MInor bug fix at OAuth2, tidied up some code

mod/auth/oauth2/github.go

@@ -68,10 +68,15 @@ func githubEndpoint() oauth2.Endpoint {
 func githubUserInfo(accessToken string) (string, error) {
 	client := &http.Client{}
 	req, err := http.NewRequest("GET", "https://api.github.com/user", nil)
+	if err != nil {
+		return "", err
+	}
 	req.Header.Set("Authorization", "token "+accessToken)
 	req.Header.Set("Accept", "application/vnd.github.v3+json")
 	response, err := client.Do(req)
-
+	if err != nil {
+		return "", err
+	}
 	defer response.Body.Close()
 	contents, err := ioutil.ReadAll(response.Body)
 	var data GithubField

mod/auth/oauth2/google.go

@@ -31,7 +31,9 @@ func googleEndpoint() oauth2.Endpoint {
 
 func googleUserInfo(accessToken string) (string, error) {
 	response, err := http.Get("https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + accessToken)
-
+	if err != nil {
+		return "", err
+	}
 	defer response.Body.Close()
 	contents, err := ioutil.ReadAll(response.Body)
 	var data GoogleField

mod/auth/oauth2/internal.go

@@ -33,7 +33,7 @@ func sendOK(w http.ResponseWriter) {
 }
 
 func mv(r *http.Request, getParamter string, postMode bool) (string, error) {
-	if postMode == false {
+	if !postMode {
 		//Access the paramter via GET
 		keys, ok := r.URL.Query()[getParamter]
 

mod/auth/oauth2/microsoft.go

@@ -31,9 +31,14 @@ func microsoftEndpoint() oauth2.Endpoint {
 func microsoftUserInfo(accessToken string) (string, error) {
 	client := &http.Client{}
 	req, err := http.NewRequest("GET", "https://graph.microsoft.com/oidc/userinfo", nil)
+	if err != nil {
+		return "", err
+	}
 	req.Header.Set("Authorization", "Bearer "+accessToken)
 	response, err := client.Do(req)
-
+	if err != nil {
+		return "", err
+	}
 	defer response.Body.Close()
 	contents, err := ioutil.ReadAll(response.Body)
 	var data MicrosoftField

mod/auth/oauth2/oauth2.go

@@ -1,6 +1,7 @@
 package oauth2
 
 import (
+	"context"
 	"encoding/json"
 	"log"
 	"net/http"
@@ -17,21 +18,17 @@ import (
 type OauthHandler struct {
 	googleOauthConfig *oauth2.Config
 	syncDb            *syncdb.SyncDB
-	oauthStateString  string
-	DefaultUserGroup  string
 	ag                *auth.AuthAgent
 	reg               *reg.RegisterHandler
 	coredb            *db.Database
-	config            *Config
 }
 
 type Config struct {
-	Enabled          bool   `json:"enabled"`
-	IDP              string `json:"idp"`
-	RedirectURL      string `json:"redirect_url"`
-	ClientID         string `json:"client_id"`
-	ClientSecret     string `json:"client_secret"`
-	DefaultUserGroup string `json:"default_user_group"`
+	Enabled      bool   `json:"enabled"`
+	IDP          string `json:"idp"`
+	RedirectURL  string `json:"redirect_url"`
+	ClientID     string `json:"client_id"`
+	ClientSecret string `json:"client_secret"`
 }
 
 //NewOauthHandler xxx
@@ -50,11 +47,10 @@ func NewOauthHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, c
 			Scopes:       getScope(coreDb),
 			Endpoint:     getEndpoint(coreDb),
 		},
-		DefaultUserGroup: readSingleConfig("defaultusergroup", coreDb),
-		ag:               authAgent,
-		syncDb:           syncdb.NewSyncDB(),
-		reg:              register,
-		coredb:           coreDb,
+		ag:     authAgent,
+		syncDb: syncdb.NewSyncDB(),
+		reg:    register,
+		coredb: coreDb,
 	}
 
 	return &NewlyCreatedOauthHandler
@@ -62,6 +58,11 @@ func NewOauthHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, c
 
 //HandleOauthLogin xxx
 func (oh *OauthHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
+	enabled := oh.readSingleConfig("enabled")
+	if enabled == "" || enabled == "false" {
+		sendTextResponse(w, "OAuth disabled")
+		return
+	}
 	//add cookies
 	redirect, err := mv(r, "redirect", false)
 	//store the redirect url to the sync map
@@ -80,6 +81,11 @@ func (oh *OauthHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
 
