(rw http.ResponseWriter, req *http.Request, overrides url.Values)
| 823 | } |
| 824 | |
| 825 | func (p *OAuthProxy) doOAuthStart(rw http.ResponseWriter, req *http.Request, overrides url.Values) { |
| 826 | extraParams := p.provider.Data().LoginURLParams(overrides) |
| 827 | prepareNoCache(rw) |
| 828 | |
| 829 | var ( |
| 830 | err error |
| 831 | codeChallenge, codeVerifier, codeChallengeMethod string |
| 832 | ) |
| 833 | if p.provider.Data().CodeChallengeMethod != "" { |
| 834 | codeChallengeMethod = p.provider.Data().CodeChallengeMethod |
| 835 | codeVerifier, err = encryption.GenerateCodeVerifierString(96) |
| 836 | if err != nil { |
| 837 | logger.Errorf("Unable to build random ASCII string for code verifier: %v", err) |
| 838 | p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error()) |
| 839 | return |
| 840 | } |
| 841 | |
| 842 | codeChallenge, err = encryption.GenerateCodeChallenge(p.provider.Data().CodeChallengeMethod, codeVerifier) |
| 843 | if err != nil { |
| 844 | logger.Errorf("Error creating code challenge: %v", err) |
| 845 | p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error()) |
| 846 | return |
| 847 | } |
| 848 | |
| 849 | extraParams.Add("code_challenge", codeChallenge) |
| 850 | extraParams.Add("code_challenge_method", codeChallengeMethod) |
| 851 | } |
| 852 | |
| 853 | csrf, err := cookies.NewCSRF(p.CookieOptions, codeVerifier) |
| 854 | if err != nil { |
| 855 | logger.Errorf("Error creating CSRF nonce: %v", err) |
| 856 | p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error()) |
| 857 | return |
| 858 | } |
| 859 | |
| 860 | appRedirect, err := p.appDirector.GetRedirect(req) |
| 861 | if err != nil { |
| 862 | logger.Errorf("Error obtaining application redirect: %v", err) |
| 863 | p.ErrorPage(rw, req, http.StatusBadRequest, err.Error()) |
| 864 | return |
| 865 | } |
| 866 | |
| 867 | callbackRedirect := p.getOAuthRedirectURI(req) |
| 868 | loginURL := p.provider.GetLoginURL( |
| 869 | callbackRedirect, |
| 870 | encodeState(csrf.HashOAuthState(), appRedirect, p.encodeState), |
| 871 | csrf.HashOIDCNonce(), |
| 872 | extraParams, |
| 873 | ) |
| 874 | cookies.ClearExtraCsrfCookies(p.CookieOptions, rw, req) |
| 875 | if _, err := csrf.SetCookie(rw, req); err != nil { |
| 876 | logger.Errorf("Error setting CSRF cookie: %v", err) |
| 877 | p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error()) |
| 878 | return |
| 879 | } |
| 880 | http.Redirect(rw, req, loginURL, http.StatusFound) |
| 881 | } |
| 882 |
no test coverage detected