(c *gin.Context)
| 372 | } |
| 373 | |
| 374 | func (controller *OIDCController) Userinfo(c *gin.Context) { |
| 375 | if !controller.oidc.IsConfigured() { |
| 376 | tlog.App.Warn().Msg("OIDC not configured") |
| 377 | c.JSON(404, gin.H{ |
| 378 | "error": "not_found", |
| 379 | }) |
| 380 | return |
| 381 | } |
| 382 | |
| 383 | var token string |
| 384 | |
| 385 | authorization := c.GetHeader("Authorization") |
| 386 | if authorization != "" { |
| 387 | tokenType, bearerToken, ok := strings.Cut(authorization, " ") |
| 388 | if !ok { |
| 389 | tlog.App.Warn().Msg("OIDC userinfo accessed with malformed authorization header") |
| 390 | c.JSON(401, gin.H{ |
| 391 | "error": "invalid_request", |
| 392 | }) |
| 393 | return |
| 394 | } |
| 395 | |
| 396 | if strings.ToLower(tokenType) != "bearer" { |
| 397 | tlog.App.Warn().Msg("OIDC userinfo accessed with invalid token type") |
| 398 | c.JSON(401, gin.H{ |
| 399 | "error": "invalid_request", |
| 400 | }) |
| 401 | return |
| 402 | } |
| 403 | |
| 404 | token = bearerToken |
| 405 | } else if c.Request.Method == http.MethodPost { |
| 406 | if c.ContentType() != "application/x-www-form-urlencoded" { |
| 407 | tlog.App.Warn().Msg("OIDC userinfo POST accessed with invalid content type") |
| 408 | c.JSON(400, gin.H{ |
| 409 | "error": "invalid_request", |
| 410 | }) |
| 411 | return |
| 412 | } |
| 413 | token = c.PostForm("access_token") |
| 414 | if token == "" { |
| 415 | tlog.App.Warn().Msg("OIDC userinfo POST accessed without access_token in body") |
| 416 | c.JSON(401, gin.H{ |
| 417 | "error": "invalid_request", |
| 418 | }) |
| 419 | return |
| 420 | } |
| 421 | } else { |
| 422 | tlog.App.Warn().Msg("OIDC userinfo accessed without authorization header") |
| 423 | c.JSON(401, gin.H{ |
| 424 | "error": "invalid_request", |
| 425 | }) |
| 426 | return |
| 427 | } |
| 428 | |
| 429 | entry, err := controller.oidc.GetAccessToken(c, controller.oidc.Hash(token)) |
| 430 | |
| 431 | if err != nil { |
nothing calls this directly
no test coverage detected