Basic logout flow and better UX

2020-05-26 11:11:53 +02:00
parent 44338f06e3
commit 2851c879b6
21 changed files with 298 additions and 75 deletions
--- a/internal/route/consent.go
+++ b/internal/route/consent.go
@ -10,7 +10,6 @@ import (

 func serveConsentPage(w http.ResponseWriter, r *http.Request) {
 	ctn := container.Must(r.Context())
-	//tmpl := template.Must(ctn)
 	hydr := hydra.Must(ctn)

 	challenge, err := hydr.ConsentChallenge(r)
@ -24,43 +23,29 @@ func serveConsentPage(w http.ResponseWriter, r *http.Request) {
 		panic(errors.Wrap(err, "could not retrieve consent challenge"))
 	}

-	res, err := hydr.ConsentRequest(challenge)
+	consentRes, err := hydr.ConsentRequest(challenge)
 	if err != nil {
 		panic(errors.Wrap(err, "could not retrieve hydra consent response"))
 	}

-	if res.Skip {
-		res, err := hydr.AcceptConsentRequest(challenge, &hydra.AcceptConsentRequest{
-			GrantScope:               res.RequestedScope,
-			GrantAccessTokenAudience: res.RequestedAccessTokenAudience,
-		})
-		if err != nil {
-			panic(errors.Wrap(err, "could not accept hydra consent request"))
-		}
+	scopes := []string{"email"}
+	scopes = append(scopes, consentRes.RequestedScope...)

-		http.Redirect(w, r, res.RedirectTo, http.StatusTemporaryRedirect)
-		return
+	acceptConsentReq := &hydra.AcceptConsentRequest{
+		GrantScope:               scopes,
+		GrantAccessTokenAudience: consentRes.RequestedAccessTokenAudience,
+		Session: hydra.AcceptConsentSession{
+			IDToken: map[string]interface{}{
+				"email":          consentRes.Context["email"],
+				"email_verified": true,
+			},
+		},
 	}

-	res2, err := hydr.AcceptConsentRequest(challenge, &hydra.AcceptConsentRequest{
-		GrantScope:               res.RequestedScope,
-		GrantAccessTokenAudience: res.RequestedAccessTokenAudience,
-	})
+	acceptRes, err := hydr.AcceptConsentRequest(challenge, acceptConsentReq)
 	if err != nil {
 		panic(errors.Wrap(err, "could not accept hydra consent request"))
 	}

-	http.Redirect(w, r, res2.RedirectTo, http.StatusTemporaryRedirect)
-
-	// spew.Dump(res)
-
-	// data := extendTemplateData(w, r, template.Data{
-	// 	csrf.TemplateTag:   csrf.TemplateField(r),
-	// 	"RequestedScope":   res.RequestedScope,
-	// 	"ConsentChallenge": challenge,
-	// })
-
-	// if err := tmpl.RenderPage(w, "consent.html.tmpl", data); err != nil {
-	// 	panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
-	// }
+	http.Redirect(w, r, acceptRes.RedirectTo, http.StatusTemporaryRedirect)
 }
--- a/internal/route/helper.go
+++ b/internal/route/helper.go
@ -22,3 +22,21 @@ func extendTemplateData(w http.ResponseWriter, r *http.Request, data template.Da

 	return data
 }
+
+func renderErrorPage(w http.ResponseWriter, r *http.Request, statusCode int, title, description string) error {
+	ctn := container.Must(r.Context())
+	tmpl := template.Must(ctn)
+
+	data := extendTemplateData(w, r, template.Data{
+		"ErrorTitle":       title,
+		"ErrorDescription": description,
+	})
+
+	w.WriteHeader(statusCode)
+
+	if err := tmpl.RenderPage(w, "error.html.tmpl", data); err != nil {
+		return errors.Wrap(err, "could not render error page")
+	}
+
+	return nil
+}
--- a/internal/route/home.go
+++ b/internal/route/home.go
@ -0,0 +1,20 @@
+package route
+
+import (
+	"net/http"
+
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/middleware/container"
+	"gitlab.com/wpetit/goweb/service/template"
+)
+
+func serveHomePage(w http.ResponseWriter, r *http.Request) {
+	ctn := container.Must(r.Context())
+	tmpl := template.Must(ctn)
+
+	data := extendTemplateData(w, r, template.Data{})
+
+	if err := tmpl.RenderPage(w, "home.html.tmpl", data); err != nil {
+		panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
+	}
+}
--- a/internal/route/login.go
+++ b/internal/route/login.go
@ -21,7 +21,15 @@ func serveLoginPage(w http.ResponseWriter, r *http.Request) {
 	challenge, err := hydr.LoginChallenge(r)
 	if err != nil {
 		if err == hydra.ErrChallengeNotFound {
-			http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+			err := renderErrorPage(
+				w, r,
+				http.StatusBadRequest,
+				"Requête invalide",
+				"Certaines informations requises afin de réaliser votre requête sont absentes.",
+			)
+			if err != nil {
+				panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
+			}

 			return
 		}
@ -35,15 +43,20 @@ func serveLoginPage(w http.ResponseWriter, r *http.Request) {
 	}

 	if res.Skip {
-		res, err := hydr.RejectLoginRequest(challenge, &hydra.RejectRequest{
-			Error:            "email_not_validated",
-			ErrorDescription: "The email adress could not be verified.",
-		})
-		if err != nil {
-			panic(errors.Wrap(err, "could not reject hydra authentication request"))
+		accept := &hydra.AcceptLoginRequest{
+			Subject: res.Subject,
+			Context: map[string]interface{}{
+				"email": res.Subject,
+			},
 		}

