mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

*: rename internally used "state" form value to "req" 

"state" means something specific to OAuth2 and SAML so we don't
want to confuse developers who are working on this.

Also don't use "session" which could easily be confused with HTTP
cookies.
pull/638/head
Eric Chiang 10 years ago
parent
a3235d022a
commit
7c2289e0de
6 changed files with 31 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      server/handlers.go
  2. 30
      server/templates.go
  3. 8
      server/templates_default.go
  4. 4
      web/templates/approval.html
  5. 2
      web/templates/login.html
  6. 2
      web/templates/password.html

15
server/handlers.go
Unescape View File

@ -148,11 +148,9 @@ func (s *Server) handleAuthorization(w http.ResponseWriter, r *http.Request) {
s.renderError(w, http.StatusInternalServerError, errServerError, "")
return
}
state := authReq.ID
if len(s.connectors) == 1 {
for id := range s.connectors {
http.Redirect(w, r, s.absPath("/auth", id)+"?state="+state, http.StatusFound)
http.Redirect(w, r, s.absPath("/auth", id)+"?req="+authReq.ID, http.StatusFound)
return
}
}
@ -168,7 +166,7 @@ func (s *Server) handleAuthorization(w http.ResponseWriter, r *http.Request) {
i++
}
s.templates.login(w, connectorInfos, state)
s.templates.login(w, connectorInfos, authReq.ID)
}
func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
@ -179,7 +177,7 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
return
}
authReqID := r.FormValue("state")
authReqID := r.FormValue("req")
// TODO(ericchiang): cache user identity.
@ -198,6 +196,9 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
switch conn := conn.Connector.(type) {
case connector.CallbackConnector:
// Use the auth request ID as the "state" token.
//
// TODO(ericchiang): Is this appropriate or should we also be using a nonce?
callbackURL, err := conn.LoginURL(s.absURL("/callback"), authReqID)
if err != nil {
log.Printf("Connector %q returned error when creating callback: %v", connID, err)
@ -342,11 +343,11 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
if err := s.storage.UpdateAuthRequest(authReq.ID, updater); err != nil {
return "", fmt.Errorf("failed to update auth request: %v", err)
}
return path.Join(s.issuerURL.Path, "/approval") + "?state=" + authReq.ID, nil
return path.Join(s.issuerURL.Path, "/approval") + "?req=" + authReq.ID, nil
}
func (s *Server) handleApproval(w http.ResponseWriter, r *http.Request) {
authReq, err := s.storage.GetAuthRequest(r.FormValue("state"))
authReq, err := s.storage.GetAuthRequest(r.FormValue("req"))
if err != nil {
log.Printf("Failed to get auth request: %v", err)
s.renderError(w, http.StatusInternalServerError, errServerError, "")

30
server/templates.go
Unescape View File

@ -138,29 +138,29 @@ func (n byName) Len() int { return len(n) }
func (n byName) Less(i, j int) bool { return n[i].Name < n[j].Name }
func (n byName) Swap(i, j int) { n[i], n[j] = n[j], n[i] }
func (t *templates) login(w http.ResponseWriter, connectors []connectorInfo, state string) {
func (t *templates) login(w http.ResponseWriter, connectors []connectorInfo, authReqID string) {
sort.Sort(byName(connectors))
data := struct {
TemplateConfig
Connectors []connectorInfo
State string
}{t.globalData, connectors, state}
AuthReqID string
}{t.globalData, connectors, authReqID}
renderTemplate(w, t.loginTmpl, data)
}
func (t *templates) password(w http.ResponseWriter, state, callback, lastUsername string, lastWasInvalid bool) {
func (t *templates) password(w http.ResponseWriter, authReqID, callback, lastUsername string, lastWasInvalid bool) {
data := struct {
TemplateConfig
State string
PostURL string
Username string
Invalid bool
}{t.globalData, state, callback, lastUsername, lastWasInvalid}
AuthReqID string
PostURL string
Username string
Invalid bool
}{t.globalData, authReqID, callback, lastUsername, lastWasInvalid}
renderTemplate(w, t.passwordTmpl, data)
}
func (t *templates) approval(w http.ResponseWriter, state, username, clientName string, scopes []string) {
func (t *templates) approval(w http.ResponseWriter, authReqID, username, clientName string, scopes []string) {
accesses := []string{}
for _, scope := range scopes {
access, ok := scopeDescriptions[scope]
@ -171,11 +171,11 @@ func (t *templates) approval(w http.ResponseWriter, state, username, clientName
sort.Strings(accesses)
data := struct {
TemplateConfig
User string
Client string
State string
Scopes []string
}{t.globalData, username, clientName, state, accesses}
User string
Client string
AuthReqID string
Scopes []string
}{t.globalData, username, clientName, authReqID, accesses}
renderTemplate(w, t.approvalTmpl, data)
}

