|
|
@@ -70,6 +70,10 @@ func NewOAuth2Server(config *SSOConfig, parent *SSOHandler) (*OAuth2Server, erro
|
|
|
srv.SetResponseErrorHandler(func(re *errors.Response) {
|
|
|
log.Println("Response Error:", re.Error.Error())
|
|
|
})
|
|
|
+
|
|
|
+ //Set the access scope handler
|
|
|
+ srv.SetAuthorizeScopeHandler(thisServer.AuthorizationScopeHandler)
|
|
|
+ //Set the access token expiration handler based on requesting domain / hostname
|
|
|
srv.SetAccessTokenExpHandler(thisServer.ExpireHandler)
|
|
|
thisServer.srv = srv
|
|
|
return &thisServer, nil
|
|
|
@@ -130,6 +134,41 @@ func (oas *OAuth2Server) ExpireHandler(w http.ResponseWriter, r *http.Request) (
|
|
|
return time.Second * time.Duration(appConfig.SessionDuration), nil
|
|
|
}
|
|
|
|
|
|
+// AuthorizationScopeHandler, handle the scope of the request
|
|
|
+func (oas *OAuth2Server) AuthorizationScopeHandler(w http.ResponseWriter, r *http.Request) (scope string, err error) {
|
|
|
+ //Get the scope from post or GEt request
|
|
|
+ if r.Form == nil {
|
|
|
+ if err := r.ParseForm(); err != nil {
|
|
|
+ return "none", err
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ //Get the hostname of the request
|
|
|
+ requestHostname := r.Host
|
|
|
+ if requestHostname == "" {
|
|
|
+ //No rule set. Use default
|
|
|
+ return "none", nil
|
|
|
+ }
|
|
|
+
|
|
|
+ //Get the Registered App Config from parent
|
|
|
+ appConfig, ok := oas.parent.Apps[requestHostname]
|
|
|
+ if !ok {
|
|
|
+ //No rule set. Use default
|
|
|
+ return "none", nil
|
|
|
+ }
|
|
|
+
|
|
|
+ //Check if the scope is set in the request
|
|
|
+ if v, ok := r.Form["scope"]; ok {
|
|
|
+ //Check if the requested scope is in the appConfig scope
|
|
|
+ if utils.StringInArray(appConfig.Scopes, v[0]) {
|
|
|
+ return v[0], nil
|
|
|
+ }
|
|
|
+ return "none", nil
|
|
|
+ }
|
|
|
+
|
|
|
+ return "none", nil
|
|
|
+}
|
|
|
+
|
|
|
/* SSO Web Server Toggle Functions */
|
|
|
func (oas *OAuth2Server) RegisterOauthEndpoints(primaryMux *http.ServeMux) {
|
|
|
primaryMux.HandleFunc("/oauth2/login", oas.loginHandler)
|
|
|
@@ -223,6 +262,13 @@ func (oas *OAuth2Server) loginHandler(w http.ResponseWriter, r *http.Request) {
|
|
|
w.Header().Set("Location", "/oauth2/auth")
|
|
|
w.WriteHeader(http.StatusFound)
|
|
|
return
|
|
|
+ } else if r.Method == "GET" {
|
|
|
+ //Check if the user is logged in
|
|
|
+ if _, ok := store.Get(SSO_SESSION_NAME); ok {
|
|
|
+ w.Header().Set("Location", "/oauth2/auth")
|
|
|
+ w.WriteHeader(http.StatusFound)
|
|
|
+ return
|
|
|
+ }
|
|
|
}
|
|
|
//User not logged in. Show login page
|
|
|
w.Write(loginHtml)
|
Toby Chui