devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix: token + redirect

Browse Source
This commit is contained in:
Lakhan Samani 2022-03-16 21:44:57 +05:30
parent 83001b859c
commit 99b846811a
12 changed files with 65 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -12,3 +12,5 @@ data.db
.env.local .env.local
*.tar.gz *.tar.gz
.vscode/ .vscode/
.yalc
yalc.lock

30
app/package-lock.json generated
View File

@ -9,7 +9,7 @@
"version": "1.0.0", "version": "1.0.0",
"license": "ISC", "license": "ISC",
"dependencies": { "dependencies": {
"@authorizerdev/authorizer-react": "latest", "@authorizerdev/authorizer-react": "0.10.0",
"@types/react": "^17.0.15", "@types/react": "^17.0.15",
"@types/react-dom": "^17.0.9", "@types/react-dom": "^17.0.9",
"esbuild": "^0.12.17", "esbuild": "^0.12.17",
@ -24,9 +24,9 @@
} }
}, },
"node_modules/@authorizerdev/authorizer-js": { "node_modules/@authorizerdev/authorizer-js": {
"version": "0.4.0-beta.3", "version": "0.5.0",
"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.4.0-beta.3.tgz", "resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.5.0.tgz",
"integrity": "sha512-OGZc6I6cnpi/WkSotkjVIc3LEzl8pFeiohr8+Db9xWd75/oTfOZqWRuIHTnTc1FC+6Sv2EjTJ9Aa6lrloWG+NQ==", "integrity": "sha512-O7T275ry4fJznQObnjYHPXvOtTtbv91NNFPh/x1jGs5iOC8MWvpnd7lbLvcnKbs0vPnZmFTzEUx8kCW2Z0o9Hg==",
"dependencies": { "dependencies": {
"node-fetch": "^2.6.1" "node-fetch": "^2.6.1"
}, },
@ -35,11 +35,11 @@
} }
}, },
"node_modules/@authorizerdev/authorizer-react": { "node_modules/@authorizerdev/authorizer-react": {
"version": "0.9.0-beta.7", "version": "0.10.0",
"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.9.0-beta.7.tgz", "resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.10.0.tgz",
"integrity": "sha512-hCGsVionKMZNk+uD0CLtMIkUzhQqpHbVntko3rY+O7ouOrTrikY/WQVPbo1bqX1cu/6/cHE4RVU3cZ7V5xnxVg==", "integrity": "sha512-0z/i+ystihxRbqERi984EGV5S9VK95uA2GwjtUfl8pEx7PwrmQYq+iis39kn/fSHDGVkekIHFkm071QDbn4XkQ==",
"dependencies": { "dependencies": {
"@authorizerdev/authorizer-js": "^0.4.0-beta.3", "@authorizerdev/authorizer-js": "^0.5.0",
"final-form": "^4.20.2", "final-form": "^4.20.2",
"react-final-form": "^6.5.3", "react-final-form": "^6.5.3",
"styled-components": "^5.3.0" "styled-components": "^5.3.0"
@ -829,19 +829,19 @@
}, },
"dependencies": { "dependencies": {
"@authorizerdev/authorizer-js": { "@authorizerdev/authorizer-js": {
"version": "0.4.0-beta.3", "version": "0.5.0",
"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.4.0-beta.3.tgz", "resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.5.0.tgz",
"integrity": "sha512-OGZc6I6cnpi/WkSotkjVIc3LEzl8pFeiohr8+Db9xWd75/oTfOZqWRuIHTnTc1FC+6Sv2EjTJ9Aa6lrloWG+NQ==", "integrity": "sha512-O7T275ry4fJznQObnjYHPXvOtTtbv91NNFPh/x1jGs5iOC8MWvpnd7lbLvcnKbs0vPnZmFTzEUx8kCW2Z0o9Hg==",
"requires": { "requires": {
"node-fetch": "^2.6.1" "node-fetch": "^2.6.1"
} }
}, },
"@authorizerdev/authorizer-react": { "@authorizerdev/authorizer-react": {
"version": "0.9.0-beta.7", "version": "0.10.0",
"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.9.0-beta.7.tgz", "resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.10.0.tgz",
"integrity": "sha512-hCGsVionKMZNk+uD0CLtMIkUzhQqpHbVntko3rY+O7ouOrTrikY/WQVPbo1bqX1cu/6/cHE4RVU3cZ7V5xnxVg==", "integrity": "sha512-0z/i+ystihxRbqERi984EGV5S9VK95uA2GwjtUfl8pEx7PwrmQYq+iis39kn/fSHDGVkekIHFkm071QDbn4XkQ==",
"requires": { "requires": {
"@authorizerdev/authorizer-js": "^0.4.0-beta.3", "@authorizerdev/authorizer-js": "^0.5.0",
"final-form": "^4.20.2", "final-form": "^4.20.2",
"react-final-form": "^6.5.3", "react-final-form": "^6.5.3",
"styled-components": "^5.3.0" "styled-components": "^5.3.0"

