diff options
author | Christopher Speller <crspeller@gmail.com> | 2015-08-18 08:47:35 -0400 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2015-08-18 08:47:35 -0400 |
commit | 2f1dcf6f5267ecf85d14c8a36a9d3059a5d41218 (patch) | |
tree | 1de5578c9050a33635960fc046fdf97339254be0 /web/web.go | |
parent | 96d1eb1c800a427e31e63970e57d0824a3bc91e3 (diff) | |
parent | a7f09be9783f3354ab38d4fb4fb82085241d018f (diff) | |
download | chat-2f1dcf6f5267ecf85d14c8a36a9d3059a5d41218.tar.gz chat-2f1dcf6f5267ecf85d14c8a36a9d3059a5d41218.tar.bz2 chat-2f1dcf6f5267ecf85d14c8a36a9d3059a5d41218.zip |
Merge pull request #381 from mattermost/mm-1705
MM-1705 add google as an oauth single-sign-on service
Diffstat (limited to 'web/web.go')
-rw-r--r-- | web/web.go | 57 |
1 files changed, 16 insertions, 41 deletions
diff --git a/web/web.go b/web/web.go index 8b329c149..d6f8d553b 100644 --- a/web/web.go +++ b/web/web.go @@ -53,13 +53,13 @@ func InitWeb() { mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/", api.AppHandler(login)).Methods("GET") mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/login", api.AppHandler(login)).Methods("GET") - // Bug in gorilla.mux pervents us from using regex here. + // Bug in gorilla.mux prevents us from using regex here. mainrouter.Handle("/{team}/login/{service}", api.AppHandler(loginWithOAuth)).Methods("GET") mainrouter.Handle("/login/{service:[A-Za-z]+}/complete", api.AppHandlerIndependent(loginCompleteOAuth)).Methods("GET") mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/logout", api.AppHandler(logout)).Methods("GET") mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/reset_password", api.AppHandler(resetPassword)).Methods("GET") - // Bug in gorilla.mux pervents us from using regex here. + // Bug in gorilla.mux prevents us from using regex here. mainrouter.Handle("/{team}/channels/{channelname}", api.UserRequired(getChannel)).Methods("GET") // Anything added here must have an _ in it so it does not conflict with team names @@ -67,7 +67,7 @@ func InitWeb() { mainrouter.Handle("/signup_user_complete/", api.AppHandlerIndependent(signupUserComplete)).Methods("GET") mainrouter.Handle("/signup_team_confirm/", api.AppHandlerIndependent(signupTeamConfirm)).Methods("GET") - // Bug in gorilla.mux pervents us from using regex here. + // Bug in gorilla.mux prevents us from using regex here. mainrouter.Handle("/{team}/signup/{service}", api.AppHandler(signupWithOAuth)).Methods("GET") mainrouter.Handle("/signup/{service:[A-Za-z]+}/complete", api.AppHandlerIndependent(signupCompleteOAuth)).Methods("GET") @@ -496,7 +496,7 @@ func signupWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { redirectUri := c.GetSiteURL() + "/signup/" + service + "/complete" - api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri) + api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri, "") } func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { @@ -505,26 +505,10 @@ func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) code := r.URL.Query().Get("code") state := r.URL.Query().Get("state") - teamName := r.FormValue("team") - uri := c.GetSiteURL() + "/signup/" + service + "/complete?team=" + teamName + uri := c.GetSiteURL() + "/signup/" + service + "/complete" - if len(teamName) == 0 { - c.Err = model.NewAppError("signupCompleteOAuth", "Invalid team name", "team_name="+teamName) - c.Err.StatusCode = http.StatusBadRequest - return - } - - // Make sure team exists - var team *model.Team - if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { - c.Err = result.Err - return - } else { - team = result.Data.(*model.Team) - } - - if body, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { + if body, team, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { c.Err = err return } else { @@ -532,6 +516,9 @@ func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) if service == model.USER_AUTH_SERVICE_GITLAB { glu := model.GitLabUserFromJson(body) user = model.UserFromGitLabUser(glu) + } else if service == model.USER_AUTH_SERVICE_GOOGLE { + gu := model.GoogleUserFromJson(body) + user = model.UserFromGoogleUser(gu) } if user == nil { @@ -563,6 +550,7 @@ func loginWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] teamName := params["team"] + loginHint := r.URL.Query().Get("login_hint") if len(teamName) == 0 { c.Err = model.NewAppError("loginWithOAuth", "Invalid team name", "team_name="+teamName) @@ -578,7 +566,7 @@ func loginWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { redirectUri := c.GetSiteURL() + "/login/" + service + "/complete" - api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri) + api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri, loginHint) } func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { @@ -587,26 +575,10 @@ func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) code := r.URL.Query().Get("code") state := r.URL.Query().Get("state") - teamName := r.FormValue("team") - uri := c.GetSiteURL() + "/login/" + service + "/complete?team=" + teamName - - if len(teamName) == 0 { - c.Err = model.NewAppError("loginCompleteOAuth", "Invalid team name", "team_name="+teamName) - c.Err.StatusCode = http.StatusBadRequest - return - } - - // Make sure team exists - var team *model.Team - if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { - c.Err = result.Err - return - } else { - team = result.Data.(*model.Team) - } + uri := c.GetSiteURL() + "/login/" + service + "/complete" - if body, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { + if body, team, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { c.Err = err return } else { @@ -614,6 +586,9 @@ func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) if service == model.USER_AUTH_SERVICE_GITLAB { glu := model.GitLabUserFromJson(body) authData = glu.GetAuthData() + } else if service == model.USER_AUTH_SERVICE_GOOGLE { + gu := model.GoogleUserFromJson(body) + authData = gu.GetAuthData() } if len(authData) == 0 { |