made oauth architecture more generalized

author: JoramWilander <jwawilander@gmail.com> 2015-07-17 09:47:25 -0400
committer: JoramWilander <jwawilander@gmail.com> 2015-07-22 08:47:52 -0400
commit: 03528b9619747b8bd184b852497dcf14ee1e0081 (patch)
tree: 361486039b57bc141f33a3c843b7a22360062bcf /api
parent: 712f9a0b8c13f2d97a26b9030f215161f9b09511 (diff)
download: chat-03528b9619747b8bd184b852497dcf14ee1e0081.tar.gz
chat-03528b9619747b8bd184b852497dcf14ee1e0081.tar.bz2
chat-03528b9619747b8bd184b852497dcf14ee1e0081.zip
1 files changed, 48 insertions, 13 deletions
diff --git a/api/user.go b/api/user.go
index 4765a5611..a9c8a0065 100644
--- a/api/user.go
+++ b/api/user.go
@@ -20,6 +20,7 @@ import (
 	_ "image/gif"
 	_ "image/jpeg"
 	"image/png"
+	"io"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -1222,51 +1223,85 @@ func getStatuses(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func AuthorizeGitLabUser(code, state, uri string) (*model.GitLabUser, *model.AppError) {
-	if !model.ComparePassword(state, utils.Cfg.SSOSettings.GitLabId) {
-		return nil, model.NewAppError("AuthorizeGitLabUser", "Invalid state", "")
+func GetAuthorizationCode(c *Context, w http.ResponseWriter, r *http.Request, service, redirectUri string) {
+
+	teamId := r.FormValue("id")
+
+	if len(teamId) != 26 {
+		c.Err = model.NewAppError("GetAuthorizationCode", "Invalid team id", "team_id="+teamId)
+		c.Err.StatusCode = http.StatusBadRequest
+		return
+	}
+
+	// Make sure team exists
+	if result := <-Srv.Store.Team().Get(teamId); result.Err != nil {
+		c.Err = result.Err
+		return
+	}
+
+	if s, ok := utils.Cfg.SSOSettings[service]; !ok || !s.Allow {
+		c.Err = model.NewAppError("GetAuthorizationCode", "Unsupported OAuth service provider", "service="+service)
+		c.Err.StatusCode = http.StatusBadRequest
+		return
+	}
+
+	clientId := utils.Cfg.SSOSettings[service].Id
+	endpoint := utils.Cfg.SSOSettings[service].AuthEndpoint
+	state := model.HashPassword(clientId)
+
+	authUrl := endpoint + "?response_type=code&client_id=" + clientId + "&redirect_uri=" + url.QueryEscape(redirectUri+"?id="+teamId) + "&state=" + url.QueryEscape(state)
+	http.Redirect(w, r, authUrl, http.StatusFound)
+}
+
+func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser, *model.AppError) {
+	if s, ok := utils.Cfg.SSOSettings[service]; !ok || !s.Allow {
+		return nil, model.NewAppError("AuthorizeOAuthUser", "Unsupported OAuth service provider", "service="+service)
+	}
+
+	if !model.ComparePassword(state, utils.Cfg.SSOSettings[service].Id) {
+		return nil, model.NewAppError("AuthorizeOAuthUser", "Invalid state", "")
 	}
 
 	p := url.Values{}
-	p.Set("client_id", utils.Cfg.SSOSettings.GitLabId)
-	p.Set("client_secret", utils.Cfg.SSOSettings.GitLabSecret)
+	p.Set("client_id", utils.Cfg.SSOSettings[service].Id)
+	p.Set("client_secret", utils.Cfg.SSOSettings[service].Secret)
 	p.Set("code", code)
 	p.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE)
-	p.Set("redirect_uri", uri)
+	p.Set("redirect_uri", redirectUri)
 
 	client := &http.Client{}
-	req, _ := http.NewRequest("POST", utils.Cfg.SSOSettings.GitLabUrl+"/oauth/token", strings.NewReader(p.Encode()))
+	req, _ := http.NewRequest("POST", utils.Cfg.SSOSettings[service].TokenEndpoint, strings.NewReader(p.Encode()))
 
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	req.Header.Set("Accept", "application/json")
 
 	var ar *model.AccessResponse
 	if resp, err := client.Do(req); err != nil {
-		return nil, model.NewAppError("AuthorizeGitLabUser", "Token request to GitLab failed", err.Error())
+		return nil, model.NewAppError("AuthorizeOAuthUser", "Token request to GitLab failed", err.Error())
 	} else {
 		ar = model.AccessResponseFromJson(resp.Body)
 	}
 
 	if ar.TokenType != model.ACCESS_TOKEN_TYPE {
-		return nil, model.NewAppError("AuthorizeGitLabUser", "Bad token type", "token_type="+ar.TokenType)
+		return nil, model.NewAppError("AuthorizeOAuthUser", "Bad token type", "token_type="+ar.TokenType)
 	}
 
 	if len(ar.AccessToken) == 0 {
-		return nil, model.NewAppError("AuthorizeGitLabUser", "Missing access token", "")
+		return nil, model.NewAppError("AuthorizeOAuthUser", "Missing access token", "")
 	}
 
 	p = url.Values{}
 	p.Set("access_token", ar.AccessToken)
-	req, _ = http.NewRequest("GET", utils.Cfg.SSOSettings.GitLabUrl+"/api/v3/user", strings.NewReader(""))
+	req, _ = http.NewRequest("GET", utils.Cfg.SSOSettings[service].UserApiEndpoint, strings.NewReader(""))
 
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Authorization", "Bearer "+ar.AccessToken)
 
 	if resp, err := client.Do(req); err != nil {
-		return nil, model.NewAppError("AuthorizeGitLabUser", "Token request to GitLab failed", err.Error())
+		return nil, model.NewAppError("AuthorizeOAuthUser", "Token request to "+service+" failed", err.Error())
 	} else {
-		return model.GitLabUserFromJson(resp.Body), nil
+		return resp.Body, nil
 	}
 
 }
author	JoramWilander <jwawilander@gmail.com>	2015-07-17 09:47:25 -0400
committer	JoramWilander <jwawilander@gmail.com>	2015-07-22 08:47:52 -0400
commit	03528b9619747b8bd184b852497dcf14ee1e0081 (patch)
tree	361486039b57bc141f33a3c843b7a22360062bcf /api
parent	712f9a0b8c13f2d97a26b9030f215161f9b09511 (diff)
download	chat-03528b9619747b8bd184b852497dcf14ee1e0081.tar.gz chat-03528b9619747b8bd184b852497dcf14ee1e0081.tar.bz2 chat-03528b9619747b8bd184b852497dcf14ee1e0081.zip