
|
|
return validateToken(p, s.AccessToken, nil)
|
|
|
|
}
|
|
|
|
|
|
|
|
// RefreshSessionIfNeeded
|
|
|
|
func (p *ProviderData) RefreshSessionIfNeeded(s *SessionState) (bool, error) {
|
|
|
|
return false, nil
|
|
|
|
}
|