(w http.ResponseWriter, r *http.Request)
| 315 | } |
| 316 | |
| 317 | func (auth *OIDCProvider) PostAuthCallbackHandler(w http.ResponseWriter, r *http.Request) { |
| 318 | // For testing purposes, skip provider verification |
| 319 | if common.IsTest { |
| 320 | auth.handleTestCallback(w, r) |
| 321 | return |
| 322 | } |
| 323 | |
| 324 | // verify state |
| 325 | state, err := r.Cookie(auth.getAppScopedCookieName(CookieOauthState)) |
| 326 | if err != nil { |
| 327 | auth.clearCookie(w, r) |
| 328 | WriteBlockPage(w, http.StatusBadRequest, "missing state cookie", "Back to Login", OIDCAuthInitPath) |
| 329 | return |
| 330 | } |
| 331 | if r.URL.Query().Get("state") != state.Value { |
| 332 | auth.clearCookie(w, r) |
| 333 | WriteBlockPage(w, http.StatusBadRequest, "invalid oauth state", "Back to Login", OIDCAuthInitPath) |
| 334 | return |
| 335 | } |
| 336 | |
| 337 | code := r.URL.Query().Get("code") |
| 338 | oauth2Token, err := auth.oauthConfig.Exchange(r.Context(), code, optRedirectPostAuth(r)) |
| 339 | if err != nil { |
| 340 | auth.clearCookie(w, r) |
| 341 | WriteBlockPage(w, http.StatusInternalServerError, "failed to exchange token", "Try again", OIDCAuthInitPath) |
| 342 | httputils.LogError(r).Msgf("failed to exchange token: %v", err) |
| 343 | return |
| 344 | } |
| 345 | |
| 346 | idTokenJWT, idToken, err := auth.getIDToken(r.Context(), oauth2Token) |
| 347 | if err != nil { |
| 348 | auth.clearCookie(w, r) |
| 349 | WriteBlockPage(w, http.StatusInternalServerError, "failed to get ID token", "Try again", OIDCAuthInitPath) |
| 350 | httputils.LogError(r).Msgf("failed to get ID token: %v", err) |
| 351 | return |
| 352 | } |
| 353 | |
| 354 | if oauth2Token.RefreshToken != "" { |
| 355 | claims, err := parseClaims(idToken) |
| 356 | if err != nil { |
| 357 | auth.clearCookie(w, r) |
| 358 | WriteBlockPage(w, http.StatusInternalServerError, "failed to parse claims", "Try again", OIDCAuthInitPath) |
| 359 | httputils.LogError(r).Msgf("failed to parse claims: %v", err) |
| 360 | return |
| 361 | } |
| 362 | session := newSession(claims.Username, claims.Groups) |
| 363 | storeOAuthRefreshToken(session.SessionID, claims.Username, oauth2Token.RefreshToken) |
| 364 | auth.setSessionTokenCookie(w, r, session) |
| 365 | } |
| 366 | auth.setIDTokenCookie(w, r, idTokenJWT, time.Until(idToken.Expiry)) |
| 367 | |
| 368 | // Redirect to home page |
| 369 | http.Redirect(w, r, "/", http.StatusFound) |
| 370 | } |
| 371 | |
| 372 | func (auth *OIDCProvider) LogoutHandler(w http.ResponseWriter, r *http.Request) { |
| 373 | oauthToken, _ := r.Cookie(auth.getAppScopedCookieName(CookieOauthToken)) |
no test coverage detected