summaryrefslogtreecommitdiffstats
path: root/web/web.go
diff options
context:
space:
mode:
authorChristopher Speller <crspeller@gmail.com>2015-08-18 08:47:35 -0400
committerChristopher Speller <crspeller@gmail.com>2015-08-18 08:47:35 -0400
commit2f1dcf6f5267ecf85d14c8a36a9d3059a5d41218 (patch)
tree1de5578c9050a33635960fc046fdf97339254be0 /web/web.go
parent96d1eb1c800a427e31e63970e57d0824a3bc91e3 (diff)
parenta7f09be9783f3354ab38d4fb4fb82085241d018f (diff)
downloadchat-2f1dcf6f5267ecf85d14c8a36a9d3059a5d41218.tar.gz
chat-2f1dcf6f5267ecf85d14c8a36a9d3059a5d41218.tar.bz2
chat-2f1dcf6f5267ecf85d14c8a36a9d3059a5d41218.zip
Merge pull request #381 from mattermost/mm-1705
MM-1705 add google as an oauth single-sign-on service
Diffstat (limited to 'web/web.go')
-rw-r--r--web/web.go57
1 files changed, 16 insertions, 41 deletions
diff --git a/web/web.go b/web/web.go
index 8b329c149..d6f8d553b 100644
--- a/web/web.go
+++ b/web/web.go
@@ -53,13 +53,13 @@ func InitWeb() {
mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/", api.AppHandler(login)).Methods("GET")
mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/login", api.AppHandler(login)).Methods("GET")
- // Bug in gorilla.mux pervents us from using regex here.
+ // Bug in gorilla.mux prevents us from using regex here.
mainrouter.Handle("/{team}/login/{service}", api.AppHandler(loginWithOAuth)).Methods("GET")
mainrouter.Handle("/login/{service:[A-Za-z]+}/complete", api.AppHandlerIndependent(loginCompleteOAuth)).Methods("GET")
mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/logout", api.AppHandler(logout)).Methods("GET")
mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/reset_password", api.AppHandler(resetPassword)).Methods("GET")
- // Bug in gorilla.mux pervents us from using regex here.
+ // Bug in gorilla.mux prevents us from using regex here.
mainrouter.Handle("/{team}/channels/{channelname}", api.UserRequired(getChannel)).Methods("GET")
// Anything added here must have an _ in it so it does not conflict with team names
@@ -67,7 +67,7 @@ func InitWeb() {
mainrouter.Handle("/signup_user_complete/", api.AppHandlerIndependent(signupUserComplete)).Methods("GET")
mainrouter.Handle("/signup_team_confirm/", api.AppHandlerIndependent(signupTeamConfirm)).Methods("GET")
- // Bug in gorilla.mux pervents us from using regex here.
+ // Bug in gorilla.mux prevents us from using regex here.
mainrouter.Handle("/{team}/signup/{service}", api.AppHandler(signupWithOAuth)).Methods("GET")
mainrouter.Handle("/signup/{service:[A-Za-z]+}/complete", api.AppHandlerIndependent(signupCompleteOAuth)).Methods("GET")
@@ -496,7 +496,7 @@ func signupWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) {
redirectUri := c.GetSiteURL() + "/signup/" + service + "/complete"
- api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri)
+ api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri, "")
}
func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) {
@@ -505,26 +505,10 @@ func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request)
code := r.URL.Query().Get("code")
state := r.URL.Query().Get("state")
- teamName := r.FormValue("team")
- uri := c.GetSiteURL() + "/signup/" + service + "/complete?team=" + teamName
+ uri := c.GetSiteURL() + "/signup/" + service + "/complete"
- if len(teamName) == 0 {
- c.Err = model.NewAppError("signupCompleteOAuth", "Invalid team name", "team_name="+teamName)
- c.Err.StatusCode = http.StatusBadRequest
- return
- }
-
- // Make sure team exists
- var team *model.Team
- if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil {
- c.Err = result.Err
- return
- } else {
- team = result.Data.(*model.Team)
- }
-
- if body, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil {
+ if body, team, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil {
c.Err = err
return
} else {
@@ -532,6 +516,9 @@ func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request)
if service == model.USER_AUTH_SERVICE_GITLAB {
glu := model.GitLabUserFromJson(body)
user = model.UserFromGitLabUser(glu)
+ } else if service == model.USER_AUTH_SERVICE_GOOGLE {
+ gu := model.GoogleUserFromJson(body)
+ user = model.UserFromGoogleUser(gu)
}
if user == nil {
@@ -563,6 +550,7 @@ func loginWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
service := params["service"]
teamName := params["team"]
+ loginHint := r.URL.Query().Get("login_hint")
if len(teamName) == 0 {
c.Err = model.NewAppError("loginWithOAuth", "Invalid team name", "team_name="+teamName)
@@ -578,7 +566,7 @@ func loginWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) {
redirectUri := c.GetSiteURL() + "/login/" + service + "/complete"
- api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri)
+ api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri, loginHint)
}
func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) {
@@ -587,26 +575,10 @@ func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request)
code := r.URL.Query().Get("code")
state := r.URL.Query().Get("state")
- teamName := r.FormValue("team")
- uri := c.GetSiteURL() + "/login/" + service + "/complete?team=" + teamName
-
- if len(teamName) == 0 {
- c.Err = model.NewAppError("loginCompleteOAuth", "Invalid team name", "team_name="+teamName)
- c.Err.StatusCode = http.StatusBadRequest
- return
- }
-
- // Make sure team exists
- var team *model.Team
- if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil {
- c.Err = result.Err
- return
- } else {
- team = result.Data.(*model.Team)
- }
+ uri := c.GetSiteURL() + "/login/" + service + "/complete"
- if body, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil {
+ if body, team, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil {
c.Err = err
return
} else {
@@ -614,6 +586,9 @@ func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request)
if service == model.USER_AUTH_SERVICE_GITLAB {
glu := model.GitLabUserFromJson(body)
authData = glu.GetAuthData()
+ } else if service == model.USER_AUTH_SERVICE_GOOGLE {
+ gu := model.GoogleUserFromJson(body)
+ authData = gu.GetAuthData()
}
if len(authData) == 0 {