-		http.Redirect(w, r, res.RedirectTo, http.StatusTemporaryRedirect)
+		res, err := hydr.AcceptLoginRequest(challenge, accept)
+		if err != nil {
+			panic(errors.Wrap(err, "could not retrieve hydra accept response"))
+		}
+
+		http.Redirect(w, r, res.RedirectTo, http.StatusSeeOther)
+
 		return
 	}

@ -53,6 +66,8 @@ func serveLoginPage(w http.ResponseWriter, r *http.Request) {
 		csrf.TemplateTag: csrf.TemplateField(r),
 		"LoginChallenge": challenge,
 		"Email":          "",
+		"ClientName":     res.Client.ClientName,
+		"ClientURI":      res.Client.ClientURI,
 	})

 	if err := tmpl.RenderPage(w, "login.html.tmpl", data); err != nil {
@ -64,6 +79,7 @@ func handleLoginForm(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	ctn := container.Must(ctx)
 	tmpl := template.Must(ctn)
+	hydr := hydra.Must(ctn)
 	bus := cqrs.Must(ctn)

 	if err := r.ParseForm(); err != nil {
@ -72,9 +88,30 @@ func handleLoginForm(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	email := r.Form.Get("email")
 	challenge := r.Form.Get("challenge")

+	if challenge == "" {
+		err := renderErrorPage(
+			w, r,
+			http.StatusBadRequest,
+			"Requête invalide",
+			"Certaines informations requises sont manquantes pour pouvoir réaliser votre requête.",
+		)
+		if err != nil {
+			panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
+		}
+
+		return
+	}
+
+	res, err := hydr.LoginRequest(challenge)
+	if err != nil {
+		panic(errors.Wrap(err, "could not retrieve hydra login response"))
+	}
+
+	email := r.Form.Get("email")
+	rememberMe := r.Form.Get("rememberMe")
+
 	renderFlashError := func(message string) {
 		sess, err := session.Must(ctn).Get(w, r)
 		if err != nil {
@ -91,6 +128,8 @@ func handleLoginForm(w http.ResponseWriter, r *http.Request) {
 			csrf.TemplateTag: csrf.TemplateField(r),
 			"LoginChallenge": challenge,
 			"Email":          email,
+			"ClientName":     res.Client.ClientName,
+			"ClientURI":      res.Client.ClientURI,
 		})

 		if err := tmpl.RenderPage(w, "login.html.tmpl", data); err != nil {
@ -104,17 +143,14 @@ func handleLoginForm(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if challenge == "" {
-		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
-
-		return
-	}
-
 	cmd := &command.SendConfirmationEmailRequest{
 		Email:          email,
 		Challenge:      challenge,
 		DefaultScheme:  r.URL.Scheme,
 		DefaultAddress: r.Host,
+		RememberMe:     rememberMe == "on",
+		ClientName:     res.Client.ClientName,
+		ClientURI:      res.Client.ClientURI,
 	}
 	if _, err := bus.Exec(ctx, cmd); err != nil {
 		panic(errors.Wrap(err, "could not execute command"))
--- a/internal/route/logout.go
+++ b/internal/route/logout.go
@ -2,8 +2,36 @@ package route

 import (
 	"net/http"
+
+	"forge.cadoles.com/wpetit/hydra-passwordless/internal/hydra"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/middleware/container"
 )

 func serveLogoutPage(w http.ResponseWriter, r *http.Request) {
+	ctn := container.Must(r.Context())
+	hydr := hydra.Must(ctn)

+	challenge, err := hydr.LogoutChallenge(r)
+	if err != nil {
+		if err == hydra.ErrChallengeNotFound {
+			http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+
+			return
+		}
+
+		panic(errors.Wrap(err, "could not retrieve logout challenge"))
+	}
+
+	_, err = hydr.LogoutRequest(challenge)
+	if err != nil {
+		panic(errors.Wrap(err, "could not retrieve hydra logout response"))
+	}
+
+	acceptRes, err := hydr.AcceptLogoutRequest(challenge)
+	if err != nil {
+		panic(errors.Wrap(err, "could not retrieve hydra accept logout response"))
+	}
+
+	http.Redirect(w, r, acceptRes.RedirectTo, http.StatusSeeOther)
 }
--- a/internal/route/mount.go
+++ b/internal/route/mount.go
@ -23,7 +23,7 @@ func Mount(r *chi.Mux, config *config.Config) error {

 	r.Group(func(r chi.Router) {
 		r.Use(csrfMiddleware)
-
+		r.Get("/", serveHomePage)
 		r.Get("/login", serveLoginPage)
 		r.Post("/login", handleLoginForm)
 		r.Get("/logout", serveLogoutPage)
--- a/internal/route/verify.go
+++ b/internal/route/verify.go
@ -32,6 +32,18 @@ func handleVerification(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		logger.Error(ctx, "could not verify token", logger.E(err))

+		err := renderErrorPage(
+			w, r,
+			http.StatusBadRequest,
+			"Lien invalide",
+			"Le lien de connexion utilisé est invalide ou a expiré.",
+		)
+		if err != nil {
+			panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
+		}
+
+		return
+
 		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
 	}

@ -43,7 +55,12 @@ func handleVerification(w http.ResponseWriter, r *http.Request) {
 	hydr := hydra.Must(ctn)

 	accept := &hydra.AcceptLoginRequest{
-		Subject: verifyUserData.Email,
+		Subject:     verifyUserData.Email,
+		Remember:    verifyUserData.RememberMe,
+		RememberFor: 3600,
+		Context: map[string]interface{}{
+			"email": verifyUserData.Email,
+		},
 	}

 	res, err := hydr.AcceptLoginRequest(verifyUserData.Challenge, accept)