devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

feat: add test code to process apple user

Browse Source
This commit is contained in:
Lakhan Samani 2022-06-12 18:30:33 +05:30
parent 53a592ef63
commit 5646e7a0e7
3 changed files with 68 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/constants/signup_methods.go
View File

@ -13,4 +13,6 @@ const (
SignupMethodFacebook = "facebook" SignupMethodFacebook = "facebook"
// SignupMethodLinkedin is the linkedin signup method // SignupMethodLinkedin is the linkedin signup method
SignupMethodLinkedIn = "linkedin" SignupMethodLinkedIn = "linkedin"
// SignupMethodApple is the apple signup method
SignupMethodApple = "apple"
) )

56
server/handlers/oauth_callback.go
View File

@ -64,6 +64,8 @@ func OAuthCallbackHandler() gin.HandlerFunc {
user, err = processFacebookUserInfo(code) user, err = processFacebookUserInfo(code)
case constants.SignupMethodLinkedIn: case constants.SignupMethodLinkedIn:
user, err = processLinkedInUserInfo(code) user, err = processLinkedInUserInfo(code)
case constants.SignupMethodApple:
user, err = processAppleUserInfo(code)
default: default:
log.Info("Invalid oauth provider") log.Info("Invalid oauth provider")
err = fmt.Errorf(`invalid oauth provider`) err = fmt.Errorf(`invalid oauth provider`)
@ -261,7 +263,7 @@ func processGoogleUserInfo(code string) (models.User, error) {
func processGithubUserInfo(code string) (models.User, error) { func processGithubUserInfo(code string) (models.User, error) {
user := models.User{} user := models.User{}
token, err := oauth.OAuthProviders.GithubConfig.Exchange(oauth2.NoContext, code) oauth2Token, err := oauth.OAuthProviders.GithubConfig.Exchange(oauth2.NoContext, code)
if err != nil { if err != nil {
log.Debug("Failed to exchange code for token: ", err) log.Debug("Failed to exchange code for token: ", err)
return user, fmt.Errorf("invalid github exchange code: %s", err.Error()) return user, fmt.Errorf("invalid github exchange code: %s", err.Error())
@ -273,7 +275,7 @@ func processGithubUserInfo(code string) (models.User, error) {
return user, fmt.Errorf("error creating github user info request: %s", err.Error()) return user, fmt.Errorf("error creating github user info request: %s", err.Error())
} }
req.Header = http.Header{ req.Header = http.Header{
"Authorization": []string{fmt.Sprintf("token %s", token.AccessToken)}, "Authorization": []string{fmt.Sprintf("token %s", oauth2Token.AccessToken)},
} }
response, err := client.Do(req) response, err := client.Do(req)
@ -289,8 +291,8 @@ func processGithubUserInfo(code string) (models.User, error) {
return user, fmt.Errorf("failed to read github response body: %s", err.Error()) return user, fmt.Errorf("failed to read github response body: %s", err.Error())
} }
if response.StatusCode >= 400 { if response.StatusCode >= 400 {
log.Debug("Failed to request linkedin user info: ", string(body)) log.Debug("Failed to request github user info: ", string(body))
return user, fmt.Errorf("failed to request linkedin user info: %s", string(body)) return user, fmt.Errorf("failed to request github user info: %s", string(body))
} }
userRawData := make(map[string]string) userRawData := make(map[string]string)
@ -320,13 +322,13 @@ func processGithubUserInfo(code string) (models.User, error) {
func processFacebookUserInfo(code string) (models.User, error) { func processFacebookUserInfo(code string) (models.User, error) {
user := models.User{} user := models.User{}
token, err := oauth.OAuthProviders.FacebookConfig.Exchange(oauth2.NoContext, code) oauth2Token, err := oauth.OAuthProviders.FacebookConfig.Exchange(oauth2.NoContext, code)
if err != nil { if err != nil {
log.Debug("Invalid facebook exchange code: ", err) log.Debug("Invalid facebook exchange code: ", err)
return user, fmt.Errorf("invalid facebook exchange code: %s", err.Error()) return user, fmt.Errorf("invalid facebook exchange code: %s", err.Error())
} }
client := http.Client{} client := http.Client{}
