mirror of
https://github.com/1f349/lavender.git
synced 2024-12-22 07:34:06 +00:00
Fix correct redirection after login flow, and update test client
This commit is contained in:
parent
861d55f6a9
commit
0c668253a8
@ -17,6 +17,7 @@
|
|||||||
</div>
|
</div>
|
||||||
<div>
|
<div>
|
||||||
<form method="POST" action="/login">
|
<form method="POST" action="/login">
|
||||||
|
<input type="hidden" name="redirect" value="{{.Redirect}}"/>
|
||||||
<input type="hidden" name="loginname" value="{{.LoginName}}"/>
|
<input type="hidden" name="loginname" value="{{.LoginName}}"/>
|
||||||
<button type="submit">Continue</button>
|
<button type="submit">Continue</button>
|
||||||
</form>
|
</form>
|
||||||
|
@ -10,6 +10,7 @@
|
|||||||
</header>
|
</header>
|
||||||
<main>
|
<main>
|
||||||
<form method="POST" action="/login">
|
<form method="POST" action="/login">
|
||||||
|
<input type="hidden" name="redirect" value="{{.Redirect}}"/>
|
||||||
<div>
|
<div>
|
||||||
<label for="field_loginname">Login Name:</label>
|
<label for="field_loginname">Login Name:</label>
|
||||||
<input type="text" name="loginname" id="field_loginname" required/>
|
<input type="text" name="loginname" id="field_loginname" required/>
|
||||||
|
@ -33,11 +33,13 @@ func (h *HttpServer) loginGet(rw http.ResponseWriter, req *http.Request, _ httpr
|
|||||||
pages.RenderPageTemplate(rw, "login-memory", map[string]any{
|
pages.RenderPageTemplate(rw, "login-memory", map[string]any{
|
||||||
"ServiceName": h.conf.ServiceName,
|
"ServiceName": h.conf.ServiceName,
|
||||||
"LoginName": cookie.Value,
|
"LoginName": cookie.Value,
|
||||||
|
"Redirect": req.URL.Query().Get("redirect"),
|
||||||
})
|
})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
pages.RenderPageTemplate(rw, "login", map[string]any{
|
pages.RenderPageTemplate(rw, "login", map[string]any{
|
||||||
"ServiceName": h.conf.ServiceName,
|
"ServiceName": h.conf.ServiceName,
|
||||||
|
"Redirect": req.URL.Query().Get("redirect"),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -85,7 +87,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
|
|||||||
|
|
||||||
// save state for use later
|
// save state for use later
|
||||||
state := login.Config.Namespace + ":" + uuid.NewString()
|
state := login.Config.Namespace + ":" + uuid.NewString()
|
||||||
h.flowState.Set(state, flowStateData{login}, time.Now().Add(15*time.Minute))
|
h.flowState.Set(state, flowStateData{login, req.PostFormValue("redirect")}, time.Now().Add(15*time.Minute))
|
||||||
|
|
||||||
// generate oauth2 config and redirect to authorize URL
|
// generate oauth2 config and redirect to authorize URL
|
||||||
oa2conf := login.OAuth2Config
|
oa2conf := login.OAuth2Config
|
||||||
@ -135,6 +137,9 @@ func (h *HttpServer) loginCallback(rw http.ResponseWriter, req *http.Request, _
|
|||||||
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
|
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if flowState.redirect != "" {
|
||||||
|
req.Form.Set("redirect", flowState.redirect)
|
||||||
|
}
|
||||||
h.SafeRedirect(rw, req)
|
h.SafeRedirect(rw, req)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -42,6 +42,7 @@ type HttpServer struct {
|
|||||||
|
|
||||||
type flowStateData struct {
|
type flowStateData struct {
|
||||||
sso *issuer.WellKnownOIDC
|
sso *issuer.WellKnownOIDC
|
||||||
|
redirect string
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewHttpServer(conf Conf, db *database.DB, signingKey mjwt.Signer) *http.Server {
|
func NewHttpServer(conf Conf, db *database.DB, signingKey mjwt.Signer) *http.Server {
|
||||||
|
@ -6,24 +6,17 @@
|
|||||||
<script>
|
<script>
|
||||||
const ssoService = "http://localhost:9090";
|
const ssoService = "http://localhost:9090";
|
||||||
|
|
||||||
POP2.init(ssoService + "/authorize", "bc36b32c-83cb-404e-8736-cb207f30afe3", "openid profile", 500, 600);
|
POP2.init(ssoService + "/authorize", "f4cdb93d-fe28-427b-b037-f03f44c86a16", "openid profile", 500, 600);
|
||||||
|
|
||||||
function updateTokenInfo(data) {
|
function updateTokenInfo(data) {
|
||||||
document.getElementById("someTextArea").textContent = JSON.stringify(data, null, 2);
|
document.getElementById("someTextArea").textContent = JSON.stringify(data, null, 2);
|
||||||
}
|
}
|
||||||
|
|
||||||
function parseJwt(token) {
|
|
||||||
const base64Url = token.split('.')[1];
|
|
||||||
const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
|
|
||||||
const jsonPayload = decodeURIComponent(window.atob(base64).split('').map(function (c) {
|
|
||||||
return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
|
|
||||||
}).join(''));
|
|
||||||
return JSON.parse(jsonPayload);
|
|
||||||
}
|
|
||||||
|
|
||||||
function doThisThing() {
|
function doThisThing() {
|
||||||
POP2.clientRequest(ssoService + "/userinfo", {}, true).then(function (x) {
|
POP2.clientRequest(ssoService + "/userinfo", {}, true).then(function (x) {
|
||||||
console.log(x);
|
return x.json();
|
||||||
|
}).then(function (x) {
|
||||||
|
updateTokenInfo(x);
|
||||||
}).catch(function (x) {
|
}).catch(function (x) {
|
||||||
console.error(x);
|
console.error(x);
|
||||||
});
|
});
|
||||||
|
@ -139,20 +139,21 @@
|
|||||||
options.headers['Authorization'] = 'Bearer ' + access_token;
|
options.headers['Authorization'] = 'Bearer ' + access_token;
|
||||||
return new Promise(function (res, rej) {
|
return new Promise(function (res, rej) {
|
||||||
fetch(resource, options).then(function (x) {
|
fetch(resource, options).then(function (x) {
|
||||||
if (x.statusCode >= 200 && x.statusCode < 300) res(x);
|
if (x.status >= 200 && x.status < 300) res(x);
|
||||||
else rej(x);
|
else rej(x);
|
||||||
}).catch(function (x) {
|
}).catch(function (x) {
|
||||||
rej(x);
|
rej(["failed to send request", x]);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
const resendRequest = function () {
|
const resendRequest = function () {
|
||||||
return new Promise(function (res, rej) {
|
return new Promise(function (res, rej) {
|
||||||
|
access_token = undefined;
|
||||||
w.POP2.getToken(function () {
|
w.POP2.getToken(function () {
|
||||||
sendRequest().then(function (x) {
|
sendRequest().then(function (x) {
|
||||||
res(x);
|
res(x);
|
||||||
}).catch(function (x) {
|
}).catch(function (x) {
|
||||||
rej(x);
|
rej(["failed to resend request", x]);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user