go/pocketbase
1
0
Fork 0
mirror of https://github.com/pocketbase/pocketbase.git synced 2024-11-21 13:35:49 +02:00
Code Issues Releases Activity

[#5074] redirect with 303 in case of a POST OAuth2 callback

Browse Source
This commit is contained in:
Gani Georgiev 2024-06-18 12:10:12 +03:00
parent d417b86fc0
commit af9cf33553
2 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
apis/record_auth.go
View File

@ -672,28 +672,33 @@ type oauth2RedirectData struct {
}
func (api *recordAuthApi) oauth2SubscriptionRedirect(c echo.Context) error {
redirectStatusCode := http.StatusTemporaryRedirect
if c.Request().Method != http.MethodGet {
redirectStatusCode = http.StatusSeeOther
}
data := oauth2RedirectData{}
if err := c.Bind(&data); err != nil {
api.app.Logger().Debug("Failed to read OAuth2 redirect data", "error", err)
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath)
return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath)
}
if data.State == "" {
api.app.Logger().Debug("Missing OAuth2 state parameter")
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath)
return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath)
}
client, err := api.app.SubscriptionsBroker().ClientById(data.State)
if err != nil || client.IsDiscarded() || !client.HasSubscription(oauth2SubscriptionTopic) {
api.app.Logger().Debug("Missing or invalid OAuth2 subscription client", "error", err, "clientId", data.State)
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath)
return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath)
}
defer client.Unsubscribe(oauth2SubscriptionTopic)
encodedData, err := json.Marshal(data)
if err != nil {
api.app.Logger().Debug("Failed to marshalize OAuth2 redirect data", "error", err)
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath)
return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath)
}
msg := subscriptions.Message{
@ -705,8 +710,8 @@ func (api *recordAuthApi) oauth2SubscriptionRedirect(c echo.Context) error {
if data.Error != "" || data.Code == "" {
api.app.Logger().Debug("Failed OAuth2 redirect due to an error or missing code parameter", "error", data.Error, "clientId", data.State)
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath)
return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath)
}
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectSuccessPath)
return c.Redirect(redirectStatusCode, oauth2RedirectSuccessPath)
}

2
apis/record_auth_test.go
View File

@ -1714,7 +1714,7 @@ func TestRecordAuthOAuth2Redirect(t *testing.T) {
BeforeTestFunc: beforeTestFunc(clientStubs[7], map[string][]string{
"c3": {`"state":"` + clientStubs[7]["c3"].Id(), `"code":"123"`},
}),
ExpectedStatus: http.StatusTemporaryRedirect,
ExpectedStatus: http.StatusSeeOther,
AfterTestFunc: func(t *testing.T, app *tests.TestApp, res *http.Response) {
app.Store().Get("cancelFunc").(context.CancelFunc)()