Merge pull request #2547 from gobitfly/BIDS-2466/OAuth_redirect_after…

…_login_not_working (BIDS-2466) Removed redirect from session data
gobitfly · Sep 21, 2023 · 6e5c859 · 6e5c859
2 parents fe5b708 + 123c0b7
commit 6e5c859
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 40 deletions.
diff --git a/cmd/explorer/main.go b/cmd/explorer/main.go
@@ -555,7 +555,6 @@ func main() {
 
 			oauthRouter := router.PathPrefix("/user").Subrouter()
 			oauthRouter.HandleFunc("/authorize", handlers.UserAuthorizeConfirm).Methods("GET")
-			oauthRouter.HandleFunc("/cancel", handlers.UserAuthorizationCancel).Methods("GET")
 			oauthRouter.Use(csrfHandler)
 
 			authRouter := router.PathPrefix("/user").Subrouter()

diff --git a/handlers/auth.go b/handlers/auth.go
@@ -156,12 +156,30 @@ func Login(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "text/html")
 
+	q := r.URL.Query()
+
 	data := InitPageData(w, r, "login", "/login", "Login", templateFiles)
-	data.Data = types.AuthData{
+
+	authData := types.AuthData{
 		Flashes:      utils.GetFlashes(w, r, authSessionName),
 		CsrfField:    csrf.TemplateField(r),
 		RecaptchaKey: utils.Config.Frontend.RecaptchaSiteKey,
 	}
+
+	redirectData := struct {
+		Redirect_uri string
+		State        string
+	}{
+		Redirect_uri: q.Get("redirect_uri"),
+		State:        q.Get("state"),
+	}
+
+	data.Data = struct {
+		AuthData     types.AuthData
+		RedirectData interface{}
+	}{
+		AuthData:     authData,
+		RedirectData: redirectData}
 	data.Meta.NoTrack = true
 
 	if handleTemplateError(w, r, "auth.go", "Login", "", loginTemplate.ExecuteTemplate(w, "layout", data)) != nil {
@@ -171,7 +189,6 @@ func Login(w http.ResponseWriter, r *http.Request) {
 
 // LoginPost handles authenticating the user.
 func LoginPost(w http.ResponseWriter, r *http.Request) {
-
 	if err := utils.HandleRecaptcha(w, r, "/login"); err != nil {
 		return
 	}
@@ -213,29 +230,40 @@ func LoginPost(w http.ResponseWriter, r *http.Request) {
 		UserGroup string `db:"user_group"`
 	}{}
 
+	redirectParam := ""
+	redirectURI := r.FormValue("oauth_redirect_uri")
+	if redirectURI != "" {
+		redirectParam = "?redirect_uri=" + redirectURI
+
+		state := r.FormValue("state")
+		if state != "" {
+			redirectParam += "&state=" + state
+		}
+	}
+
 	err = db.FrontendWriterDB.Get(&user, "SELECT users.id, email, password, email_confirmed, COALESCE(product_id, '') as product_id, COALESCE(active, false) as active, COALESCE(user_group, '') AS user_group FROM users left join users_app_subscriptions on users_app_subscriptions.user_id = users.id WHERE email = $1", email)
 	if err != nil {
 		if err != sql.ErrNoRows {
 			logger.Errorf("error retrieving password for user %v: %v", email, err)
 		}
 		session.AddFlash("Error: Invalid email or password!")
 		session.Save(r, w)
-		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		http.Redirect(w, r, "/login"+redirectParam, http.StatusSeeOther)
 		return
 	}
 
 	if !user.Confirmed {
 		session.AddFlash("Error: Email has not been confirmed, please click the link in the email we sent you or <a href='/resend'>resend link</a>!")
 		session.Save(r, w)
-		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		http.Redirect(w, r, "/login"+redirectParam, http.StatusSeeOther)
 		return
 	}
 
 	err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(pwd))
 	if err != nil {
 		session.AddFlash("Error: Invalid email or password!")
 		session.Save(r, w)
-		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		http.Redirect(w, r, "/login"+redirectParam, http.StatusSeeOther)
 		return
 	}
 
@@ -282,20 +310,8 @@ func LoginPost(w http.ResponseWriter, r *http.Request) {
 		},
 	).Info("login succeeded")
 
