Merge branch 'main' into feat/disable_playground
# Conflicts: # app/yarn.lock # dashboard/yarn.lock # server/constants/env.go # server/env/env.go # server/env/persist_env.go # server/graph/model/models_gen.go # server/memorystore/providers/redis/store.go
This commit is contained in:
lemonScaletech
@@ -32,11 +32,11 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
return func(ctx *gin.Context) {
|
||||
provider := ctx.Param("oauth_provider")
|
||||
state := ctx.Request.FormValue("state")
|
||||
|
||||
sessionState, err := memorystore.Provider.GetState(state)
|
||||
if sessionState == "" || err != nil {
|
||||
log.Debug("Invalid oauth state: ", state)
|
||||
ctx.JSON(400, gin.H{"error": "invalid oauth state"})
|
||||
return
|
||||
}
|
||||
// contains random token, redirect url, role
|
||||
sessionSplit := strings.Split(state, "___")
|
||||
@@ -46,32 +46,34 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
ctx.JSON(400, gin.H{"error": "invalid redirect url"})
|
||||
return
|
||||
}
|
||||
|
||||
// remove state from store
|
||||
go memorystore.Provider.RemoveState(state)
|
||||
|
||||
stateValue := sessionSplit[0]
|
||||
redirectURL := sessionSplit[1]
|
||||
inputRoles := strings.Split(sessionSplit[2], ",")
|
||||
scopes := strings.Split(sessionSplit[3], ",")
|
||||
|
||||
user := models.User{}
|
||||
var user *models.User
|
||||
oauthCode := ctx.Request.FormValue("code")
|
||||
if oauthCode == "" {
|
||||
log.Debug("Invalid oauth code: ", oauthCode)
|
||||
ctx.JSON(400, gin.H{"error": "invalid oauth code"})
|
||||
return
|
||||
}
|
||||
switch provider {
|
||||
case constants.AuthRecipeMethodGoogle:
|
||||
user, err = processGoogleUserInfo(oauthCode)
|
||||
user, err = processGoogleUserInfo(ctx, oauthCode)
|
||||
case constants.AuthRecipeMethodGithub:
|
||||
user, err = processGithubUserInfo(oauthCode)
|
||||
user, err = processGithubUserInfo(ctx, oauthCode)
|
||||
case constants.AuthRecipeMethodFacebook:
|
||||
user, err = processFacebookUserInfo(oauthCode)
|
||||
user, err = processFacebookUserInfo(ctx, oauthCode)
|
||||
case constants.AuthRecipeMethodLinkedIn:
|
||||
user, err = processLinkedInUserInfo(oauthCode)
|
||||
user, err = processLinkedInUserInfo(ctx, oauthCode)
|
||||
case constants.AuthRecipeMethodApple:
|
||||
user, err = processAppleUserInfo(oauthCode)
|
||||
user, err = processAppleUserInfo(ctx, oauthCode)
|
||||
case constants.AuthRecipeMethodTwitter:
|
||||
user, err = processTwitterUserInfo(oauthCode, sessionState)
|
||||
user, err = processTwitterUserInfo(ctx, oauthCode, sessionState)
|
||||
case constants.AuthRecipeMethodMicrosoft:
|
||||
user, err = processMicrosoftUserInfo(oauthCode)
|
||||
user, err = processMicrosoftUserInfo(ctx, oauthCode)
|
||||
default:
|
||||
log.Info("Invalid oauth provider")
|
||||
err = fmt.Errorf(`invalid oauth provider`)
|
||||
@@ -260,10 +262,12 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
go func() {
|
||||
if isSignUp {
|
||||
utils.RegisterEvent(ctx, constants.UserSignUpWebhookEvent, provider, user)
|
||||
// User is also logged in with signup
|
||||
utils.RegisterEvent(ctx, constants.UserLoginWebhookEvent, provider, user)
|
||||
} else {
|
||||
utils.RegisterEvent(ctx, constants.UserLoginWebhookEvent, provider, user)
|
||||
}
|
||||
db.Provider.AddSession(ctx, models.Session{
|
||||
db.Provider.AddSession(ctx, &models.Session{
|
||||
UserID: user.ID,
|
||||
UserAgent: utils.GetUserAgent(ctx.Request),
|
||||
IP: utils.GetIP(ctx.Request),
|
||||
@@ -279,15 +283,13 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
}
|
||||
}
|
||||
|
||||
func processGoogleUserInfo(code string) (models.User, error) {
|
||||
user := models.User{}
|
||||
ctx := context.Background()
|
||||
func processGoogleUserInfo(ctx context.Context, code string) (*models.User, error) {
|
||||
var user *models.User
|
||||
oauth2Token, err := oauth.OAuthProviders.GoogleConfig.Exchange(ctx, code)
|
||||
if err != nil {
|
||||
log.Debug("Failed to exchange code for token: ", err)
|
||||
return user, fmt.Errorf("invalid google exchange code: %s", err.Error())
|
||||
}
|
||||
|
||||
verifier := oauth.OIDCProviders.GoogleOIDC.Verifier(&oidc.Config{ClientID: oauth.OAuthProviders.GoogleConfig.ClientID})
|
||||
|
||||
// Extract the ID Token from OAuth2 token.
