func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) { if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider { c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.turn_off.app_error", nil, "") c.Err.StatusCode = http.StatusNotImplemented return } c.LogAudit("attempt") responseData := map[string]string{} responseType := r.URL.Query().Get("response_type") if len(responseType) == 0 { c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_response.app_error", nil, "") c.Err.StatusCode = http.StatusBadRequest return } clientId := r.URL.Query().Get("client_id") if len(clientId) != 26 { c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_client.app_error", nil, "") c.Err.StatusCode = http.StatusBadRequest return } redirectUri := r.URL.Query().Get("redirect_uri") if len(redirectUri) == 0 { c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_redirect.app_error", nil, "") c.Err.StatusCode = http.StatusBadRequest return } scope := r.URL.Query().Get("scope") state := r.URL.Query().Get("state") if len(scope) == 0 { scope = model.DEFAULT_SCOPE } var app *model.OAuthApp if result := <-Srv.Store.OAuth().GetApp(clientId); result.Err != nil { c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.database.app_error", nil, "") return } else { app = result.Data.(*model.OAuthApp) } if !app.IsValidRedirectURL(redirectUri) { c.LogAudit("fail - redirect_uri did not match registered callback") c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.redirect_callback.app_error", nil, "") c.Err.StatusCode = http.StatusBadRequest return } if responseType != model.AUTHCODE_RESPONSE_TYPE { responseData["redirect"] = redirectUri + "?error=unsupported_response_type&state=" + state w.Write([]byte(model.MapToJson(responseData))) return } authData := &model.AuthData{UserId: c.Session.UserId, ClientId: clientId, CreateAt: model.GetMillis(), RedirectUri: redirectUri, State: state, Scope: scope} authData.Code = model.HashPassword(fmt.Sprintf("%v:%v:%v:%v", clientId, redirectUri, authData.CreateAt, c.Session.UserId)) // this saves the OAuth2 app as authorized authorizedApp := model.Preference{ UserId: c.Session.UserId, Category: model.PREFERENCE_CATEGORY_AUTHORIZED_OAUTH_APP, Name: clientId, Value: scope, } if result := <-Srv.Store.Preference().Save(&model.Preferences{authorizedApp}); result.Err != nil { responseData["redirect"] = redirectUri + "?error=server_error&state=" + state w.Write([]byte(model.MapToJson(responseData))) return } if result := <-Srv.Store.OAuth().SaveAuthData(authData); result.Err != nil { responseData["redirect"] = redirectUri + "?error=server_error&state=" + state w.Write([]byte(model.MapToJson(responseData))) return } c.LogAudit("success") responseData["redirect"] = redirectUri + "?code=" + url.QueryEscape(authData.Code) + "&state=" + url.QueryEscape(authData.State) w.Write([]byte(model.MapToJson(responseData))) }
func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) { if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider { c.Err = model.NewAppError("allowOAuth", "The system admin has turned off OAuth service providing.", "") c.Err.StatusCode = http.StatusNotImplemented return } c.LogAudit("attempt") w.Header().Set("Content-Type", "application/x-www-form-urlencoded") responseData := map[string]string{} responseType := r.URL.Query().Get("response_type") if len(responseType) == 0 { c.Err = model.NewAppError("allowOAuth", "invalid_request: Bad response_type", "") return } clientId := r.URL.Query().Get("client_id") if len(clientId) != 26 { c.Err = model.NewAppError("allowOAuth", "invalid_request: Bad client_id", "") return } redirectUri := r.URL.Query().Get("redirect_uri") if len(redirectUri) == 0 { c.Err = model.NewAppError("allowOAuth", "invalid_request: Missing or bad redirect_uri", "") return } scope := r.URL.Query().Get("scope") state := r.URL.Query().Get("state") var app *model.OAuthApp if result := <-Srv.Store.OAuth().GetApp(clientId); result.Err != nil { c.Err = model.NewAppError("allowOAuth", "server_error: Error accessing the database", "") return } else { app = result.Data.(*model.OAuthApp) } if !app.IsValidRedirectURL(redirectUri) { c.LogAudit("fail - redirect_uri did not match registered callback") c.Err = model.NewAppError("allowOAuth", "invalid_request: Supplied redirect_uri did not match registered callback_url", "") return } if responseType != model.AUTHCODE_RESPONSE_TYPE { responseData["redirect"] = redirectUri + "?error=unsupported_response_type&state=" + state w.Write([]byte(model.MapToJson(responseData))) return } authData := &model.AuthData{UserId: c.Session.UserId, ClientId: clientId, CreateAt: model.GetMillis(), RedirectUri: redirectUri, State: state, Scope: scope} authData.Code = model.HashPassword(fmt.Sprintf("%v:%v:%v:%v", clientId, redirectUri, authData.CreateAt, c.Session.UserId)) if result := <-Srv.Store.OAuth().SaveAuthData(authData); result.Err != nil { responseData["redirect"] = redirectUri + "?error=server_error&state=" + state w.Write([]byte(model.MapToJson(responseData))) return } c.LogAudit("success") responseData["redirect"] = redirectUri + "?code=" + url.QueryEscape(authData.Code) + "&state=" + url.QueryEscape(authData.State) w.Write([]byte(model.MapToJson(responseData))) }