(c *gin.Context)
| 106 | } |
| 107 | |
| 108 | func (controller *OIDCController) Authorize(c *gin.Context) { |
| 109 | if !controller.oidc.IsConfigured() { |
| 110 | controller.authorizeError(c, errors.New("err_oidc_not_configured"), "OIDC not configured", "This instance is not configured for OIDC", "", "", "") |
| 111 | return |
| 112 | } |
| 113 | |
| 114 | userContext, err := utils.GetContext(c) |
| 115 | |
| 116 | if err != nil { |
| 117 | controller.authorizeError(c, err, "Failed to get user context", "User is not logged in or the session is invalid", "", "", "") |
| 118 | return |
| 119 | } |
| 120 | |
| 121 | if !userContext.IsLoggedIn { |
| 122 | controller.authorizeError(c, errors.New("err user not logged in"), "User not logged in", "The user is not logged in", "", "", "") |
| 123 | return |
| 124 | } |
| 125 | |
| 126 | var req service.AuthorizeRequest |
| 127 | |
| 128 | err = c.BindJSON(&req) |
| 129 | if err != nil { |
| 130 | controller.authorizeError(c, err, "Failed to bind JSON", "The client provided an invalid authorization request", "", "", "") |
| 131 | return |
| 132 | } |
| 133 | |
| 134 | client, ok := controller.oidc.GetClient(req.ClientID) |
| 135 | |
| 136 | if !ok { |
| 137 | controller.authorizeError(c, err, "Client not found", "The client ID is invalid", "", "", "") |
| 138 | return |
| 139 | } |
| 140 | |
| 141 | err = controller.oidc.ValidateAuthorizeParams(req) |
| 142 | |
| 143 | if err != nil { |
| 144 | tlog.App.Error().Err(err).Msg("Failed to validate authorize params") |
| 145 | if err.Error() != "invalid_request_uri" { |
| 146 | controller.authorizeError(c, err, "Failed validate authorize params", "Invalid request parameters", req.RedirectURI, err.Error(), req.State) |
| 147 | return |
| 148 | } |
| 149 | controller.authorizeError(c, err, "Redirect URI not trusted", "The provided redirect URI is not trusted", "", "", "") |
| 150 | return |
| 151 | } |
| 152 | |
| 153 | // WARNING: Since Tinyauth is stateless, we cannot have a sub that never changes. We will just create a uuid out of the username and client name which remains stable, but if username or client name changes then sub changes too. |
| 154 | sub := utils.GenerateUUID(fmt.Sprintf("%s:%s", userContext.Username, client.ID)) |
| 155 | code := utils.GenerateString(32) |
| 156 | |
| 157 | // Before storing the code, delete old session |
| 158 | err = controller.oidc.DeleteOldSession(c, sub) |
| 159 | if err != nil { |
| 160 | controller.authorizeError(c, err, "Failed to delete old sessions", "Failed to delete old sessions", req.RedirectURI, "server_error", req.State) |
| 161 | return |
| 162 | } |
| 163 | |
| 164 | err = controller.oidc.StoreCode(c, sub, code, req) |
| 165 |
nothing calls this directly
no test coverage detected