Use internal scopes within FancyScopeList

This commit is contained in:
Melon 2023-10-15 13:49:58 +01:00
parent 96df1deadf
commit f9ed40b8e5
Signed by: melon
GPG Key ID: 6C9D970C50D26A25
4 changed files with 31 additions and 40 deletions

View File

@ -26,44 +26,13 @@ func ScopesExist(scope string) bool {
// FancyScopeList takes a scope string and outputs a slice of scope descriptions // FancyScopeList takes a scope string and outputs a slice of scope descriptions
func FancyScopeList(scope string) (arr []string) { func FancyScopeList(scope string) (arr []string) {
seen := make(map[string]struct{}) a, err := internalGetScopes(scope, func(key, desc string) string {
outer: return desc
for { })
n := strings.IndexAny(scope, ", ") if err != nil {
var key string return nil
switch n {
case 0:
// first char is matching, no key name found, just continue
scope = scope[1:]
continue outer
case -1:
// no more matching chars, if scope is empty then we are done
if len(scope) == 0 {
return
}
// otherwise set the key and empty scope
key = scope
scope = ""
default:
// set the key and trim from scope
key = scope[:n]
scope = scope[n+1:]
}
// check if key has been seen already
if _, ok := seen[key]; ok {
continue outer
}
// set seen flag
seen[key] = struct{}{}
// output the description
if d := scopeDescription[key]; d != "" {
arr = append(arr, d)
}
} }
return a
} }
func internalGetScopes(scope string, f func(key, desc string) string) (arr []string, err error) { func internalGetScopes(scope string, f func(key, desc string) string) (arr []string, err error) {

View File

@ -5,6 +5,22 @@ import (
"testing" "testing"
) )
func TestScopesExist(t *testing.T) {
desc := scopeDescription
scopeDescription = map[string]string{
"a": "A",
"b": "B",
"c": "C",
}
assert.True(t, ScopesExist("a b c"))
assert.False(t, ScopesExist("a b d"))
assert.True(t, ScopesExist("a,b c"))
assert.False(t, ScopesExist("a,b d"))
scopeDescription = desc
}
func TestFancyScopeList(t *testing.T) { func TestFancyScopeList(t *testing.T) {
desc := scopeDescription desc := scopeDescription
scopeDescription = map[string]string{ scopeDescription = map[string]string{

View File

@ -84,7 +84,7 @@ func (h *HttpServer) ManageUsersPost(rw http.ResponseWriter, req *http.Request,
return return
} }
if role != database.RoleAdmin { if role != database.RoleAdmin {
http.Error(rw, "400 Bad Request: Only admin users can create SSO client applications", http.StatusBadRequest) http.Error(rw, "400 Bad Request: Only admin users can manage users", http.StatusBadRequest)
return return
} }

View File

@ -93,19 +93,25 @@ func (h *HttpServer) authorizeEndpoint(rw http.ResponseWriter, req *http.Request
return return
} }
scopeList := form.Get("scope")
if !scope.ScopesExist(scopeList) {
http.Error(rw, "Invalid scopes", http.StatusBadRequest)
return
}
rw.WriteHeader(http.StatusOK) rw.WriteHeader(http.StatusOK)
pages.RenderPageTemplate(rw, "oauth-authorize", map[string]any{ pages.RenderPageTemplate(rw, "oauth-authorize", map[string]any{
"ServiceName": h.conf.ServiceName, "ServiceName": h.conf.ServiceName,
"AppName": appName, "AppName": appName,
"AppDomain": appDomain, "AppDomain": appDomain,
"User": user, "User": user,
"WantsList": scope.FancyScopeList(form.Get("scope")), "WantsList": scope.FancyScopeList(scopeList),
"ResponseType": form.Get("response_type"), "ResponseType": form.Get("response_type"),
"ResponseMode": form.Get("response_mode"), "ResponseMode": form.Get("response_mode"),
"ClientID": form.Get("client_id"), "ClientID": form.Get("client_id"),
"RedirectUri": form.Get("redirect_uri"), "RedirectUri": form.Get("redirect_uri"),
"State": form.Get("state"), "State": form.Get("state"),
"Scope": form.Get("scope"), "Scope": scopeList,
"Nonce": form.Get("nonce"), "Nonce": form.Get("nonce"),
"HasOtp": hasOtp, "HasOtp": hasOtp,
}) })