8
server/templates_default.go
Unescape View File

@ -25,7 +25,7 @@ var defaultTemplates = map[string]string{
<div>
<div class="form-row">
<form method="post">
<input type="hidden" name="state" value="{{ .State }}"/>
<input type="hidden" name="req" value="{{ .AuthReqID }}"/>
<input type="hidden" name="approval" value="approve">
<button type="submit" class="btn btn-success">
<span class="btn-text">Grant Access</span>
@ -34,7 +34,7 @@ var defaultTemplates = map[string]string{
</div>
<div class="form-row">
<form method="post">
<input type="hidden" name="state" value="{{ .State }}"/>
<input type="hidden" name="req" value="{{ .AuthReqID }}"/>
<input type="hidden" name="approval" value="rejected">
<button type="submit" class="btn btn-provider">
<span class="btn-text">Cancel</span>
@ -300,7 +300,7 @@ var defaultTemplates = map[string]string{
<div>
{{ range $c := .Connectors }}
<div class="form-row">
<a href="{{ $c.URL }}?state={{ $.State }}" target="_self">
<a href="{{ $c.URL }}?req={{ $.AuthReqID }}" target="_self">
<button class="btn btn-provider">
<span class="btn-icon btn-icon-{{ $c.ID }}"></span>
<span class="btn-text">Log in with {{ $c.Name }}</span>
@ -344,7 +344,7 @@ var defaultTemplates = map[string]string{
</div>
<input tabindex="2" required id="password" name="password" type="password" class="input-box" placeholder="password" {{ if .Invalid }} autofocus {{ end }}/>
</div>
<input type="hidden" name="state" value="{{ .State }}"/>
<input type="hidden" name="req" value="{{ .AuthReqID }}"/>
{{ if .Invalid }}
<div class="error-box">

4
web/templates/approval.html
Unescape View File

@ -19,7 +19,7 @@
<div>
<div class="form-row">
<form method="post">
<input type="hidden" name="state" value="{{ .State }}"/>
<input type="hidden" name="req" value="{{ .AuthReqID }}"/>
<input type="hidden" name="approval" value="approve">
<button type="submit" class="btn btn-success">
<span class="btn-text">Grant Access</span>
@ -28,7 +28,7 @@
</div>
<div class="form-row">
<form method="post">
<input type="hidden" name="state" value="{{ .State }}"/>
<input type="hidden" name="req" value="{{ .AuthReqID }}"/>
<input type="hidden" name="approval" value="rejected">
<button type="submit" class="btn btn-provider">
<span class="btn-text">Cancel</span>

2
web/templates/login.html
Unescape View File

@ -6,7 +6,7 @@
<div>
{{ range $c := .Connectors }}
<div class="form-row">
<a href="{{ $c.URL }}?state={{ $.State }}" target="_self">
<a href="{{ $c.URL }}?req={{ $.AuthReqID }}" target="_self">
<button class="btn btn-provider">
<span class="btn-icon btn-icon-{{ $c.ID }}"></span>
<span class="btn-text">Log in with {{ $c.Name }}</span>

2
web/templates/password.html
Unescape View File

@ -15,7 +15,7 @@
</div>
<input tabindex="2" required id="password" name="password" type="password" class="input-box" placeholder="password" {{ if .Invalid }} autofocus {{ end }}/>
</div>
<input type="hidden" name="state" value="{{ .State }}"/>
<input type="hidden" name="req" value="{{ .AuthReqID }}"/>
{{ if .Invalid }}
<div class="error-box">

Write Preview
Loading…
Cancel
Save