req, err := http.NewRequest("GET", constants.FacebookUserInfoURL+token.AccessToken, nil) req, err := http.NewRequest("GET", constants.FacebookUserInfoURL+oauth2Token.AccessToken, nil)
if err != nil { if err != nil {
log.Debug("Error creating facebook user info request: ", err) log.Debug("Error creating facebook user info request: ", err)
return user, fmt.Errorf("error creating facebook user info request: %s", err.Error()) return user, fmt.Errorf("error creating facebook user info request: %s", err.Error())
@ -345,8 +347,8 @@ func processFacebookUserInfo(code string) (models.User, error) {
return user, fmt.Errorf("failed to read facebook response body: %s", err.Error()) return user, fmt.Errorf("failed to read facebook response body: %s", err.Error())
} }
if response.StatusCode >= 400 { if response.StatusCode >= 400 {
log.Debug("Failed to request linkedin user info: ", string(body)) log.Debug("Failed to request facebook user info: ", string(body))
return user, fmt.Errorf("failed to request linkedin user info: %s", string(body)) return user, fmt.Errorf("failed to request facebook user info: %s", string(body))
} }
userRawData := make(map[string]interface{}) userRawData := make(map[string]interface{})
json.Unmarshal(body, &userRawData) json.Unmarshal(body, &userRawData)
@ -371,7 +373,7 @@ func processFacebookUserInfo(code string) (models.User, error) {
func processLinkedInUserInfo(code string) (models.User, error) { func processLinkedInUserInfo(code string) (models.User, error) {
user := models.User{} user := models.User{}
token, err := oauth.OAuthProviders.LinkedInConfig.Exchange(oauth2.NoContext, code) oauth2Token, err := oauth.OAuthProviders.LinkedInConfig.Exchange(oauth2.NoContext, code)
if err != nil { if err != nil {
log.Debug("Failed to exchange code for token: ", err) log.Debug("Failed to exchange code for token: ", err)
return user, fmt.Errorf("invalid linkedin exchange code: %s", err.Error()) return user, fmt.Errorf("invalid linkedin exchange code: %s", err.Error())
@ -384,7 +386,7 @@ func processLinkedInUserInfo(code string) (models.User, error) {
return user, fmt.Errorf("error creating linkedin user info request: %s", err.Error()) return user, fmt.Errorf("error creating linkedin user info request: %s", err.Error())
} }
req.Header = http.Header{ req.Header = http.Header{
"Authorization": []string{fmt.Sprintf("Bearer %s", token.AccessToken)}, "Authorization": []string{fmt.Sprintf("Bearer %s", oauth2Token.AccessToken)},
} }
response, err := client.Do(req) response, err := client.Do(req)
@ -414,7 +416,7 @@ func processLinkedInUserInfo(code string) (models.User, error) {
return user, fmt.Errorf("error creating linkedin user info request: %s", err.Error()) return user, fmt.Errorf("error creating linkedin user info request: %s", err.Error())
} }
req.Header = http.Header{ req.Header = http.Header{
"Authorization": []string{fmt.Sprintf("Bearer %s", token.AccessToken)}, "Authorization": []string{fmt.Sprintf("Bearer %s", oauth2Token.AccessToken)},
} }
response, err = client.Do(req) response, err = client.Do(req)
@ -450,3 +452,35 @@ func processLinkedInUserInfo(code string) (models.User, error) {
return user, nil return user, nil
} }
func processAppleUserInfo(code string) (models.User, error) {
user := models.User{}
oauth2Token, err := oauth.OAuthProviders.AppleConfig.Exchange(oauth2.NoContext, code)
if err != nil {
log.Debug("Failed to exchange code for token: ", err)
return user, fmt.Errorf("invalid apple exchange code: %s", err.Error())
}
fmt.Println("=> token", oauth2Token.AccessToken)
// Extract the ID Token from OAuth2 token.
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
if !ok {
log.Debug("Failed to extract ID Token from OAuth2 token")
return user, fmt.Errorf("unable to extract id_token")
}
fmt.Println("=> rawIDToken", rawIDToken)
// Parse and verify ID Token payload.
claims, err := token.ParseJWTToken(rawIDToken)
if err != nil {
log.Debug("Failed to parse apple id token: ", err)
return user, err
}
fmt.Println("claims:", claims)
email := claims["email"].(string)
user.Email = email
return user, err
}