2
app/package.json
View File

@ -11,7 +11,7 @@
"author": "Lakhan Samani", "author": "Lakhan Samani",
"license": "ISC", "license": "ISC",
"dependencies": { "dependencies": {
"@authorizerdev/authorizer-react": "latest", "@authorizerdev/authorizer-react": "0.10.0",
"@types/react": "^17.0.15", "@types/react": "^17.0.15",
"@types/react-dom": "^17.0.9", "@types/react-dom": "^17.0.9",
"esbuild": "^0.12.17", "esbuild": "^0.12.17",

9
server/db/models/user.go
View File

@ -32,6 +32,9 @@ type User struct {
func (user *User) AsAPIUser() *model.User { func (user *User) AsAPIUser() *model.User {
isEmailVerified := user.EmailVerifiedAt != nil isEmailVerified := user.EmailVerifiedAt != nil
isPhoneVerified := user.PhoneNumberVerifiedAt != nil isPhoneVerified := user.PhoneNumberVerifiedAt != nil
email := user.Email
createdAt := user.CreatedAt
updatedAt := user.UpdatedAt
return &model.User{ return &model.User{
ID: user.ID, ID: user.ID,
Email: user.Email, Email: user.Email,
@ -41,14 +44,14 @@ func (user *User) AsAPIUser() *model.User {
FamilyName: user.FamilyName, FamilyName: user.FamilyName,
MiddleName: user.MiddleName, MiddleName: user.MiddleName,
Nickname: user.Nickname, Nickname: user.Nickname,
PreferredUsername: &user.Email, PreferredUsername: &email,
Gender: user.Gender, Gender: user.Gender,
Birthdate: user.Birthdate, Birthdate: user.Birthdate,
PhoneNumber: user.PhoneNumber, PhoneNumber: user.PhoneNumber,
PhoneNumberVerified: &isPhoneVerified, PhoneNumberVerified: &isPhoneVerified,
Picture: user.Picture, Picture: user.Picture,
Roles: strings.Split(user.Roles, ","), Roles: strings.Split(user.Roles, ","),
CreatedAt: &user.CreatedAt, CreatedAt: &createdAt,
UpdatedAt: &user.UpdatedAt, UpdatedAt: &updatedAt,
} }
} }

24
server/db/models/verification_requests.go
View File

@ -17,15 +17,23 @@ type VerificationRequest struct {
} }
func (v *VerificationRequest) AsAPIVerificationRequest() *model.VerificationRequest { func (v *VerificationRequest) AsAPIVerificationRequest() *model.VerificationRequest {
token := v.Token
createdAt := v.CreatedAt
updatedAt := v.UpdatedAt
email := v.Email
nonce := v.Nonce
redirectURI := v.RedirectURI
expires := v.ExpiresAt
identifier := v.Identifier
return &model.VerificationRequest{ return &model.VerificationRequest{
ID: v.ID, ID: v.ID,
Token: &v.Token, Token: &token,
Identifier: &v.Identifier, Identifier: &identifier,
Expires: &v.ExpiresAt, Expires: &expires,
CreatedAt: &v.CreatedAt, CreatedAt: &createdAt,
UpdatedAt: &v.UpdatedAt, UpdatedAt: &updatedAt,
Email: &v.Email, Email: &email,
Nonce: &v.Nonce, Nonce: &nonce,
RedirectURI: &v.RedirectURI, RedirectURI: &redirectURI,
} }
} }

