some error handling
This commit is contained in:
Livio Amstutz
parent
8ee38d2ec8
commit
10d671956a
3 changed files with 32 additions and 21 deletions
|
|
@ -1,7 +1,6 @@
|
||||||
package op
|
package op
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
|
||||||
"errors"
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
|
@ -234,16 +233,11 @@ func (p *DefaultOP) HandleAuthorizeCallback(w http.ResponseWriter, r *http.Reque
|
||||||
func (p *DefaultOP) HandleExchange(w http.ResponseWriter, r *http.Request) {
|
func (p *DefaultOP) HandleExchange(w http.ResponseWriter, r *http.Request) {
|
||||||
reqType := r.FormValue("grant_type")
|
reqType := r.FormValue("grant_type")
|
||||||
if reqType == "" {
|
if reqType == "" {
|
||||||
ExchangeRequestError(w, r, nil, ErrInvalidRequest("grant_type missing"))
|
ExchangeRequestError(w, r, ErrInvalidRequest("grant_type missing"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if reqType == string(oidc.GrantTypeCode) {
|
if reqType == string(oidc.GrantTypeCode) {
|
||||||
token, err := CodeExchange(w, r, p.storage, p.decoder)
|
CodeExchange(w, r, p.storage, p.decoder)
|
||||||
if err != nil {
|
|
||||||
|
|
||||||
}
|
|
||||||
b, _ := json.Marshal(token)
|
|
||||||
w.Write(b)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
p.handleTokenExchange(w, r)
|
p.handleTokenExchange(w, r)
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/caos/oidc/pkg/oidc"
|
"github.com/caos/oidc/pkg/oidc"
|
||||||
|
"github.com/caos/oidc/pkg/utils"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|
@ -47,8 +48,13 @@ func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq *oidc.Auth
|
||||||
http.Redirect(w, r, url, http.StatusFound)
|
http.Redirect(w, r, url, http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
func ExchangeRequestError(w http.ResponseWriter, r *http.Request, exchangeReq *oidc.AuthRequest, err error) {
|
func ExchangeRequestError(w http.ResponseWriter, r *http.Request, err error) {
|
||||||
|
e, ok := err.(*OAuthError)
|
||||||
|
if !ok {
|
||||||
|
e.ErrorType = ServerError
|
||||||
|
e.Description = err.Error()
|
||||||
|
}
|
||||||
|
utils.MarshalJSON(w, e)
|
||||||
}
|
}
|
||||||
|
|
||||||
type OAuthError struct {
|
type OAuthError struct {
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/caos/oidc/pkg/utils"
|
||||||
|
|
||||||
"github.com/gorilla/schema"
|
"github.com/gorilla/schema"
|
||||||
|
|
||||||
"github.com/caos/oidc/pkg/oidc"
|
"github.com/caos/oidc/pkg/oidc"
|
||||||
|
|
@ -21,46 +23,55 @@ import (
|
||||||
// return ParseTokenExchangeRequest(w, r)
|
// return ParseTokenExchangeRequest(w, r)
|
||||||
// }
|
// }
|
||||||
|
|
||||||
func CodeExchange(w http.ResponseWriter, r *http.Request, storage Storage, decoder *schema.Decoder) (*oidc.AccessTokenResponse, error) {
|
func CodeExchange(w http.ResponseWriter, r *http.Request, storage Storage, decoder *schema.Decoder) {
|
||||||
err := r.ParseForm()
|
err := r.ParseForm()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.New("Unimplemented") //TODO: impl
|
ExchangeRequestError(w, r, ErrInvalidRequest("error parsing form"))
|
||||||
|
return
|
||||||
}
|
}
|
||||||
tokenReq := new(oidc.AccessTokenRequest)
|
tokenReq := new(oidc.AccessTokenRequest)
|
||||||
|
|
||||||
err = decoder.Decode(tokenReq, r.Form)
|
err = decoder.Decode(tokenReq, r.Form)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
ExchangeRequestError(w, r, ErrInvalidRequest("error decoding form"))
|
||||||
|
return
|
||||||
}
|
}
|
||||||
if tokenReq.Code == "" {
|
if tokenReq.Code == "" {
|
||||||
return nil, errors.New("code missing")
|
ExchangeRequestError(w, r, ErrInvalidRequest("code missing"))
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
client, err := AuthorizeClient(r, tokenReq, storage)
|
client, err := AuthorizeClient(r, tokenReq, storage)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
ExchangeRequestError(w, r, err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
authReq, err := storage.AuthRequestByCode(client, tokenReq.Code, tokenReq.RedirectURI)
|
authReq, err := storage.AuthRequestByCode(client, tokenReq.Code, tokenReq.RedirectURI)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
ExchangeRequestError(w, r, err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
err = storage.DeleteAuthRequestAndCode(authReq.ID, tokenReq.Code)
|
err = storage.DeleteAuthRequestAndCode(authReq.ID, tokenReq.Code)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
ExchangeRequestError(w, r, err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
accessToken, err := CreateAccessToken()
|
accessToken, err := CreateAccessToken()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
ExchangeRequestError(w, r, err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
idToken, err := CreateIDToken(nil, "", nil)
|
idToken, err := CreateIDToken(nil, "", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
ExchangeRequestError(w, r, err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
return &oidc.AccessTokenResponse{
|
resp := &oidc.AccessTokenResponse{
|
||||||
AccessToken: accessToken,
|
AccessToken: accessToken,
|
||||||
IDToken: idToken,
|
IDToken: idToken,
|
||||||
}, nil
|
}
|
||||||
|
utils.MarshalJSON(w, resp)
|
||||||
}
|
}
|
||||||
|
|
||||||
func CreateAccessToken() (string, error) {
|
func CreateAccessToken() (string, error) {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue