Basic but complete authentication flow
This commit is contained in:
@ -3,18 +3,64 @@ package route
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/hydra"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
"gitlab.com/wpetit/goweb/service/template"
|
||||
)
|
||||
|
||||
func serveConsentPage(w http.ResponseWriter, r *http.Request) {
|
||||
ctn := container.Must(r.Context())
|
||||
tmpl := template.Must(ctn)
|
||||
//tmpl := template.Must(ctn)
|
||||
hydr := hydra.Must(ctn)
|
||||
|
||||
data := extendTemplateData(w, r, template.Data{})
|
||||
challenge, err := hydr.ConsentChallenge(r)
|
||||
if err != nil {
|
||||
if err == hydra.ErrChallengeNotFound {
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
|
||||
if err := tmpl.RenderPage(w, "consent.html.tmpl", data); err != nil {
|
||||
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
||||
return
|
||||
}
|
||||
|
||||
panic(errors.Wrap(err, "could not retrieve consent challenge"))
|
||||
}
|
||||
|
||||
res, err := hydr.ConsentRequest(challenge)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve hydra consent response"))
|
||||
}
|
||||
|
||||
if res.Skip {
|
||||
res, err := hydr.AcceptConsentRequest(challenge, &hydra.AcceptConsentRequest{
|
||||
GrantScope: res.RequestedScope,
|
||||
GrantAccessTokenAudience: res.RequestedAccessTokenAudience,
|
||||
})
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not accept hydra consent request"))
|
||||
}
|
||||
|
||||
http.Redirect(w, r, res.RedirectTo, http.StatusTemporaryRedirect)
|
||||
return
|
||||
}
|
||||
|
||||
res2, err := hydr.AcceptConsentRequest(challenge, &hydra.AcceptConsentRequest{
|
||||
GrantScope: res.RequestedScope,
|
||||
GrantAccessTokenAudience: res.RequestedAccessTokenAudience,
|
||||
})
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not accept hydra consent request"))
|
||||
}
|
||||
|
||||
http.Redirect(w, r, res2.RedirectTo, http.StatusTemporaryRedirect)
|
||||
|
||||
// spew.Dump(res)
|
||||
|
||||
// data := extendTemplateData(w, r, template.Data{
|
||||
// csrf.TemplateTag: csrf.TemplateField(r),
|
||||
// "RequestedScope": res.RequestedScope,
|
||||
// "ConsentChallenge": challenge,
|
||||
// })
|
||||
|
||||
// if err := tmpl.RenderPage(w, "consent.html.tmpl", data); err != nil {
|
||||
// panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
||||
// }
|
||||
}
|
||||
|
||||
@ -1,20 +0,0 @@
|
||||
package route
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
"gitlab.com/wpetit/goweb/service/template"
|
||||
)
|
||||
|
||||
func serveHomePage(w http.ResponseWriter, r *http.Request) {
|
||||
ctn := container.Must(r.Context())
|
||||
tmpl := template.Must(ctn)
|
||||
|
||||
data := extendTemplateData(w, r, template.Data{})
|
||||
|
||||
if err := tmpl.RenderPage(w, "home.html.tmpl", data); err != nil {
|
||||
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,14 @@
|
||||
package route
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"net/http"
|
||||
netMail "net/mail"
|
||||
|
||||
"github.com/davecgh/go-spew/spew"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/config"
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/command"
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/hydra"
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/mail"
|
||||
"github.com/gorilla/csrf"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/cqrs"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
"gitlab.com/wpetit/goweb/service/session"
|
||||
"gitlab.com/wpetit/goweb/service/template"
|
||||
@ -39,7 +35,7 @@ func serveLoginPage(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
if res.Skip {
|
||||
res, err := hydr.RejectRequest(challenge, &hydra.RejectRequest{
|
||||
res, err := hydr.RejectLoginRequest(challenge, &hydra.RejectRequest{
|
||||
Error: "email_not_validated",
|
||||
ErrorDescription: "The email adress could not be verified.",
|
||||
})
|
||||
@ -65,9 +61,10 @@ func serveLoginPage(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func handleLoginForm(w http.ResponseWriter, r *http.Request) {
|
||||
ctn := container.Must(r.Context())
|
||||
ctx := r.Context()
|
||||
ctn := container.Must(ctx)
|
||||
tmpl := template.Must(ctn)
|
||||
hydr := hydra.Must(ctn)
|
||||
bus := cqrs.Must(ctn)
|
||||
|
||||
if err := r.ParseForm(); err != nil {
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
