Fix correct redirection after login flow, and update test client

This commit is contained in:
Melon 2024-02-10 02:53:58 +00:00
parent 861d55f6a9
commit 0c668253a8
Signed by: melon
GPG Key ID: 6C9D970C50D26A25
6 changed files with 20 additions and 18 deletions

View File

@ -17,6 +17,7 @@
</div> </div>
<div> <div>
<form method="POST" action="/login"> <form method="POST" action="/login">
<input type="hidden" name="redirect" value="{{.Redirect}}"/>
<input type="hidden" name="loginname" value="{{.LoginName}}"/> <input type="hidden" name="loginname" value="{{.LoginName}}"/>
<button type="submit">Continue</button> <button type="submit">Continue</button>
</form> </form>

View File

@ -10,6 +10,7 @@
</header> </header>
<main> <main>
<form method="POST" action="/login"> <form method="POST" action="/login">
<input type="hidden" name="redirect" value="{{.Redirect}}"/>
<div> <div>
<label for="field_loginname">Login Name:</label> <label for="field_loginname">Login Name:</label>
<input type="text" name="loginname" id="field_loginname" required/> <input type="text" name="loginname" id="field_loginname" required/>

View File

@ -33,11 +33,13 @@ func (h *HttpServer) loginGet(rw http.ResponseWriter, req *http.Request, _ httpr
pages.RenderPageTemplate(rw, "login-memory", map[string]any{ pages.RenderPageTemplate(rw, "login-memory", map[string]any{
"ServiceName": h.conf.ServiceName, "ServiceName": h.conf.ServiceName,
"LoginName": cookie.Value, "LoginName": cookie.Value,
"Redirect": req.URL.Query().Get("redirect"),
}) })
return return
} }
pages.RenderPageTemplate(rw, "login", map[string]any{ pages.RenderPageTemplate(rw, "login", map[string]any{
"ServiceName": h.conf.ServiceName, "ServiceName": h.conf.ServiceName,
"Redirect": req.URL.Query().Get("redirect"),
}) })
} }
@ -85,7 +87,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
// save state for use later // save state for use later
state := login.Config.Namespace + ":" + uuid.NewString() state := login.Config.Namespace + ":" + uuid.NewString()
h.flowState.Set(state, flowStateData{login}, time.Now().Add(15*time.Minute)) h.flowState.Set(state, flowStateData{login, req.PostFormValue("redirect")}, time.Now().Add(15*time.Minute))
// generate oauth2 config and redirect to authorize URL // generate oauth2 config and redirect to authorize URL
oa2conf := login.OAuth2Config oa2conf := login.OAuth2Config
@ -135,6 +137,9 @@ func (h *HttpServer) loginCallback(rw http.ResponseWriter, req *http.Request, _
http.Error(rw, "Internal Server Error", http.StatusInternalServerError) http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
return return
} }
if flowState.redirect != "" {
req.Form.Set("redirect", flowState.redirect)
}
h.SafeRedirect(rw, req) h.SafeRedirect(rw, req)
} }

View File

@ -42,6 +42,7 @@ type HttpServer struct {
type flowStateData struct { type flowStateData struct {
sso *issuer.WellKnownOIDC sso *issuer.WellKnownOIDC
redirect string
} }
func NewHttpServer(conf Conf, db *database.DB, signingKey mjwt.Signer) *http.Server { func NewHttpServer(conf Conf, db *database.DB, signingKey mjwt.Signer) *http.Server {

View File

@ -6,24 +6,17 @@
<script> <script>
const ssoService = "http://localhost:9090"; const ssoService = "http://localhost:9090";
POP2.init(ssoService + "/authorize", "bc36b32c-83cb-404e-8736-cb207f30afe3", "openid profile", 500, 600); POP2.init(ssoService + "/authorize", "f4cdb93d-fe28-427b-b037-f03f44c86a16", "openid profile", 500, 600);
function updateTokenInfo(data) { function updateTokenInfo(data) {
document.getElementById("someTextArea").textContent = JSON.stringify(data, null, 2); document.getElementById("someTextArea").textContent = JSON.stringify(data, null, 2);
} }
function parseJwt(token) {
const base64Url = token.split('.')[1];
const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
const jsonPayload = decodeURIComponent(window.atob(base64).split('').map(function (c) {
return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
}).join(''));
return JSON.parse(jsonPayload);
}
function doThisThing() { function doThisThing() {
POP2.clientRequest(ssoService + "/userinfo", {}, true).then(function (x) { POP2.clientRequest(ssoService + "/userinfo", {}, true).then(function (x) {
console.log(x); return x.json();
}).then(function (x) {
updateTokenInfo(x);
}).catch(function (x) { }).catch(function (x) {
console.error(x); console.error(x);
}); });

View File

@ -139,20 +139,21 @@
options.headers['Authorization'] = 'Bearer ' + access_token; options.headers['Authorization'] = 'Bearer ' + access_token;
return new Promise(function (res, rej) { return new Promise(function (res, rej) {
fetch(resource, options).then(function (x) { fetch(resource, options).then(function (x) {
if (x.statusCode >= 200 && x.statusCode < 300) res(x); if (x.status >= 200 && x.status < 300) res(x);
else rej(x); else rej(x);
}).catch(function (x) { }).catch(function (x) {
rej(x); rej(["failed to send request", x]);
}); });
}); });
}; };
const resendRequest = function() { const resendRequest = function () {
return new Promise(function (res, rej) { return new Promise(function (res, rej) {
w.POP2.getToken(function() { access_token = undefined;
w.POP2.getToken(function () {
sendRequest().then(function (x) { sendRequest().then(function (x) {
res(x); res(x);
}).catch(function (x) { }).catch(function (x) {
rej(x); rej(["failed to resend request", x]);
}); });
}); });
}); });