-	redirectURI := session.GetValue("oauth_redirect_uri")
-
-	if redirectURI != nil {
-		state := session.GetValue("state")
-		var stateParam = ""
-
-		if state != nil {
-			stateParam = "&state=" + state.(string)
-		}
-
-		session.DeleteValue("oauth_redirect_uri")
-		session.DeleteValue("state")
-
-		http.Redirect(w, r, "/user/authorize?redirect_uri="+redirectURI.(string)+stateParam, http.StatusSeeOther)
+	if redirectParam != "" {
+		http.Redirect(w, r, "/user/authorize"+redirectParam, http.StatusSeeOther)
 		return
 	}
 
@@ -316,7 +332,6 @@ func Logout(w http.ResponseWriter, r *http.Request) {
 	session.SetValue("subscription", "")
 	session.SetValue("authenticated", false)
 	session.DeleteValue("user_id")
-	session.DeleteValue("oauth_redirect_uri")
 
 	err = session.SCS.Destroy(r.Context())
 	if err != nil {

diff --git a/handlers/user.go b/handlers/user.go
@@ -180,12 +180,20 @@ func UserAuthorizeConfirm(w http.ResponseWriter, r *http.Request) {
 	clientID := q.Get("client_id")
 	state := q.Get("state")
 
-	session.SetValue("state", state)
 	session.SetValue("client_id", clientID)
-	session.SetValue("oauth_redirect_uri", redirectURI)
 	session.Save(r, w)
 
 	if !user.Authenticated {
+		if redirectURI != "" {
+			var stateParam = ""
+			if state != "" {
+				stateParam = "&state=" + state
+			}
+
+			http.Redirect(w, r, "/login?redirect_uri="+redirectURI+stateParam, http.StatusSeeOther)
+			return
+		}
+
 		http.Redirect(w, r, "/login", http.StatusSeeOther)
 		return
 	}
@@ -222,21 +230,6 @@ func UserAuthorizeConfirm(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-// UserAuthorizationCancel cancels oauth authorization session states and redirects to frontpage
-func UserAuthorizationCancel(w http.ResponseWriter, r *http.Request) {
-	_, session, err := getUserSession(r)
-	if err != nil {
-		http.Redirect(w, r, "/", http.StatusSeeOther)
-		return
-	}
-
-	session.DeleteValue("oauth_redirect_uri")
-	session.DeleteValue("state")
-	session.Save(r, w)
-
-	http.Redirect(w, r, "/", http.StatusSeeOther)
-}
-
 func UserNotifications(w http.ResponseWriter, r *http.Request) {
 	templateFiles := append(layoutTemplateFiles, "user/notifications.html")
 	var notificationTemplate = templates.GetTemplate(templateFiles...)
@@ -3035,7 +3028,7 @@ func UserGlobalNotification(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-// LoginPost handles authenticating the user.
+// UserGlobalNotificationPost handles the global notifications
 func UserGlobalNotificationPost(w http.ResponseWriter, r *http.Request) {
 	isAdmin, _ := handleAdminPermissions(w, r)
 	if !isAdmin {

diff --git a/templates/login.html b/templates/login.html
@@ -39,7 +39,7 @@
 {{ end }}
 
 {{ define "content" }}
-  {{ with .Data }}
+  {{ with .Data.AuthData }}
     <div class="container mt-2">
       <div class="row my-3">
         <div class="col-lg-6 col-sm-8 col-xl-5 mx-auto">
@@ -68,6 +68,8 @@ <h1 class="h2">Sign in to <i>beaconcha.in</i></h1>
               </label>
               <input tabindex="2" required type="password" maxlength="256" class="form-control" autocomplete="current-password" id="password" name="password" />
             </div>
+            <input type="hidden" value="{{ $.Data.RedirectData.Redirect_uri }}" name="oauth_redirect_uri" />
+            <input type="hidden" value="{{ $.Data.RedirectData.State }}" name="state" />
             <button data-sitekey="{{ .RecaptchaKey }}" data-callback="onSubmit" tabindex="3" type="submit" class="g-recaptcha btn btn-primary float-right">Login</button>
           </form>
           <span style="font-size: 90%;" class="text-muted">Don't have an account? </span><a tabindex="4" href="/register">Sign up</a>