@ -113,30 +110,14 @@ func handleLoginForm(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
res, err := hydr.LoginRequest(challenge)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve hydra login response"))
|
||||
cmd := &command.SendConfirmationEmailRequest{
|
||||
Email: email,
|
||||
Challenge: challenge,
|
||||
DefaultScheme: r.URL.Scheme,
|
||||
DefaultAddress: r.Host,
|
||||
}
|
||||
|
||||
spew.Dump(res)
|
||||
|
||||
ml := mail.Must(ctn)
|
||||
conf := config.Must(ctn)
|
||||
|
||||
var buf bytes.Buffer
|
||||
if err := tmpl.Render(&buf, "verification_email.html.tmpl", template.Data{}); err != nil {
|
||||
panic(errors.Wrap(err, "could not render email template"))
|
||||
}
|
||||
|
||||
err = ml.Send(
|
||||
mail.WithSender(conf.SMTP.SenderAddress, conf.SMTP.SenderName),
|
||||
mail.WithRecipients(email),
|
||||
mail.WithSubject(fmt.Sprintf("[Authentification]")),
|
||||
mail.WithBody(mail.ContentTypeHTML, buf.String(), nil),
|
||||
mail.WithAlternativeBody(mail.ContentTypeText, "", nil),
|
||||
)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not send email"))
|
||||
if _, err := bus.Exec(ctx, cmd); err != nil {
|
||||
panic(errors.Wrap(err, "could not execute command"))
|
||||
}
|
||||
|
||||
data := extendTemplateData(w, r, template.Data{})
|
||||
|
||||
@ -1,10 +1,7 @@
|
||||
package route
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/config"
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/oidc"
|
||||
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/gorilla/csrf"
|
||||
@ -31,20 +28,9 @@ func Mount(r *chi.Mux, config *config.Config) error {
|
||||
r.Post("/login", handleLoginForm)
|
||||
r.Get("/logout", serveLogoutPage)
|
||||
r.Get("/consent", serveConsentPage)
|
||||
r.Get("/verify", handleVerification)
|
||||
})
|
||||
|
||||
if config.TestApp.Enabled {
|
||||
log.Println("test app enabled")
|
||||
|
||||
r.Route("/test", func(r chi.Router) {
|
||||
r.Group(func(r chi.Router) {
|
||||
r.Use(oidc.Middleware)
|
||||
|
||||
r.Get("/", serveTestAppHomePage)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
notFoundHandler := r.NotFoundHandler()
|
||||
r.Get("/*", static.Dir(config.HTTP.PublicDir, "", notFoundHandler))
|
||||
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
package route
|
||||
|
||||
import (
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
"gitlab.com/wpetit/goweb/service/template"
|
||||
)
|
||||
|
||||
func serveTestAppHomePage(w http.ResponseWriter, r *http.Request) {
|
||||
ctn := container.Must(r.Context())
|
||||
tmpl := template.Must(ctn)
|
||||
|
||||
data := extendTemplateData(w, r, template.Data{})
|
||||
|
||||
log.Println("rendering test app home")
|
||||
|
||||
if err := tmpl.RenderPage(w, "home.html.tmpl", data); err != nil {
|
||||
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
||||
}
|
||||
}
|
||||
55
internal/route/verify.go
Normal file
55
internal/route/verify.go
Normal file
@ -0,0 +1,55 @@
|
||||
package route
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/hydra"
|
||||
"forge.cadoles.com/wpetit/hydra-passwordless/internal/query"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/cqrs"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
)
|
||||
|
||||
func handleVerification(w http.ResponseWriter, r *http.Request) {
|
||||
ctn := container.Must(r.Context())
|
||||
bus := cqrs.Must(ctn)
|
||||
|
||||
token := r.URL.Query().Get("token")
|
||||
if token == "" {
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
qry := &query.VerifyUserRequest{
|
||||
Token: token,
|
||||
}
|
||||
|
||||
ctx := r.Context()
|
||||
|
||||
result, err := bus.Query(ctx, qry)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "could not verify token", logger.E(err))
|
||||
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
}
|
||||
|
||||
verifyUserData, ok := result.Data().(*query.VerifyUserData)
|
||||
if !ok {
|
||||
panic(errors.New("unexpected result data"))
|
||||
}
|
||||
|
||||
hydr := hydra.Must(ctn)
|
||||
|
||||
accept := &hydra.AcceptLoginRequest{
|
||||
Subject: verifyUserData.Email,
|
||||
}
|
||||
|
||||
res, err := hydr.AcceptLoginRequest(verifyUserData.Challenge, accept)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve hydra accept response"))
|
||||
}
|
||||
|
||||
http.Redirect(w, r, res.RedirectTo, http.StatusSeeOther)
|
||||
}
|
||||
Reference in New Issue
Block a user