blasphem/pkg/auth/flow.go

199 lines
4.2 KiB
Go
Raw Permalink Normal View History

2022-09-30 23:54:21 -04:00
package auth
import (
"net/http"
"strings"
2022-10-26 18:27:24 -04:00
"github.com/jinzhu/copier"
2022-09-30 23:54:21 -04:00
"github.com/labstack/echo/v4"
2022-10-26 18:27:24 -04:00
"dynatron.me/x/blasphem/internal/common"
2022-11-12 15:56:17 -05:00
"dynatron.me/x/blasphem/pkg/auth/provider"
2022-11-20 08:49:24 -05:00
"dynatron.me/x/blasphem/pkg/flow"
2022-09-30 23:54:21 -04:00
)
2022-11-20 08:49:24 -05:00
type AuthFlowManager struct {
*flow.FlowManager
2022-09-30 23:54:21 -04:00
}
2022-11-20 08:49:24 -05:00
type LoginFlow struct {
2022-11-20 13:42:10 -05:00
flow.FlowHandler
2022-11-20 12:51:26 -05:00
ClientID common.ClientID
FlowContext
}
type FlowContext struct {
IPAddr string
CredentialOnly bool
RedirectURI string
}
type LoginFlowRequest struct {
ClientID common.ClientID `json:"client_id"`
Handler []*string `json:"handler"`
RedirectURI string `json:"redirect_uri"`
Type *string `json:"type"`
ip string `json:"-"`
}
func (r *LoginFlowRequest) FlowContext() FlowContext {
return FlowContext{
IPAddr: r.ip,
RedirectURI: r.RedirectURI,
CredentialOnly: r.Type != nil && *r.Type == "link_user",
}
2022-09-30 23:54:21 -04:00
}
2022-11-20 08:49:24 -05:00
func NewAuthFlowManager() *AuthFlowManager {
return &AuthFlowManager{FlowManager: flow.NewFlowManager()}
2022-10-25 21:18:50 -04:00
}
2022-11-20 12:51:26 -05:00
func (afm *AuthFlowManager) NewLoginFlow(req *LoginFlowRequest, prov provider.AuthProvider) *LoginFlow {
2022-11-20 08:49:24 -05:00
lf := &LoginFlow{
2022-11-20 13:42:10 -05:00
FlowHandler: flow.NewFlowHandlerBase(prov, prov.ProviderType()),
ClientID: req.ClientID,
FlowContext: req.FlowContext(),
2022-09-30 23:54:21 -04:00
}
2022-11-20 08:49:24 -05:00
afm.Register(lf)
2022-09-30 23:54:21 -04:00
2022-11-20 08:49:24 -05:00
return lf
2022-09-30 23:54:21 -04:00
}
2022-12-19 19:24:01 -05:00
func (a *authenticator) NewFlow(r *LoginFlowRequest) *flow.Result {
2022-11-20 08:49:24 -05:00
var prov provider.AuthProvider
2022-10-25 00:16:29 -04:00
for _, h := range r.Handler {
if h == nil {
break
}
2022-11-20 12:51:26 -05:00
prov = a.Provider(*h)
2022-11-20 08:49:24 -05:00
if prov != nil {
2022-10-25 00:16:29 -04:00
break
}
}
2022-11-20 08:49:24 -05:00
if prov == nil {
2022-10-25 00:16:29 -04:00
return nil
}
2022-11-20 08:49:24 -05:00
flow := a.flows.NewLoginFlow(r, prov)
2022-09-30 23:54:21 -04:00
2022-11-20 08:49:24 -05:00
return flow.ShowForm(nil)
2022-09-30 23:54:21 -04:00
}
2022-11-20 08:49:24 -05:00
func (f *LoginFlow) redirect(c echo.Context) {
c.Request().Header.Set("Location", f.RedirectURI)
2022-10-26 18:27:24 -04:00
}
2022-12-19 19:24:01 -05:00
func (f *LoginFlow) progress(a *authenticator, c echo.Context) error {
2022-11-20 08:49:24 -05:00
switch f.Step() {
case flow.StepInit:
2022-10-25 00:16:29 -04:00
rm := make(map[string]interface{})
2022-09-30 23:54:21 -04:00
err := c.Bind(&rm)
if err != nil {
return c.String(http.StatusBadRequest, err.Error())
}
2022-11-20 08:49:24 -05:00
err = f.Schema.CheckRequired(rm)
if err != nil {
return c.JSON(http.StatusBadRequest, f.ShowForm([]string{err.Error()}))
2022-09-30 23:54:21 -04:00
}
2022-11-20 08:49:24 -05:00
2022-12-18 09:55:08 -05:00
user, clientID, err := a.Check(f, c.Request(), rm)
2022-10-25 00:16:29 -04:00
