Basic but complete authentication flow
This commit is contained in:
@ -1,17 +1,18 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"log"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"gitlab.com/wpetit/goweb/cqrs"
|
||||
"gitlab.com/wpetit/goweb/template/html"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/command"
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/config"
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/hydra"
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/mail"
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/oidc"
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/query"
|
||||
"github.com/gorilla/sessions"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/service"
|
||||
@ -51,6 +52,30 @@ func getServiceContainer(conf *config.Config) (*service.Container, error) {
|
||||
conf.HTTP.CookieEncryptionKey = string(cookieEncryptionKey)
|
||||
}
|
||||
|
||||
// Generate random token signing key if none is set
|
||||
if conf.HTTP.TokenSigningKey == "" {
|
||||
log.Println("could not find token signing key. generating one...")
|
||||
|
||||
tokenSigningKey, err := gorilla.GenerateRandomBytes(64)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "could not generate token signing key")
|
||||
}
|
||||
|
||||
conf.HTTP.TokenSigningKey = string(tokenSigningKey)
|
||||
}
|
||||
|
||||
// Generate random token encryption key if none is set
|
||||
if conf.HTTP.TokenEncryptionKey == "" {
|
||||
log.Println("could not find token encryption key. generating one...")
|
||||
|
||||
tokenEncryptionKey, err := gorilla.GenerateRandomBytes(32)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "could not generate token encryption key")
|
||||
}
|
||||
|
||||
conf.HTTP.TokenEncryptionKey = string(tokenEncryptionKey)
|
||||
}
|
||||
|
||||
// Create and initialize HTTP session service provider
|
||||
cookieStore := sessions.NewCookieStore(
|
||||
[]byte(conf.HTTP.CookieAuthenticationKey),
|
||||
@ -79,19 +104,6 @@ func getServiceContainer(conf *config.Config) (*service.Container, error) {
|
||||
// Create and expose config service provider
|
||||
ctn.Provide(config.ServiceName, config.ServiceProvider(conf))
|
||||
|
||||
if conf.TestApp.Enabled {
|
||||
ctx := context.Background()
|
||||
provider, err := oidc.NewProvider(ctx, conf.TestApp.IssuerURL)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "could not create oidc provider")
|
||||
}
|
||||
|
||||
ctn.Provide(oidc.ServiceName, oidc.ServiceProvider(
|
||||
oidc.WithCredentials(conf.TestApp.ClientID, conf.TestApp.ClientSecret),
|
||||
oidc.WithProvider(provider),
|
||||
))
|
||||
}
|
||||
|
||||
ctn.Provide(hydra.ServiceName, hydra.ServiceProvider(conf.Hydra.BaseURL, 30*time.Second))
|
||||
|
||||
ctn.Provide(mail.ServiceName, mail.ServiceProvider(
|
||||
@ -100,5 +112,22 @@ func getServiceContainer(conf *config.Config) (*service.Container, error) {
|
||||
mail.WithTLS(conf.SMTP.UseStartTLS, conf.SMTP.InsecureSkipVerify),
|
||||
))
|
||||
|
||||
ctn.Provide(cqrs.ServiceName, cqrs.ServiceProvider())
|
||||
|
||||
bus, err := cqrs.From(ctn)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
bus.RegisterCommand(
|
||||
cqrs.MatchCommandRequest(&command.SendConfirmationEmailRequest{}),
|
||||
cqrs.CommandHandlerFunc(command.HandleSendConfirmationEmailRequest),
|
||||
)
|
||||
|
||||
bus.RegisterQuery(
|
||||
cqrs.MatchQueryRequest(&query.VerifyUserRequest{}),
|
||||
cqrs.QueryHandlerFunc(query.HandleVerifyUserRequest),
|
||||
)
|
||||
|
||||
return ctn, nil
|
||||
}
|
||||
|
||||
@ -1,8 +1,34 @@
|
||||
{{define "title"}}Consent{{end}}
|
||||
{{define "title"}}Autorisation{{end}}
|
||||
{{define "body"}}
|
||||
<section class="home is-fullheight section">
|
||||
<div class="container">
|
||||
|
||||
<section class="hero is-fullheight">
|
||||
<div class="hero-body">
|
||||
<div class="container">
|
||||
<div class="columns">
|
||||
<div class="column is-4 is-offset-4">
|
||||
{{template "flash" .}}
|
||||
<p class="has-text-black title has-text-centered">
|
||||
Demande d'autorisation
|
||||
</p>
|
||||
<p class="has-text-black subtitle has-text-centered">
|
||||
Autorisez vous l'application à utiliser ces informations vous concernant ?
|
||||
</p>
|
||||
<div class="box">
|
||||
<form action="/consent" method="POST">
|
||||
{{range .RequestedScope}}
|
||||
<div class="">
|
||||
<label class="checkbox">
|
||||
<input type="checkbox" name="scope_{{ . }}">
|
||||
{{ . }}
|
||||
</label>
|
||||
</div>
|
||||
{{end}}
|
||||
{{ .csrfField }}
|
||||
<input name="challenge" type="hidden" value="{{ .ConsentChallenge }}" />
|
||||
<button type="submit" class="button is-link is-medium is-block is-fullwidth">Autoriser</button>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
{{end}}
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
{{define "title"}}Accueil{{end}}
|
||||
{{define "body"}}
|
||||
<section class="home is-fullheight section">
|
||||
<div class="container">
|
||||
{{template "header" .}}
|
||||
<h1>Bienvenue !</h1>
|
||||
{{template "footer" .}}
|
||||
</div>
|
||||
</section>
|
||||
{{end}}
|
||||
{{template "base" .}}
|
||||
Reference in New Issue
Block a user