From d510d23408ab0897d359bd11db88b3ca7025fa97 Mon Sep 17 00:00:00 2001 From: Anthony Lapenna Date: Wed, 20 Feb 2019 13:53:25 +1300 Subject: [PATCH] feat(oauth): improve Azure OAuth support --- api/http/handler/auth/authenticate_oauth.go | 4 +++- api/http/handler/settings/settings_public.go | 2 +- .../oauth-provider-selector-controller.js | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/api/http/handler/auth/authenticate_oauth.go b/api/http/handler/auth/authenticate_oauth.go index 5eafe0d1b..d8559e999 100644 --- a/api/http/handler/auth/authenticate_oauth.go +++ b/api/http/handler/auth/authenticate_oauth.go @@ -4,6 +4,7 @@ import ( "encoding/json" "io/ioutil" "net/http" + "log" "github.com/asaskevich/govalidator" httperror "github.com/portainer/libhttp/error" @@ -83,7 +84,7 @@ func (handler *Handler) validateOAuth(w http.ResponseWriter, r *http.Request) *h } if settings.AuthenticationMethod != 3 { - return &httperror.HandlerError{http.StatusForbidden, "OAuth authentication is not enabled", err} + return &httperror.HandlerError{http.StatusForbidden, "OAuth authentication is not enabled", portainer.Error("OAuth authentication is not enabled")} } extension, err := handler.ExtensionService.Extension(portainer.OAuthAuthenticationExtension) @@ -95,6 +96,7 @@ func (handler *Handler) validateOAuth(w http.ResponseWriter, r *http.Request) *h username, err := handler.authenticateThroughExtension(payload.Code, extension.License.LicenseKey, &settings.OAuthSettings) if err != nil { + log.Printf("[DEBUG] - OAuth authentication error: %s", err) return &httperror.HandlerError{http.StatusInternalServerError, "Unable to authenticate through OAuth", portainer.ErrUnauthorized} } diff --git a/api/http/handler/settings/settings_public.go b/api/http/handler/settings/settings_public.go index e5fabd6d8..800c43641 100644 --- a/api/http/handler/settings/settings_public.go +++ b/api/http/handler/settings/settings_public.go @@ -34,7 +34,7 @@ func (handler *Handler) settingsPublic(w http.ResponseWriter, r *http.Request) * EnableHostManagementFeatures: settings.EnableHostManagementFeatures, ExternalTemplates: false, // TODO: check if state=portainer useful or not - OAuthLoginURI: fmt.Sprintf("%s?response_type=code&client_id=%s&redirect_uri=%s&scope=%s&state=portainer", + OAuthLoginURI: fmt.Sprintf("%s?response_type=code&client_id=%s&redirect_uri=%s&scope=%s&state=portainer&prompt=login", settings.OAuthSettings.AuthorizationURI, settings.OAuthSettings.ClientID, settings.OAuthSettings.RedirectURI, diff --git a/app/extensions/oauth/components/oauth-providers-selector/oauth-provider-selector-controller.js b/app/extensions/oauth/components/oauth-providers-selector/oauth-provider-selector-controller.js index 82971ae1b..73721cb1c 100644 --- a/app/extensions/oauth/components/oauth-providers-selector/oauth-provider-selector-controller.js +++ b/app/extensions/oauth/components/oauth-providers-selector/oauth-provider-selector-controller.js @@ -7,7 +7,7 @@ angular.module('portainer.extensions.oauth') authUrl: 'https://login.microsoftonline.com/TENANT_ID/oauth2/authorize', accessTokenUrl: 'https://login.microsoftonline.com/TENANT_ID/oauth2/token', resourceUrl: 'https://graph.windows.net/TENANT_ID/me?api-version=2013-11-08', - userIdentifier: 'mail', + userIdentifier: 'userPrincipalName', scopes: 'id,email,name', name: 'microsoft' },