|
||||
@@ -312,9 +314,9 @@ func processGoogleUserInfo(code string) (models.User, error) {
|
||||
return user, nil
|
||||
}
|
||||
|
||||
func processGithubUserInfo(code string) (models.User, error) {
|
||||
user := models.User{}
|
||||
oauth2Token, err := oauth.OAuthProviders.GithubConfig.Exchange(context.TODO(), code)
|
||||
func processGithubUserInfo(ctx context.Context, code string) (*models.User, error) {
|
||||
var user *models.User
|
||||
oauth2Token, err := oauth.OAuthProviders.GithubConfig.Exchange(ctx, code)
|
||||
if err != nil {
|
||||
log.Debug("Failed to exchange code for token: ", err)
|
||||
return user, fmt.Errorf("invalid github exchange code: %s", err.Error())
|
||||
@@ -409,7 +411,7 @@ func processGithubUserInfo(code string) (models.User, error) {
|
||||
}
|
||||
}
|
||||
|
||||
user = models.User{
|
||||
user = &models.User{
|
||||
GivenName: &firstName,
|
||||
FamilyName: &lastName,
|
||||
Picture: &picture,
|
||||
@@ -419,9 +421,9 @@ func processGithubUserInfo(code string) (models.User, error) {
|
||||
return user, nil
|
||||
}
|
||||
|
||||
func processFacebookUserInfo(code string) (models.User, error) {
|
||||
user := models.User{}
|
||||
oauth2Token, err := oauth.OAuthProviders.FacebookConfig.Exchange(context.TODO(), code)
|
||||
func processFacebookUserInfo(ctx context.Context, code string) (*models.User, error) {
|
||||
var user *models.User
|
||||
oauth2Token, err := oauth.OAuthProviders.FacebookConfig.Exchange(ctx, code)
|
||||
if err != nil {
|
||||
log.Debug("Invalid facebook exchange code: ", err)
|
||||
return user, fmt.Errorf("invalid facebook exchange code: %s", err.Error())
|
||||
@@ -460,7 +462,7 @@ func processFacebookUserInfo(code string) (models.User, error) {
|
||||
lastName := fmt.Sprintf("%v", userRawData["last_name"])
|
||||
picture := fmt.Sprintf("%v", picDataObject["url"])
|
||||
|
||||
user = models.User{
|
||||
user = &models.User{
|
||||
GivenName: &firstName,
|
||||
FamilyName: &lastName,
|
||||
Picture: &picture,
|
||||
@@ -470,9 +472,9 @@ func processFacebookUserInfo(code string) (models.User, error) {
|
||||
return user, nil
|
||||
}
|
||||
|
||||
func processLinkedInUserInfo(code string) (models.User, error) {
|
||||
user := models.User{}
|
||||
oauth2Token, err := oauth.OAuthProviders.LinkedInConfig.Exchange(context.TODO(), code)
|
||||
func processLinkedInUserInfo(ctx context.Context, code string) (*models.User, error) {
|
||||
var user *models.User
|
||||
oauth2Token, err := oauth.OAuthProviders.LinkedInConfig.Exchange(ctx, code)
|
||||
if err != nil {
|
||||
log.Debug("Failed to exchange code for token: ", err)
|
||||
return user, fmt.Errorf("invalid linkedin exchange code: %s", err.Error())
|
||||
@@ -542,7 +544,7 @@ func processLinkedInUserInfo(code string) (models.User, error) {
|
||||
profilePicture := userRawData["profilePicture"].(map[string]interface{})["displayImage~"].(map[string]interface{})["elements"].([]interface{})[0].(map[string]interface{})["identifiers"].([]interface{})[0].(map[string]interface{})["identifier"].(string)
|
||||
emailAddress := emailRawData["elements"].([]interface{})[0].(map[string]interface{})["handle~"].(map[string]interface{})["emailAddress"].(string)
|
||||
|
||||
user = models.User{
|
||||
user = &models.User{
|
||||
GivenName: &firstName,
|
||||
FamilyName: &lastName,
|
||||
Picture: &profilePicture,
|
||||
@@ -552,9 +554,9 @@ func processLinkedInUserInfo(code string) (models.User, error) {
|
||||
return user, nil
|
||||
}
|
||||
|
||||
func processAppleUserInfo(code string) (models.User, error) {
|
||||
user := models.User{}
|
||||
oauth2Token, err := oauth.OAuthProviders.AppleConfig.Exchange(context.TODO(), code)
|
||||
func processAppleUserInfo(ctx context.Context, code string) (*models.User, error) {
