// LoginHandshake is the handler where we authenticate the user and the user authorizes this application access to information.
func (c *Context) LoginHandshake(rw web.ResponseWriter, req *web.Request) {
if token := helpers.GetValidToken(req.Request, c.Settings); token != nil {
// We should just go to dashboard if the user already has a valid token.
http.Redirect(rw, req.Request, "/#/dashboard", http.StatusFound)
} else {
// Redirect to the Cloud Foundry Login place.
http.Redirect(rw, req.Request, c.Settings.OAuthConfig.AuthCodeURL("state", oauth2.AccessTypeOnline), http.StatusFound)
}
}
// OAuth is a middle ware that checks whether or not the user has a valid token.
// If the token is present and still valid, it just passes it on.
// If the token is 1) present and expired or 2) not present, it will return unauthorized.
func (c *SecureContext) OAuth(rw web.ResponseWriter, req *web.Request, next web.NextMiddlewareFunc) {
// Get valid token if it exists from session store.
if token := helpers.GetValidToken(req.Request, c.Settings); token != nil {
c.Token = *token
} else {
// If no token, return unauthorized.
http.Error(rw, "{\"status\": \"unauthorized\"}", http.StatusUnauthorized)
return
}
// Proceed to the next middleware or to the handler if last middleware.
next(rw, req)
}
func TestGetValidToken(t *testing.T) {
mockRequest, _ := http.NewRequest("GET", "", nil)
mockSettings := helpers.Settings{}
mockSettings.TokenContext = context.TODO()
for _, test := range getValidTokenTests {
// Initialize a new session store.
store := testhelpers.MockSessionStore{}
store.ResetSessionData(test.sessionData, test.sessionName)
mockSettings.Sessions = store
value := helpers.GetValidToken(mockRequest, &mockSettings)
if (value == nil) == test.returnValueNull {
} else {
t.Errorf("Test %s did not meet expected value. Expected: %t. Actual: %t\n", test.testName, test.returnValueNull, (value == nil))
}
}
}