hydra-passwordless/internal/route/login.go

148 lines
3.8 KiB
Go
Raw Normal View History

2020-04-08 08:56:42 +02:00
package route
import (
2020-04-24 09:27:07 +02:00
"bytes"
"fmt"
2020-04-08 08:56:42 +02:00
"net/http"
2020-04-24 09:27:07 +02:00
netMail "net/mail"
2020-04-08 08:56:42 +02:00
"github.com/davecgh/go-spew/spew"
2020-04-24 09:27:07 +02:00
"forge.cadoles.com/wpetit/hydra-passwordless/internal/config"
2020-04-08 08:56:42 +02:00
"forge.cadoles.com/wpetit/hydra-passwordless/internal/hydra"
2020-04-24 09:27:07 +02:00
"forge.cadoles.com/wpetit/hydra-passwordless/internal/mail"
2020-04-08 08:56:42 +02:00
"github.com/gorilla/csrf"
"github.com/pkg/errors"
"gitlab.com/wpetit/goweb/middleware/container"
2020-04-24 09:27:07 +02:00
"gitlab.com/wpetit/goweb/service/session"
2020-04-08 08:56:42 +02:00
"gitlab.com/wpetit/goweb/service/template"
)
func serveLoginPage(w http.ResponseWriter, r *http.Request) {
ctn := container.Must(r.Context())
hydr := hydra.Must(ctn)
challenge, err := hydr.LoginChallenge(r)
if err != nil {
if err == hydra.ErrChallengeNotFound {
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
panic(errors.Wrap(err, "could not retrieve login challenge"))
}
res, err := hydr.LoginRequest(challenge)
if err != nil {
panic(errors.Wrap(err, "could not retrieve hydra login response"))
}
2020-04-24 09:27:07 +02:00
if res.Skip {
res, err := hydr.RejectRequest(challenge, &hydra.RejectRequest{
Error: "email_not_validated",
ErrorDescription: "The email adress could not be verified.",
})
if err != nil {
panic(errors.Wrap(err, "could not reject hydra authentication request"))
}
http.Redirect(w, r, res.RedirectTo, http.StatusTemporaryRedirect)
return
}
2020-04-08 08:56:42 +02:00
tmpl := template.Must(ctn)
data := extendTemplateData(w, r, template.Data{
csrf.TemplateTag: csrf.TemplateField(r),
2020-04-24 09:27:07 +02:00
"LoginChallenge": challenge,
"Email": "",
2020-04-08 08:56:42 +02:00
})
if err := tmpl.RenderPage(w, "login.html.tmpl", data); err != nil {
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
}
}
func handleLoginForm(w http.ResponseWriter, r *http.Request) {
ctn := container.Must(r.Context())
tmpl := template.Must(ctn)
2020-04-24 09:27:07 +02:00
hydr := hydra.Must(ctn)
if err := r.ParseForm(); err != nil {
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
email := r.Form.Get("email")
challenge := r.Form.Get("challenge")
renderFlashError := func(message string) {
sess, err := session.Must(ctn).Get(w, r)
if err != nil {
panic(errors.Wrap(err, "could not retrieve session"))
}
sess.AddFlash(session.FlashError, message)
if err := sess.Save(w, r); err != nil {
panic(errors.Wrap(err, "could not save session"))
}
data := extendTemplateData(w, r, template.Data{
csrf.TemplateTag: csrf.TemplateField(r),
"LoginChallenge": challenge,
"Email": email,
})
if err := tmpl.RenderPage(w, "login.html.tmpl", data); err != nil {
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
}
}
if _, err := netMail.ParseAddress(email); err != nil {
renderFlashError("Veuillez saisir une adresse courriel valide")
return
}
if challenge == "" {
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
res, err := hydr.LoginRequest(challenge)
if err != nil {
panic(errors.Wrap(err, "could not retrieve hydra login response"))
}
spew.Dump(res)
ml := mail.Must(ctn)
conf := config.Must(ctn)
var buf bytes.Buffer
if err := tmpl.Render(&buf, "verification_email.html.tmpl", template.Data{}); err != nil {
panic(errors.Wrap(err, "could not render email template"))
}
err = ml.Send(
mail.WithSender(conf.SMTP.SenderAddress, conf.SMTP.SenderName),
mail.WithRecipients(email),
mail.WithSubject(fmt.Sprintf("[Authentification]")),
mail.WithBody(mail.ContentTypeHTML, buf.String(), nil),
mail.WithAlternativeBody(mail.ContentTypeText, "", nil),
)
if err != nil {
panic(errors.Wrap(err, "could not send email"))
}
2020-04-08 08:56:42 +02:00
data := extendTemplateData(w, r, template.Data{})
if err := tmpl.RenderPage(w, "email_sent.html.tmpl", data); err != nil {
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
}
}