You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2019/07/15 19:41:29 UTC
[GitHub] [trafficcontrol] mattjackson220 commented on a change in pull
request #3505: Oauth integration
mattjackson220 commented on a change in pull request #3505: Oauth integration
URL: https://github.com/apache/trafficcontrol/pull/3505#discussion_r303602700
##########
File path: traffic_ops/traffic_ops_golang/login/login.go
##########
@@ -104,3 +108,119 @@ func LoginHandler(db *sqlx.DB, cfg config.Config) http.HandlerFunc {
fmt.Fprintf(w, "%s", respBts)
}
}
+
+func OauthLoginHandler(db *sqlx.DB, cfg config.Config) http.HandlerFunc {
+ return func(w http.ResponseWriter, r *http.Request) {
+ handleErrs := tc.GetHandleErrorsFunc(w, r)
+ defer r.Body.Close()
+ authenticated := false
+ resp := struct {
+ tc.Alerts
+ }{}
+
+ form := auth.PasswordForm{}
+ tokenForm := struct {
+ Token string `json:"t"`
+ }{}
+
+ if err := json.NewDecoder(r.Body).Decode(&tokenForm); err != nil {
+ handleErrs(http.StatusBadRequest, err)
+ return
+ }
+
+ encodedToken := tokenForm.Token
+
+ if encodedToken == "" {
+ log.Errorf("Token not found in request but is required")
+ handleErrs(http.StatusBadRequest, errors.New("Token not found in request but is required"))
+ return
+ }
+
+ decodedToken, err := jwt.Parse(encodedToken, func(unverifiedToken *jwt.Token) (interface{}, error) {
+ publicKeyUrl := unverifiedToken.Header["jku"].(string)
+ publicKeyId := unverifiedToken.Header["kid"].(string)
+
+ if !VerifyUrlOnWhiteList(publicKeyUrl, cfg.ConfigTrafficOpsGolang.WhitelistedOAuthUrls) {
+ return nil, errors.New("Key URL from token is not included in the whitelisted urls. Received: " + publicKeyUrl)
+ }
+
+ keys, err := jwk.FetchHTTP(publicKeyUrl)
+ if err != nil {
+ return nil, err
+ }
+
+ keyById := keys.LookupKeyID(publicKeyId)
+ selectedKey, err := keyById[0].Materialize()
+
+ if err != nil {
+ return nil, err
+ }
+
+ return selectedKey, nil
+ })
+ if err != nil {
+ handleErrs(http.StatusInternalServerError, errors.New("Error decoding token with message: "+err.Error()))
+ log.Errorf("Error decoding token: %s\n", err.Error())
+ return
+ }
+
+ authenticated = decodedToken.Valid
+
+ userId := decodedToken.Claims.(jwt.MapClaims)["sub"].(string)
+ form.Username = userId
+
+ userAllowed, err, blockingErr := auth.CheckLocalUserIsAllowed(form, db, time.Duration(cfg.DBQueryTimeoutSeconds)*time.Second)
+ if blockingErr != nil {
+ api.HandleErr(w, r, nil, http.StatusServiceUnavailable, nil, fmt.Errorf("error checking local user password: %s\n", blockingErr.Error()))
+ return
+ }
+ if err != nil {
+ log.Errorf("checking local user: %s\n", err.Error())
+ return
Review comment:
done
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services