9
server/graph/generated/generated.go
View File

@ -1358,6 +1358,7 @@ input SignUpInput {
confirm_password: String! confirm_password: String!
roles: [String!] roles: [String!]
scope: [String!] scope: [String!]
redirect_uri: String
} }
input LoginInput { input LoginInput {
@ -7415,6 +7416,14 @@ func (ec *executionContext) unmarshalInputSignUpInput(ctx context.Context, obj i
if err != nil { if err != nil {
return it, err return it, err
} }
case "redirect_uri":
var err error
ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("redirect_uri"))
it.RedirectURI, err = ec.unmarshalOString2ᚖstring(ctx, v)
if err != nil {
return it, err
}
} }
} }

1
server/graph/model/models_gen.go
View File

@ -159,6 +159,7 @@ type SignUpInput struct {
ConfirmPassword string `json:"confirm_password"` ConfirmPassword string `json:"confirm_password"`
Roles []string `json:"roles"` Roles []string `json:"roles"`
Scope []string `json:"scope"` Scope []string `json:"scope"`
RedirectURI *string `json:"redirect_uri"`
} }
type UpdateEnvInput struct { type UpdateEnvInput struct {

1
server/graph/schema.graphqls
View File

@ -182,6 +182,7 @@ input SignUpInput {
confirm_password: String! confirm_password: String!
roles: [String!] roles: [String!]
scope: [String!] scope: [String!]
redirect_uri: String
} }
input LoginInput { input LoginInput {

3
server/handlers/authorize.go
View File

@ -1,6 +1,7 @@
package handlers package handlers
import ( import (
"fmt"
"net/http" "net/http"
"strconv" "strconv"
"strings" "strings"
@ -50,6 +51,8 @@ func AuthorizeHandler() gin.HandlerFunc {
gc.JSON(400, gin.H{"error": "invalid response mode"}) gc.JSON(400, gin.H{"error": "invalid response mode"})
} }
fmt.Println("=> redirect URI:", redirectURI)
fmt.Println("=> state:", state)
if redirectURI == "" { if redirectURI == "" {
redirectURI = "/app" redirectURI = "/app"
} }

4
server/handlers/oauth_login.go
View File

@ -16,7 +16,11 @@ import (
func OAuthLoginHandler() gin.HandlerFunc { func OAuthLoginHandler() gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
hostname := utils.GetHost(c) hostname := utils.GetHost(c)
// deprecating redirectURL instead use redirect_uri
redirectURI := strings.TrimSpace(c.Query("redirectURL")) redirectURI := strings.TrimSpace(c.Query("redirectURL"))
if redirectURI == "" {
redirectURI = strings.TrimSpace(c.Query("redirect_uri"))
}
roles := strings.TrimSpace(c.Query("roles")) roles := strings.TrimSpace(c.Query("roles"))
state := strings.TrimSpace(c.Query("state")) state := strings.TrimSpace(c.Query("state"))
scopeString := strings.TrimSpace(c.Query("scope")) scopeString := strings.TrimSpace(c.Query("scope"))

4
server/handlers/token.go
View File

@ -110,8 +110,6 @@ func TokenHandler() gin.HandlerFunc {
return return
} }
// rollover the session for security
sessionstore.RemoveState(sessionDataSplit[1])
// validate session // validate session
claims, err := token.ValidateBrowserSession(gc, sessionDataSplit[1]) claims, err := token.ValidateBrowserSession(gc, sessionDataSplit[1])
if err != nil { if err != nil {
@ -121,6 +119,8 @@ func TokenHandler() gin.HandlerFunc {
}) })
return return
} }
// rollover the session for security
sessionstore.RemoveState(sessionDataSplit[1])
userID = claims.Subject userID = claims.Subject
roles = claims.Roles roles = claims.Roles
scope = claims.Scope scope = claims.Scope

6
server/resolvers/update_user.go
View File

@ -154,6 +154,8 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
return res, err return res, err
} }
createdAt := user.CreatedAt
updatedAt := user.UpdatedAt
res = &model.User{ res = &model.User{
ID: params.ID, ID: params.ID,
Email: user.Email, Email: user.Email,
@ -161,8 +163,8 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
GivenName: user.GivenName, GivenName: user.GivenName,
FamilyName: user.FamilyName, FamilyName: user.FamilyName,
Roles: strings.Split(user.Roles, ","), Roles: strings.Split(user.Roles, ","),
CreatedAt: &user.CreatedAt, CreatedAt: &createdAt,
UpdatedAt: &user.UpdatedAt, UpdatedAt: &updatedAt,
} }
return res, nil return res, nil
} }