// OAuth is a middle ware that checks whether or not the user has a valid token. // If the token is present and still valid, it just passes it on. // If the token is 1) present and expired or 2) not present, it will return unauthorized. func (c *SecureContext) OAuth(rw web.ResponseWriter, req *web.Request, next web.NextMiddlewareFunc) { // Get valid token if it exists from session store. if token := helpers.GetValidToken(req.Request, c.Settings); token != nil { c.Token = *token } else { // If no token, return unauthorized. http.Error(rw, "{\"status\": \"unauthorized\"}", http.StatusUnauthorized) return } // Proceed to the next middleware or to the handler if last middleware. next(rw, req) }
// LoginHandshake is the handler where we authenticate the user and the user authorizes this application access to information. func (c *Context) LoginHandshake(rw web.ResponseWriter, req *web.Request) { if token := helpers.GetValidToken(req.Request, c.Settings); token != nil { // We should just go to dashboard if the user already has a valid token. http.Redirect(rw, req.Request, "/#/dashboard", http.StatusFound) } else { // Redirect to the Cloud Foundry Login place. err := c.redirect(rw, req) if err != nil { fmt.Println("Error on oauth redirect: ", err.Error()) } } }
func TestGetValidToken(t *testing.T) { mockRequest, _ := http.NewRequest("GET", "", nil) mockSettings := helpers.Settings{} mockSettings.TokenContext = context.TODO() for _, test := range getValidTokenTests { // Initialize a new session store. store := testhelpers.MockSessionStore{} store.ResetSessionData(test.sessionData, test.sessionName) mockSettings.Sessions = store value := helpers.GetValidToken(mockRequest, &mockSettings) if (value == nil) == test.returnValueNull { } else { t.Errorf("Test %s did not meet expected value. Expected: %t. Actual: %t\n", test.testName, test.returnValueNull, (value == nil)) } } }
// LoginRequired is a middleware that requires a valid toker or redirects to the handshake page. func (c *Context) LoginRequired(rw web.ResponseWriter, r *web.Request, next web.NextMiddlewareFunc) { // If there is no request just continue if r == nil { next(rw, r) return } // Don't cache anything // right now, there's a problem where when you initially logout and then // revisit the server, you will get a bad view due to a caching issue. // for now, we clear the cache for everything. // TODO: revist and cache static assets. rw.Header().Set("cache-control", "no-cache, no-store, must-revalidate, private") rw.Header().Set("pragma", "no-cache") rw.Header().Set("expires", "-1") token := helpers.GetValidToken(r.Request, c.Settings) tokenPresent := token != nil publicUrls := map[string]struct{}{ "/handshake": {}, "/oauth2callback": {}, "/ping": {}, "/assets/img/dashboard-uaa-icon.jpg": {}, } // Check if URL is public so we skip validation _, public := publicUrls[r.URL.EscapedPath()] if public || tokenPresent { next(rw, r) } else { err := c.redirect(rw, r) if err != nil { fmt.Println("Error on oauth redirect: ", err.Error()) } } }