|
||||
var user *models.User
|
||||
oauth2Token, err := oauth.OAuthProviders.AppleConfig.Exchange(ctx, code)
|
||||
if err != nil {
|
||||
log.Debug("Failed to exchange code for token: ", err)
|
||||
return user, fmt.Errorf("invalid apple exchange code: %s", err.Error())
|
||||
@@ -605,9 +607,9 @@ func processAppleUserInfo(code string) (models.User, error) {
|
||||
return user, err
|
||||
}
|
||||
|
||||
func processTwitterUserInfo(code, verifier string) (models.User, error) {
|
||||
user := models.User{}
|
||||
oauth2Token, err := oauth.OAuthProviders.TwitterConfig.Exchange(context.TODO(), code, oauth2.SetAuthURLParam("code_verifier", verifier))
|
||||
func processTwitterUserInfo(ctx context.Context, code, verifier string) (*models.User, error) {
|
||||
var user *models.User
|
||||
oauth2Token, err := oauth.OAuthProviders.TwitterConfig.Exchange(ctx, code, oauth2.SetAuthURLParam("code_verifier", verifier))
|
||||
if err != nil {
|
||||
log.Debug("Failed to exchange code for token: ", err)
|
||||
return user, fmt.Errorf("invalid twitter exchange code: %s", err.Error())
|
||||
@@ -662,7 +664,7 @@ func processTwitterUserInfo(code, verifier string) (models.User, error) {
|
||||
nickname := userRawData["username"].(string)
|
||||
profilePicture := userRawData["profile_image_url"].(string)
|
||||
|
||||
user = models.User{
|
||||
user = &models.User{
|
||||
GivenName: &firstName,
|
||||
FamilyName: &lastName,
|
||||
Picture: &profilePicture,
|
||||
@@ -673,24 +675,24 @@ func processTwitterUserInfo(code, verifier string) (models.User, error) {
|
||||
}
|
||||
|
||||
// process microsoft user information
|
||||
func processMicrosoftUserInfo(code string) (models.User, error) {
|
||||
user := models.User{}
|
||||
ctx := context.Background()
|
||||
func processMicrosoftUserInfo(ctx context.Context, code string) (*models.User, error) {
|
||||
var user *models.User
|
||||
oauth2Token, err := oauth.OAuthProviders.MicrosoftConfig.Exchange(ctx, code)
|
||||
if err != nil {
|
||||
log.Debug("Failed to exchange code for token: ", err)
|
||||
return user, fmt.Errorf("invalid google exchange code: %s", err.Error())
|
||||
return user, fmt.Errorf("invalid microsoft exchange code: %s", err.Error())
|
||||
}
|
||||
|
||||
verifier := oauth.OIDCProviders.MicrosoftOIDC.Verifier(&oidc.Config{ClientID: oauth.OAuthProviders.MicrosoftConfig.ClientID})
|
||||
|
||||
// we need to skip issuer check because for common tenant it will return internal issuer which does not match
|
||||
verifier := oauth.OIDCProviders.MicrosoftOIDC.Verifier(&oidc.Config{
|
||||
ClientID: oauth.OAuthProviders.MicrosoftConfig.ClientID,
|
||||
SkipIssuerCheck: true,
|
||||
})
|
||||
// Extract the ID Token from OAuth2 token.
|
||||
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
|
||||
if !ok {
|
||||
log.Debug("Failed to extract ID Token from OAuth2 token")
|
||||
return user, fmt.Errorf("unable to extract id_token")
|
||||
}
|
||||
|
||||
// Parse and verify ID Token payload.
|
||||
idToken, err := verifier.Verify(ctx, rawIDToken)
|
||||
if err != nil {
|
||||
|
||||
@@ -175,11 +175,12 @@ func VerifyEmailHandler() gin.HandlerFunc {
|
||||
go func() {
|
||||
if isSignUp {
|
||||
utils.RegisterEvent(c, constants.UserSignUpWebhookEvent, loginMethod, user)
|
||||
// User is also logged in with signup
|
||||
utils.RegisterEvent(c, constants.UserLoginWebhookEvent, loginMethod, user)
|
||||
} else {
|
||||
utils.RegisterEvent(c, constants.UserLoginWebhookEvent, loginMethod, user)
|
||||
}
|
||||
|
||||
db.Provider.AddSession(c, models.Session{
|
||||
db.Provider.AddSession(c, &models.Session{
|
||||
UserID: user.ID,
|
||||
UserAgent: utils.GetUserAgent(c.Request),
|
||||
IP: utils.GetIP(c.Request),
|
||||
|
||||
Reference in New Issue
Block a user