MCPcopy
hub / github.com/yusing/godoxy / PostAuthCallbackHandler

Method PostAuthCallbackHandler

internal/auth/oidc.go:317–370  ·  view source on GitHub ↗
(w http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

315}
316
317func (auth *OIDCProvider) PostAuthCallbackHandler(w http.ResponseWriter, r *http.Request) {
318 // For testing purposes, skip provider verification
319 if common.IsTest {
320 auth.handleTestCallback(w, r)
321 return
322 }
323
324 // verify state
325 state, err := r.Cookie(auth.getAppScopedCookieName(CookieOauthState))
326 if err != nil {
327 auth.clearCookie(w, r)
328 WriteBlockPage(w, http.StatusBadRequest, "missing state cookie", "Back to Login", OIDCAuthInitPath)
329 return
330 }
331 if r.URL.Query().Get("state") != state.Value {
332 auth.clearCookie(w, r)
333 WriteBlockPage(w, http.StatusBadRequest, "invalid oauth state", "Back to Login", OIDCAuthInitPath)
334 return
335 }
336
337 code := r.URL.Query().Get("code")
338 oauth2Token, err := auth.oauthConfig.Exchange(r.Context(), code, optRedirectPostAuth(r))
339 if err != nil {
340 auth.clearCookie(w, r)
341 WriteBlockPage(w, http.StatusInternalServerError, "failed to exchange token", "Try again", OIDCAuthInitPath)
342 httputils.LogError(r).Msgf("failed to exchange token: %v", err)
343 return
344 }
345
346 idTokenJWT, idToken, err := auth.getIDToken(r.Context(), oauth2Token)
347 if err != nil {
348 auth.clearCookie(w, r)
349 WriteBlockPage(w, http.StatusInternalServerError, "failed to get ID token", "Try again", OIDCAuthInitPath)
350 httputils.LogError(r).Msgf("failed to get ID token: %v", err)
351 return
352 }
353
354 if oauth2Token.RefreshToken != "" {
355 claims, err := parseClaims(idToken)
356 if err != nil {
357 auth.clearCookie(w, r)
358 WriteBlockPage(w, http.StatusInternalServerError, "failed to parse claims", "Try again", OIDCAuthInitPath)
359 httputils.LogError(r).Msgf("failed to parse claims: %v", err)
360 return
361 }
362 session := newSession(claims.Username, claims.Groups)
363 storeOAuthRefreshToken(session.SessionID, claims.Username, oauth2Token.RefreshToken)
364 auth.setSessionTokenCookie(w, r, session)
365 }
366 auth.setIDTokenCookie(w, r, idTokenJWT, time.Until(idToken.Expiry))
367
368 // Redirect to home page
369 http.Redirect(w, r, "/", http.StatusFound)
370}
371
372func (auth *OIDCProvider) LogoutHandler(w http.ResponseWriter, r *http.Request) {
373 oauthToken, _ := r.Cookie(auth.getAppScopedCookieName(CookieOauthToken))

Callers 1

HandleAuthMethod · 0.95

Calls 14

handleTestCallbackMethod · 0.95
clearCookieMethod · 0.95
getIDTokenMethod · 0.95
setSessionTokenCookieMethod · 0.95
setIDTokenCookieMethod · 0.95
WriteBlockPageFunction · 0.85
optRedirectPostAuthFunction · 0.85
parseClaimsFunction · 0.85
newSessionFunction · 0.85
storeOAuthRefreshTokenFunction · 0.85
GetMethod · 0.65

Tested by

no test coverage detected