You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2019/05/01 14:42:12 UTC
[GitHub] [trafficcontrol] ocket8888 commented on a change in pull request
#3505: Oauth integration
ocket8888 commented on a change in pull request #3505: Oauth integration
URL: https://github.com/apache/trafficcontrol/pull/3505#discussion_r280092405
##########
File path: traffic_ops/traffic_ops_golang/login/login.go
##########
@@ -104,3 +108,119 @@ func LoginHandler(db *sqlx.DB, cfg config.Config) http.HandlerFunc {
fmt.Fprintf(w, "%s", respBts)
}
}
+
+func OauthLoginHandler(db *sqlx.DB, cfg config.Config) http.HandlerFunc {
+ return func(w http.ResponseWriter, r *http.Request) {
+ handleErrs := tc.GetHandleErrorsFunc(w, r)
+ defer r.Body.Close()
+ authenticated := false
+ resp := struct {
+ tc.Alerts
+ }{}
+
+ form := auth.PasswordForm{}
+ tokenForm := struct {
+ Token string `json:"t"`
+ }{}
+
+ if err := json.NewDecoder(r.Body).Decode(&tokenForm); err != nil {
+ handleErrs(http.StatusBadRequest, err)
+ return
+ }
+
+ encodedToken := tokenForm.Token
+
+ if encodedToken == "" {
+ log.Errorf("Token not found in request but is required")
+ handleErrs(http.StatusBadRequest, errors.New("Token not found in request but is required"))
+ return
+ }
+
+ decodedToken, err := jwt.Parse(encodedToken, func(unverifiedToken *jwt.Token) (interface{}, error) {
+ publicKeyUrl := unverifiedToken.Header["jku"].(string)
+ publicKeyId := unverifiedToken.Header["kid"].(string)
+
+ if !VerifyUrlOnWhiteList(publicKeyUrl, cfg.ConfigTrafficOpsGolang.WhitelistedOAuthUrls) {
+ return nil, errors.New("Key URL from token is not included in the whitelisted urls. Received: " + publicKeyUrl)
+ }
+
+ keys, err := jwk.FetchHTTP(publicKeyUrl)
+ if err != nil {
+ return nil, err
+ }
+
+ keyById := keys.LookupKeyID(publicKeyId)
+ selectedKey, err := keyById[0].Materialize()
+
+ if err != nil {
+ return nil, err
+ }
+
+ return selectedKey, nil
+ })
+ if err != nil {
+ handleErrs(http.StatusInternalServerError, errors.New("Error decoding token with message: "+err.Error()))
Review comment:
Yeah, looks like I misunderstood what was happening here. If you want, you could call `handleErrs` _within_ the anonymous `func` and set a boolean variable local to the caller to indicate if a returned `error` was internal to the anonymous `func`. Something like:
```go
internal := false
decodedToken, err := jwt.Parse(encodedToken, func(unverifiedToken *jwt.Token) (interface{}, error) {
thing, err := funcThatCouldErr()
if err != nil {
internal = true
handleErrs(http.ApropriateStatus, errors.New("Error description"))
return nil, err
}
// ...
}
if internal {
return
} else if err != nil {
handleErrs(http.StatusInternalServerError, errors.New("Error parsing JWT: "+err.Error())
return
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services