| Index: server/auth/openid/method.go
|
| diff --git a/server/auth/openid/method.go b/server/auth/openid/method.go
|
| index f3f3d1207161b7ec6c709e809a77a298e87755cb..2e0db253a19f12d6bd875ac7d6131d6bac75259a 100644
|
| --- a/server/auth/openid/method.go
|
| +++ b/server/auth/openid/method.go
|
| @@ -3,28 +3,27 @@
|
| // that can be found in the LICENSE file.
|
|
|
| package openid
|
|
|
| import (
|
| "fmt"
|
| "net/http"
|
| "net/url"
|
| "time"
|
|
|
| - "github.com/julienschmidt/httprouter"
|
| "golang.org/x/net/context"
|
|
|
| "github.com/luci/luci-go/common/clock"
|
| "github.com/luci/luci-go/common/errors"
|
| "github.com/luci/luci-go/common/logging"
|
| "github.com/luci/luci-go/server/auth"
|
| - "github.com/luci/luci-go/server/middleware"
|
| + "github.com/luci/luci-go/server/router"
|
| )
|
|
|
| // These are installed into a HTTP router by AuthMethod.InstallHandlers(...).
|
| const (
|
| loginURL = "/auth/openid/login"
|
| logoutURL = "/auth/openid/logout"
|
| callbackURL = "/auth/openid/callback"
|
| )
|
|
|
| // AuthMethod implements auth.Method and auth.UsersAPI and can be used as
|
| @@ -45,24 +44,24 @@ type AuthMethod struct {
|
| Insecure bool
|
|
|
| // IncompatibleCookies is a list of cookies to remove when setting or clearing
|
| // session cookie. It is useful to get rid of GAE cookies when OpenID cookies
|
| // are being used. Having both is very confusing.
|
| IncompatibleCookies []string
|
| }
|
|
|
| // InstallHandlers installs HTTP handlers used in OpenID protocol. Must be
|
| // installed in server HTTP router for OpenID authentication flow to work.
|
| -func (m *AuthMethod) InstallHandlers(r *httprouter.Router, base middleware.Base) {
|
| - r.GET(loginURL, base(m.loginHandler))
|
| - r.GET(logoutURL, base(m.logoutHandler))
|
| - r.GET(callbackURL, base(m.callbackHandler))
|
| +func (m *AuthMethod) InstallHandlers(r *router.Router, base router.MiddlewareChain) {
|
| + r.GET(loginURL, base, m.loginHandler)
|
| + r.GET(logoutURL, base, m.logoutHandler)
|
| + r.GET(callbackURL, base, m.callbackHandler)
|
| }
|
|
|
| // Warmup prepares local caches. It's optional.
|
| func (m *AuthMethod) Warmup(c context.Context) error {
|
| cfg, err := fetchCachedSettings(c)
|
| if err != nil {
|
| return err
|
| }
|
| _, err = fetchDiscoveryDoc(c, cfg.DiscoveryURL)
|
| return err
|
| @@ -111,21 +110,23 @@ func (m *AuthMethod) LoginURL(c context.Context, dest string) (string, error) {
|
| func (m *AuthMethod) LogoutURL(c context.Context, dest string) (string, error) {
|
| if m.SessionStore == nil {
|
| return "", ErrNotConfigured
|
| }
|
| return makeRedirectURL(logoutURL, dest)
|
| }
|
|
|
| ////
|
|
|
| // loginHandler initiates login flow by redirecting user to OpenID login page.
|
| -func (m *AuthMethod) loginHandler(c context.Context, rw http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
| +func (m *AuthMethod) loginHandler(ctx *router.Context) {
|
| + c, rw, r := ctx.Context, ctx.Writer, ctx.Request
|
| +
|
| dest, err := normalizeURL(r.URL.Query().Get("r"))
|
| if err != nil {
|
| replyError(c, rw, err, "Bad redirect URI (%q) - %s", dest, err)
|
| return
|
| }
|
|
|
| cfg, err := fetchCachedSettings(c)
|
| if err != nil {
|
| replyError(c, rw, err, "Can't load OpenID settings - %s", err)
|
| return
|
| @@ -139,21 +140,23 @@ func (m *AuthMethod) loginHandler(c context.Context, rw http.ResponseWriter, r *
|
| }
|
| authURI, err := authenticationURI(c, cfg, state)
|
| if err != nil {
|
| replyError(c, rw, err, "Can't generate authentication URI - %s", err)
|
| return
|
| }
|
| http.Redirect(rw, r, authURI, http.StatusFound)
|
| }
|
|
|
| // logoutHandler nukes active session and redirect back to destination URL.
|
| -func (m *AuthMethod) logoutHandler(c context.Context, rw http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
| +func (m *AuthMethod) logoutHandler(ctx *router.Context) {
|
| + c, rw, r := ctx.Context, ctx.Writer, ctx.Request
|
| +
|
| dest, err := normalizeURL(r.URL.Query().Get("r"))
|
| if err != nil {
|
| replyError(c, rw, err, "Bad redirect URI (%q) - %s", dest, err)
|
| return
|
| }
|
|
|
| // Close a session if there's one.
|
| sid, err := decodeSessionCookie(c, r)
|
| if err != nil {
|
| replyError(c, rw, err, "Error when decoding session cookie - %s", err)
|
| @@ -169,21 +172,23 @@ func (m *AuthMethod) logoutHandler(c context.Context, rw http.ResponseWriter, r
|
| // Nuke all session cookies to get to a completely clean state.
|
| removeCookie(rw, r, sessionCookieName)
|
| m.removeIncompatibleCookies(rw, r)
|
|
|
| // Redirect to the final destination.
|
| http.Redirect(rw, r, dest, http.StatusFound)
|
| }
|
|
|
| // callbackHandler handles redirect from OpenID backend. Parameters contain
|
| // authorization code that can be exchanged for user profile.
|
| -func (m *AuthMethod) callbackHandler(c context.Context, rw http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
| +func (m *AuthMethod) callbackHandler(ctx *router.Context) {
|
| + c, rw, r := ctx.Context, ctx.Writer, ctx.Request
|
| +
|
| // This code path is hit when user clicks "Deny" on consent page.
|
| q := r.URL.Query()
|
| errorMsg := q.Get("error")
|
| if errorMsg != "" {
|
| replyError(c, rw, errors.New("login error"), "OpenID login error: %s", errorMsg)
|
| return
|
| }
|
|
|
| // Validate inputs.
|
| code := q.Get("code")
|
|
|
Chromium Code Reviews
Issue 2043423004:
Make HTTP middleware easier to use (Closed)
Base URL: https://github.com/luci/luci-go@master