// OAuth is a middle ware that checks whether or not the user has a valid token.
// If the token is present and still valid, it just passes it on.
// If the token is 1) present and expired or 2) not present, it will return unauthorized.
func (c *SecureContext) OAuth(rw web.ResponseWriter, req *web.Request, next web.NextMiddlewareFunc) {
// Get valid token if it exists from session store.
if token := helpers.GetValidToken(req.Request, c.Settings); token != nil {
c.Token = *token
} else {
// If no token, return unauthorized.
http.Error(rw, "{\"status\": \"unauthorized\"}", http.StatusUnauthorized)
return
}
// Proceed to the next middleware or to the handler if last middleware.
next(rw, req)
}
// LoginHandshake is the handler where we authenticate the user and the user authorizes this application access to information.
func (c *Context) LoginHandshake(rw web.ResponseWriter, req *web.Request) {
if token := helpers.GetValidToken(req.Request, c.Settings); token != nil {
// We should just go to dashboard if the user already has a valid token.
http.Redirect(rw, req.Request, "/#/dashboard", http.StatusFound)
} else {
// Redirect to the Cloud Foundry Login place.
err := c.redirect(rw, req)
if err != nil {
fmt.Println("Error on oauth redirect: ", err.Error())
}
}
}
func TestGetValidToken(t *testing.T) {
mockRequest, _ := http.NewRequest("GET", "", nil)
mockSettings := helpers.Settings{}
mockSettings.TokenContext = context.TODO()
for _, test := range getValidTokenTests {
// Initialize a new session store.
store := testhelpers.MockSessionStore{}
store.ResetSessionData(test.sessionData, test.sessionName)
mockSettings.Sessions = store
value := helpers.GetValidToken(mockRequest, &mockSettings)
if (value == nil) == test.returnValueNull {
} else {
t.Errorf("Test %s did not meet expected value. Expected: %t. Actual: %t\n", test.testName, test.returnValueNull, (value == nil))
}
}
}
// LoginRequired is a middleware that requires a valid toker or redirects to the handshake page.
func (c *Context) LoginRequired(rw web.ResponseWriter, r *web.Request, next web.NextMiddlewareFunc) {
// If there is no request just continue
if r == nil {
next(rw, r)
return
}
// Don't cache anything
// right now, there's a problem where when you initially logout and then
// revisit the server, you will get a bad view due to a caching issue.
// for now, we clear the cache for everything.
// TODO: revist and cache static assets.
rw.Header().Set("cache-control", "no-cache, no-store, must-revalidate, private")
rw.Header().Set("pragma", "no-cache")
rw.Header().Set("expires", "-1")
token := helpers.GetValidToken(r.Request, c.Settings)
tokenPresent := token != nil
publicUrls := map[string]struct{}{
"/handshake": {},
"/oauth2callback": {},
"/ping": {},
"/assets/img/dashboard-uaa-icon.jpg": {},
}
// Check if URL is public so we skip validation
_, public := publicUrls[r.URL.EscapedPath()]
if public || tokenPresent {
next(rw, r)
} else {
err := c.redirect(rw, r)
if err != nil {
fmt.Println("Error on oauth redirect: ", err.Error())
}
}
}
