mirror of https://github.com/portainer/portainer
fix(oauth): remove expiry time copy logic EE-1085
Hui
GitHub
parent
665bf2c887
commit
56f569efe1
|
|
@ -5,7 +5,6 @@ import (
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/asaskevich/govalidator"
|
"github.com/asaskevich/govalidator"
|
||||||
httperror "github.com/portainer/libhttp/error"
|
httperror "github.com/portainer/libhttp/error"
|
||||||
|
|
@ -134,14 +133,6 @@ func (handler *Handler) writeToken(w http.ResponseWriter, user *portainer.User)
|
||||||
return handler.persistAndWriteToken(w, composeTokenData(user))
|
return handler.persistAndWriteToken(w, composeTokenData(user))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (handler *Handler) writeTokenForOAuth(w http.ResponseWriter, user *portainer.User, expiryTime *time.Time) *httperror.HandlerError {
|
|
||||||
token, err := handler.JWTService.GenerateTokenForOAuth(composeTokenData(user), expiryTime)
|
|
||||||
if err != nil {
|
|
||||||
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to generate JWT token", Err: err}
|
|
||||||
}
|
|
||||||
return response.JSON(w, &authenticateResponse{JWT: token})
|
|
||||||
}
|
|
||||||
|
|
||||||
func (handler *Handler) persistAndWriteToken(w http.ResponseWriter, tokenData *portainer.TokenData) *httperror.HandlerError {
|
func (handler *Handler) persistAndWriteToken(w http.ResponseWriter, tokenData *portainer.TokenData) *httperror.HandlerError {
|
||||||
token, err := handler.JWTService.GenerateToken(tokenData)
|
token, err := handler.JWTService.GenerateToken(tokenData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/asaskevich/govalidator"
|
"github.com/asaskevich/govalidator"
|
||||||
httperror "github.com/portainer/libhttp/error"
|
httperror "github.com/portainer/libhttp/error"
|
||||||
|
|
@ -26,21 +25,21 @@ func (payload *oauthPayload) Validate(r *http.Request) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (handler *Handler) authenticateOAuth(code string, settings *portainer.OAuthSettings) (string, *time.Time, error) {
|
func (handler *Handler) authenticateOAuth(code string, settings *portainer.OAuthSettings) (string, error) {
|
||||||
if code == "" {
|
if code == "" {
|
||||||
return "", nil, errors.New("Invalid OAuth authorization code")
|
return "", errors.New("Invalid OAuth authorization code")
|
||||||
}
|
}
|
||||||
|
|
||||||
if settings == nil {
|
if settings == nil {
|
||||||
return "", nil, errors.New("Invalid OAuth configuration")
|
return "", errors.New("Invalid OAuth configuration")
|
||||||
}
|
}
|
||||||
|
|
||||||
username, expiryTime, err := handler.OAuthService.Authenticate(code, settings)
|
username, err := handler.OAuthService.Authenticate(code, settings)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", nil, err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
return username, expiryTime, nil
|
return username, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// @id ValidateOAuth
|
// @id ValidateOAuth
|
||||||
|
|
@ -70,7 +69,7 @@ func (handler *Handler) validateOAuth(w http.ResponseWriter, r *http.Request) *h
|
||||||
return &httperror.HandlerError{StatusCode: http.StatusForbidden, Message: "OAuth authentication is not enabled", Err: errors.New("OAuth authentication is not enabled")}
|
return &httperror.HandlerError{StatusCode: http.StatusForbidden, Message: "OAuth authentication is not enabled", Err: errors.New("OAuth authentication is not enabled")}
|
||||||
}
|
}
|
||||||
|
|
||||||
username, expiryTime, err := handler.authenticateOAuth(payload.Code, &settings.OAuthSettings)
|
username, err := handler.authenticateOAuth(payload.Code, &settings.OAuthSettings)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("[DEBUG] - OAuth authentication error: %s", err)
|
log.Printf("[DEBUG] - OAuth authentication error: %s", err)
|
||||||
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to authenticate through OAuth", Err: httperrors.ErrUnauthorized}
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to authenticate through OAuth", Err: httperrors.ErrUnauthorized}
|
||||||
|
|
@ -111,5 +110,5 @@ func (handler *Handler) validateOAuth(w http.ResponseWriter, r *http.Request) *h
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return handler.writeTokenForOAuth(w, user, expiryTime)
|
return handler.writeToken(w, user)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,6 @@ import (
|
||||||
"mime"
|
"mime"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"time"
|
|
||||||
|
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
|
|
||||||
|
|
@ -27,18 +26,18 @@ func NewService() *Service {
|
||||||
// Authenticate takes an access code and exchanges it for an access token from portainer OAuthSettings token endpoint.
|
// Authenticate takes an access code and exchanges it for an access token from portainer OAuthSettings token endpoint.
|
||||||
// On success, it will then return the username and token expiry time associated to authenticated user by fetching this information
|
// On success, it will then return the username and token expiry time associated to authenticated user by fetching this information
|
||||||
// from the resource server and matching it with the user identifier setting.
|
// from the resource server and matching it with the user identifier setting.
|
||||||
func (*Service) Authenticate(code string, configuration *portainer.OAuthSettings) (string, *time.Time, error) {
|
func (*Service) Authenticate(code string, configuration *portainer.OAuthSettings) (string, error) {
|
||||||
token, err := getOAuthToken(code, configuration)
|
token, err := getOAuthToken(code, configuration)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("[DEBUG] - Failed retrieving access token: %v", err)
|
log.Printf("[DEBUG] - Failed retrieving access token: %v", err)
|
||||||
return "", nil, err
|
return "", err
|
||||||
}
|
}
|
||||||
username, err := getUsername(token.AccessToken, configuration)
|
username, err := getUsername(token.AccessToken, configuration)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("[DEBUG] - Failed retrieving oauth user name: %v", err)
|
log.Printf("[DEBUG] - Failed retrieving oauth user name: %v", err)
|
||||||
return "", nil, err
|
return "", err
|
||||||
}
|
}
|
||||||
return username, &token.Expiry, nil
|
return username, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func getOAuthToken(code string, configuration *portainer.OAuthSettings) (*oauth2.Token, error) {
|
func getOAuthToken(code string, configuration *portainer.OAuthSettings) (*oauth2.Token, error) {
|
||||||
|
|
|
||||||
|
|
@ -1217,7 +1217,7 @@ type (
|
||||||
|
|
||||||
// OAuthService represents a service used to authenticate users using OAuth
|
// OAuthService represents a service used to authenticate users using OAuth
|
||||||
OAuthService interface {
|
OAuthService interface {
|
||||||
Authenticate(code string, configuration *OAuthSettings) (string, *time.Time, error)
|
Authenticate(code string, configuration *OAuthSettings) (string, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// RegistryService represents a service for managing registry data
|
// RegistryService represents a service for managing registry data
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue