You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2019/07/26 23:10:32 UTC

[GitHub] [trafficcontrol] rawlinp commented on a change in pull request #3505: Oauth integration

rawlinp commented on a change in pull request #3505: Oauth integration
URL: https://github.com/apache/trafficcontrol/pull/3505#discussion_r307929172
 
 

 ##########
 File path: traffic_ops/traffic_ops_golang/login/login.go
 ##########
 @@ -104,3 +110,184 @@ func LoginHandler(db *sqlx.DB, cfg config.Config) http.HandlerFunc {
 		fmt.Fprintf(w, "%s", respBts)
 	}
 }
+
+// OauthLoginHandler accepts a JSON web token previously obtained from an OAuth provider, decodes it, validates it, authorizes the user against the database, and returns the login result as either an error or success message
+func OauthLoginHandler(db *sqlx.DB, cfg config.Config) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		handleErrs := tc.GetHandleErrorsFunc(w, r)
+		defer r.Body.Close()
+		authenticated := false
+		resp := struct {
+			tc.Alerts
+		}{}
+
+		form := auth.PasswordForm{}
+		parameters := struct {
+			AuthCodeTokenUrl string `json:"authCodeTokenUrl"`
+			Code             string `json:"code"`
+			ClientId         string `json:"clientId"`
+			ClientSecret     string `json:"clientSecret"`
+			RedirectUri      string `json:"redirectUri"`
+		}{}
+
+		if err := json.NewDecoder(r.Body).Decode(&parameters); err != nil {
+			handleErrs(http.StatusBadRequest, err)
+			return
+		}
+
+		data := url.Values{}
+		data.Add("code", parameters.Code)
+		data.Add("client_id", parameters.ClientId)
+		data.Add("client_secret", parameters.ClientSecret)
+		data.Add("grant_type", "authorization_code") // Required by RFC6749 section 4.1.3
+		data.Add("redirect_uri", parameters.RedirectUri)
+
+		req, err := http.NewRequest("POST", parameters.AuthCodeTokenUrl, bytes.NewBufferString(data.Encode()))
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		if err != nil {
+			log.Errorf("obtaining token using code from oauth provider\n%s", err.Error())
+			return
+		}
+
+		client := http.Client{}
 
 Review comment:
   nit: we should consider adding a 30s (maybe shorter?) timeout to this request, but I think one of the other per-request timeouts might apply here if this request were to take a long time

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services