switch err {
case nil:
2022-12-19 02:42:01 -05:00
creds := a.store.GetCredential(user)
2022-11-20 12:51:26 -05:00
finishedFlow := flow.Result{}
2022-10-27 09:51:11 -04:00
a.flows.Remove(f)
2022-10-26 18:27:24 -04:00
copier.Copy(&finishedFlow, f)
2022-11-20 08:49:24 -05:00
finishedFlow.Type = flow.TypeCreateEntry
finishedFlow.Title = common.AppNamePtr()
finishedFlow.Version = common.IntPtr(1)
2022-12-18 09:55:08 -05:00
finishedFlow.Result = a.NewAuthCode(ClientID(clientID), creds)
2022-10-26 18:27:24 -04:00
f.redirect(c)
return c.JSON(http.StatusCreated, &finishedFlow)
2022-10-25 00:16:29 -04:00
case ErrInvalidHandler:
return c.String(http.StatusNotFound, err.Error())
case ErrInvalidAuth:
fallthrough
default:
2022-11-20 12:51:26 -05:00
return c.JSON(http.StatusOK, f.ShowForm(map[string]interface{}{
2022-10-25 00:16:29 -04:00
"base": "invalid_auth",
2022-11-20 12:51:26 -05:00
}))
2022-10-25 00:16:29 -04:00
}
2022-09-30 23:54:21 -04:00
default:
2022-11-20 12:51:26 -05:00
return c.JSON(http.StatusOK, f.ShowForm(map[string]interface{}{
"base": "unknown_flow_step",
}))
2022-09-30 23:54:21 -04:00
}
}
2022-12-19 19:24:01 -05:00
func (a *authenticator) LoginFlowDeleteHandler(c echo.Context) error {
2022-12-19 13:09:01 -05:00
a.Lock()
defer a.Unlock()
2022-11-20 08:49:24 -05:00
flowID := flow.FlowID(c.Param("flow_id"))
2022-10-02 08:52:48 -04:00
if flowID == "" {
return c.String(http.StatusBadRequest, "empty flow ID")
}
2022-11-20 08:49:24 -05:00
a.flows.Delete(flowID)
2022-10-02 08:52:48 -04:00
return c.String(http.StatusOK, "deleted")
}
2022-10-25 21:18:50 -04:00
func setJSON(c echo.Context) {
2022-09-30 23:54:21 -04:00
if c.Request().Method == http.MethodPost && strings.HasPrefix(c.Request().Header.Get(echo.HeaderContentType), "text/plain") {
// hack around the content-type, Context.JSON refuses to work otherwise
2022-10-25 00:16:29 -04:00
c.Request().Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8)
2022-09-30 23:54:21 -04:00
}
2022-10-25 21:18:50 -04:00
}
2022-09-30 23:54:21 -04:00
2022-12-19 19:24:01 -05:00
func (a *authenticator) BeginLoginFlowHandler(c echo.Context) error {
2022-12-19 13:09:01 -05:00
a.Lock()
defer a.Unlock()
2022-10-25 21:18:50 -04:00
setJSON(c)
2022-09-30 23:54:21 -04:00
2022-11-20 12:51:26 -05:00
var flowReq LoginFlowRequest
2022-10-25 21:18:50 -04:00
err := c.Bind(&flowReq)
if err != nil {
return c.String(http.StatusBadRequest, err.Error())
}
2022-09-30 23:54:21 -04:00
2022-11-20 12:51:26 -05:00
flowReq.ip = c.Request().RemoteAddr
2022-10-25 21:18:50 -04:00
resp := a.NewFlow(&flowReq)
2022-09-30 23:54:21 -04:00
2022-10-25 21:18:50 -04:00
if resp == nil {
return c.String(http.StatusBadRequest, "no such handler")
}
2022-10-25 00:16:29 -04:00
2022-10-25 21:18:50 -04:00
return c.JSON(http.StatusOK, resp)
}
2022-12-19 19:24:01 -05:00
func (a *authenticator) LoginFlowHandler(c echo.Context) error {
2022-12-19 13:09:01 -05:00
a.Lock()
defer a.Unlock()
2022-10-25 21:18:50 -04:00
setJSON(c)
flowID := c.Param("flow_id")
2022-09-30 23:54:21 -04:00
2022-11-20 08:49:24 -05:00
flow := a.flows.Get(flow.FlowID(flowID))
2022-10-25 21:18:50 -04:00
if flow == nil {
return c.String(http.StatusNotFound, "no such flow")
2022-09-30 23:54:21 -04:00
}
2022-10-25 21:18:50 -04:00
2022-11-20 08:49:24 -05:00
return flow.(*LoginFlow).progress(a, c)
2022-10-25 21:18:50 -04:00
}