25
server/handlers/oauth_login.go
View File

@ -114,7 +114,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
return return
} }
// during the init of OAuthProvider authorizer url might be empty // during the init of OAuthProvider authorizer url might be empty
oauth.OAuthProviders.GoogleConfig.RedirectURL = hostname + "/oauth_callback/google" oauth.OAuthProviders.GoogleConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodGoogle
url := oauth.OAuthProviders.GoogleConfig.AuthCodeURL(oauthStateString) url := oauth.OAuthProviders.GoogleConfig.AuthCodeURL(oauthStateString)
c.Redirect(http.StatusTemporaryRedirect, url) c.Redirect(http.StatusTemporaryRedirect, url)
case constants.SignupMethodGithub: case constants.SignupMethodGithub:
@ -131,7 +131,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
}) })
return return
} }
oauth.OAuthProviders.GithubConfig.RedirectURL = hostname + "/oauth_callback/github" oauth.OAuthProviders.GithubConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodGithub
url := oauth.OAuthProviders.GithubConfig.AuthCodeURL(oauthStateString) url := oauth.OAuthProviders.GithubConfig.AuthCodeURL(oauthStateString)
c.Redirect(http.StatusTemporaryRedirect, url) c.Redirect(http.StatusTemporaryRedirect, url)
case constants.SignupMethodFacebook: case constants.SignupMethodFacebook:
@ -148,7 +148,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
}) })
return return
} }
oauth.OAuthProviders.FacebookConfig.RedirectURL = hostname + "/oauth_callback/facebook" oauth.OAuthProviders.FacebookConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodFacebook
url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString) url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)
c.Redirect(http.StatusTemporaryRedirect, url) c.Redirect(http.StatusTemporaryRedirect, url)
case constants.SignupMethodLinkedIn: case constants.SignupMethodLinkedIn:
@ -165,9 +165,26 @@ func OAuthLoginHandler() gin.HandlerFunc {
}) })
return return
} }
oauth.OAuthProviders.LinkedInConfig.RedirectURL = hostname + "/oauth_callback/linkedin" oauth.OAuthProviders.LinkedInConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodLinkedIn
url := oauth.OAuthProviders.LinkedInConfig.AuthCodeURL(oauthStateString) url := oauth.OAuthProviders.LinkedInConfig.AuthCodeURL(oauthStateString)
c.Redirect(http.StatusTemporaryRedirect, url) c.Redirect(http.StatusTemporaryRedirect, url)
case constants.SignupMethodApple:
if oauth.OAuthProviders.AppleConfig == nil {
log.Debug("Linkedin OAuth provider is not configured")
isProviderConfigured = false
break
}
err := memorystore.Provider.SetState(oauthStateString, constants.SignupMethodApple)
if err != nil {
log.Debug("Error setting state: ", err)
c.JSON(500, gin.H{
"error": "internal server error",
})
return
}
oauth.OAuthProviders.AppleConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodApple
url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString)
c.Redirect(http.StatusTemporaryRedirect, url)
default: default:
log.Debug("Invalid oauth provider: ", provider) log.Debug("Invalid oauth provider: ", provider)
c.JSON(422, gin.H{ c.JSON(422, gin.H{