package route import ( "fmt" "net/http" netMail "net/mail" "strings" "forge.cadoles.com/wpetit/hydra-passwordless/internal/command" "forge.cadoles.com/wpetit/hydra-passwordless/internal/config" "forge.cadoles.com/wpetit/hydra-passwordless/internal/hydra" "github.com/gorilla/csrf" "github.com/pkg/errors" "gitlab.com/wpetit/goweb/cqrs" "gitlab.com/wpetit/goweb/middleware/container" "gitlab.com/wpetit/goweb/service/session" "gitlab.com/wpetit/goweb/service/template" ) func serveLoginPage(w http.ResponseWriter, r *http.Request) { ctn := container.Must(r.Context()) hydr := hydra.Must(ctn) challenge, err := hydr.LoginChallenge(r) if err != nil { if err == hydra.ErrChallengeNotFound { err := renderErrorPage( w, r, http.StatusBadRequest, "Requête invalide", "Certaines informations requises afin de réaliser votre requête sont absentes.", ) if err != nil { panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path)) } return } panic(errors.Wrap(err, "could not retrieve login challenge")) } res, err := hydr.LoginRequest(challenge) if err != nil { panic(errors.Wrap(err, "could not retrieve hydra login response")) } if res.Skip { accept := &hydra.AcceptLoginRequest{ Subject: res.Subject, Context: map[string]interface{}{ "email": res.Subject, }, } res, err := hydr.AcceptLoginRequest(challenge, accept) if err != nil { panic(errors.Wrap(err, "could not retrieve hydra accept response")) } http.Redirect(w, r, res.RedirectTo, http.StatusSeeOther) return } tmpl := template.Must(ctn) data := extendTemplateData(w, r, template.Data{ csrf.TemplateTag: csrf.TemplateField(r), "LoginChallenge": challenge, "Email": "", "ClientName": res.Client.ClientName, "ClientURI": res.Client.ClientURI, }) if err := tmpl.RenderPage(w, "login.html.tmpl", data); err != nil { panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path)) } } func handleLoginForm(w http.ResponseWriter, r *http.Request) { ctx := r.Context() ctn := container.Must(ctx) tmpl := template.Must(ctn) hydr := hydra.Must(ctn) bus := cqrs.Must(ctn) conf := config.Must(ctn) if err := r.ParseForm(); err != nil { http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } challenge := r.Form.Get("challenge") if challenge == "" { err := renderErrorPage( w, r, http.StatusBadRequest, "Requête invalide", "Certaines informations requises sont manquantes pour pouvoir réaliser votre requête.", ) if err != nil { panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path)) } return } res, err := hydr.LoginRequest(challenge) if err != nil { panic(errors.Wrap(err, "could not retrieve hydra login response")) } email := r.Form.Get("email") rememberMe := r.Form.Get("rememberMe") renderFlashError := func(message string) { sess, err := session.Must(ctn).Get(w, r) if err != nil { panic(errors.Wrap(err, "could not retrieve session")) } sess.AddFlash(session.FlashError, message) if err := sess.Save(w, r); err != nil { panic(errors.Wrap(err, "could not save session")) } data := extendTemplateData(w, r, template.Data{ csrf.TemplateTag: csrf.TemplateField(r), "LoginChallenge": challenge, "Email": email, "ClientName": res.Client.ClientName, "ClientURI": res.Client.ClientURI, }) if err := tmpl.RenderPage(w, "login.html.tmpl", data); err != nil { panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path)) } } if _, err := netMail.ParseAddress(email); err != nil { renderFlashError("Veuillez saisir une adresse courriel valide") return } var baseURL string if conf.HTTP.BaseURL != "" { baseURL = strings.TrimSuffix(conf.HTTP.BaseURL, "/") } else { baseURL = fmt.Sprintf("%s//%s", r.Host, r.URL.Scheme) } cmd := &command.SendConfirmationEmailRequest{ Email: email, Challenge: challenge, BaseURL: baseURL, RememberMe: rememberMe == "on", ClientName: res.Client.ClientName, ClientURI: res.Client.ClientURI, } if _, err := bus.Exec(ctx, cmd); err != nil { panic(errors.Wrap(err, "could not execute command")) } data := extendTemplateData(w, r, template.Data{}) if err := tmpl.RenderPage(w, "email_sent.html.tmpl", data); err != nil { panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path)) } }