177 lines
4.4 KiB
Go
177 lines
4.4 KiB
Go
package hydra
|
|
|
|
import (
|
|
"encoding/gob"
|
|
"net/http"
|
|
netMail "net/mail"
|
|
|
|
"forge.cadoles.com/wpetit/hydra-webauthn/internal/hydra"
|
|
"forge.cadoles.com/wpetit/hydra-webauthn/internal/route/common"
|
|
"forge.cadoles.com/wpetit/hydra-webauthn/internal/webauthn"
|
|
"github.com/gorilla/csrf"
|
|
"github.com/pkg/errors"
|
|
"gitlab.com/wpetit/goweb/middleware/container"
|
|
"gitlab.com/wpetit/goweb/service/session"
|
|
"gitlab.com/wpetit/goweb/service/template"
|
|
)
|
|
|
|
func init() {
|
|
gob.Register(&webauthn.SessionData{})
|
|
}
|
|
|
|
func serveLoginPage(w http.ResponseWriter, r *http.Request) {
|
|
ctn := container.Must(r.Context())
|
|
hydr := hydra.Must(ctn)
|
|
|
|
challenge, err := hydr.LoginChallenge(r)
|
|
if err != nil {
|
|
if err == hydra.ErrChallengeNotFound {
|
|
err := common.RenderErrorPage(
|
|
w, r,
|
|
http.StatusBadRequest,
|
|
"Requête invalide",
|
|
"Certaines informations requises afin de réaliser votre requête sont absentes.",
|
|
)
|
|
if err != nil {
|
|
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
panic(errors.Wrap(err, "could not retrieve login challenge"))
|
|
}
|
|
|
|
res, err := hydr.LoginRequest(challenge)
|
|
if err != nil {
|
|
panic(errors.Wrap(err, "could not retrieve hydra login response"))
|
|
}
|
|
|
|
if res.Skip {
|
|
accept := &hydra.AcceptLoginRequest{
|
|
Subject: res.Subject,
|
|
Context: map[string]interface{}{
|
|
"username": res.Subject,
|
|
},
|
|
}
|
|
|
|
res, err := hydr.AcceptLoginRequest(challenge, accept)
|
|
if err != nil {
|
|
panic(errors.Wrap(err, "could not retrieve hydra accept response"))
|
|
}
|
|
|
|
http.Redirect(w, r, res.RedirectTo, http.StatusSeeOther)
|
|
|
|
return
|
|
}
|
|
|
|
webAuthn := webauthn.Must(ctn)
|
|
|
|
webAuthnOptions, webAuthnSessionData, err := webAuthn.BeginDiscoverableLogin()
|
|
if err != nil {
|
|
panic(errors.Wrap(err, "could not begin discoverable login"))
|
|
}
|
|
|
|
session := session.Must(ctn)
|
|
|
|
sess, err := session.Get(w, r)
|
|
if err != nil {
|
|
panic(errors.Wrap(err, "could not retrieve session"))
|
|
}
|
|
|
|
sess.Set("webauthn", webAuthnSessionData)
|
|
|
|
if err := sess.Save(w, r); err != nil {
|
|
panic(errors.Wrap(err, "could not save session"))
|
|
}
|
|
|
|
tmpl := template.Must(ctn)
|
|
|
|
data := common.ExtendTemplateData(w, r, template.Data{
|
|
csrf.TemplateTag: csrf.TemplateField(r),
|
|
"LoginChallenge": challenge,
|
|
"Username": "",
|
|
"ClientName": res.Client.ClientName,
|
|
"ClientURI": res.Client.ClientURI,
|
|
"WebAuthnOptions": webAuthnOptions,
|
|
})
|
|
|
|
if err := tmpl.RenderPage(w, "login.html.tmpl", data); err != nil {
|
|
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
|
}
|
|
}
|
|
|
|
func handleLoginForm(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
ctn := container.Must(ctx)
|
|
tmpl := template.Must(ctn)
|
|
hydr := hydra.Must(ctn)
|
|
|
|
if err := r.ParseForm(); err != nil {
|
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
|
|
|
return
|
|
}
|
|
|
|
challenge := r.Form.Get("challenge")
|
|
|
|
if challenge == "" {
|
|
err := common.RenderErrorPage(
|
|
w, r,
|
|
http.StatusBadRequest,
|
|
"Requête invalide",
|
|
"Certaines informations requises sont manquantes pour pouvoir réaliser votre requête.",
|
|
)
|
|
if err != nil {
|
|
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
res, err := hydr.LoginRequest(challenge)
|
|
if err != nil {
|
|
panic(errors.Wrap(err, "could not retrieve hydra login response"))
|
|
}
|
|
|
|
email := r.Form.Get("email")
|
|
// rememberMe := r.Form.Get("rememberMe")
|
|
|
|
renderFlashError := func(message string) {
|
|
sess, err := session.Must(ctn).Get(w, r)
|
|
if err != nil {
|
|
panic(errors.Wrap(err, "could not retrieve session"))
|
|
}
|
|
|
|
sess.AddFlash(session.FlashError, message)
|
|
|
|
if err := sess.Save(w, r); err != nil {
|
|
panic(errors.Wrap(err, "could not save session"))
|
|
}
|
|
|
|
data := common.ExtendTemplateData(w, r, template.Data{
|
|
csrf.TemplateTag: csrf.TemplateField(r),
|
|
"LoginChallenge": challenge,
|
|
"Email": email,
|
|
"ClientName": res.Client.ClientName,
|
|
"ClientURI": res.Client.ClientURI,
|
|
})
|
|
|
|
if err := tmpl.RenderPage(w, "login.html.tmpl", data); err != nil {
|
|
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
|
}
|
|
}
|
|
|
|
if _, err := netMail.ParseAddress(email); err != nil {
|
|
renderFlashError("Veuillez saisir une adresse courriel valide")
|
|
|
|
return
|
|
}
|
|
|
|
data := common.ExtendTemplateData(w, r, template.Data{})
|
|
|
|
if err := tmpl.RenderPage(w, "email_sent.html.tmpl", data); err != nil {
|
|
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
|
}
|
|
}
|