 //OauthAuthorize xxx
 func (oh *OauthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request) {
+	enabled := oh.readSingleConfig("enabled")
+	if enabled == "" || enabled == "false" {
+		sendTextResponse(w, "OAuth disabled")
+		return
+	}
 	//read the uuid(aka the state parameter)
 	uuid, err := r.Cookie("uuid_login")
 	if err != nil {
@@ -104,7 +110,7 @@ func (oh *OauthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request)
 	}
 
 	//exchange the infromation to get code
-	token, err := oh.googleOauthConfig.Exchange(oauth2.NoContext, code)
+	token, err := oh.googleOauthConfig.Exchange(context.Background(), code)
 	if err != nil {
 		sendTextResponse(w, "Code exchange failed.")
 		return
@@ -113,35 +119,33 @@ func (oh *OauthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request)
 	//get user info
 	username, err := getUserInfo(token.AccessToken, oh.coredb)
 	if err != nil {
-		oh.ag.Logger.LogAuth(r, false)
+		oh.ag.Logger.LogAuthByRequestInfo(username, r.RemoteAddr, time.Now().Unix(), false, "web")
 		sendTextResponse(w, "Failed to obtain user info.")
 		return
 	}
 
-	r.Form.Add("username", username) // to address Tobychui's log auth function
-
 	if !oh.ag.UserExists(username) {
 		//register user if not already exists
 		//if registration is closed, return error message.
 		//also makr the login as fail.
 		if oh.reg.AllowRegistry {
-			oh.ag.Logger.LogAuth(r, false)
-			http.Redirect(w, r, "/public/register/register.system?user="+username, 302)
+			oh.ag.Logger.LogAuthByRequestInfo(username, r.RemoteAddr, time.Now().Unix(), false, "web")
+			http.Redirect(w, r, "/public/register/register.system?user="+username, http.StatusFound)
 		} else {
-			oh.ag.Logger.LogAuth(r, false)
+			oh.ag.Logger.LogAuthByRequestInfo(username, r.RemoteAddr, time.Now().Unix(), false, "web")
 			sendHTMLResponse(w, "You are not allowed to register in this system.&nbsp;<a href=\"/\">Back</a>")
 		}
 	} else {
 		log.Println(username + " logged in via OAuth.")
 		oh.ag.LoginUserByRequest(w, r, username, true)
-		oh.ag.Logger.LogAuth(r, true)
+		oh.ag.Logger.LogAuthByRequestInfo(username, r.RemoteAddr, time.Now().Unix(), true, "web")
 		//clear the cooke
 		oh.addCookie(w, "uuid_login", "-invaild-", -1)
 		//read the value from db and delete it from db
 		url := oh.syncDb.Read(uuid.Value)
 		oh.syncDb.Delete(uuid.Value)
 		//redirect to the desired page
-		http.Redirect(w, r, url, 302)
+		http.Redirect(w, r, url, http.StatusFound)
 	}
 }
 
@@ -176,15 +180,13 @@ func (oh *OauthHandler) ReadConfig(w http.ResponseWriter, r *http.Request) {
 	redirecturl := oh.readSingleConfig("redirecturl")
 	clientid := oh.readSingleConfig("clientid")
 	clientsecret := oh.readSingleConfig("clientsecret")
-	defaultusergroup := oh.readSingleConfig("defaultusergroup")
 
 	config, err := json.Marshal(Config{
-		Enabled:          enabled,
-		IDP:              idp,
-		RedirectURL:      redirecturl,
-		ClientID:         clientid,
-		ClientSecret:     clientsecret,
-		DefaultUserGroup: defaultusergroup,
+		Enabled:      enabled,
+		IDP:          idp,
+		RedirectURL:  redirecturl,
+		ClientID:     clientid,
+		ClientSecret: clientsecret,
 	})
 	if err != nil {
 		empty, err := json.Marshal(Config{})
@@ -238,19 +240,11 @@ func (oh *OauthHandler) WriteConfig(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
-	defaultusergroup, err := mv(r, "defaultusergroup", true)
-	if err != nil {
-		if showError {
-			sendErrorResponse(w, "defaultusergroup field can't be empty'")
-			return
-		}
-	}
 
 	oh.coredb.Write("oauth", "idp", idp)
 	oh.coredb.Write("oauth", "redirecturl", redirecturl)
 	oh.coredb.Write("oauth", "clientid", clientid)
 	oh.coredb.Write("oauth", "clientsecret", clientsecret)
-	oh.coredb.Write("oauth", "defaultusergroup", defaultusergroup)
 
 	//update the information inside the oauth class
 	oh.googleOauthConfig = &oauth2.Config{

web/SystemAO/advance/oauth.html

@@ -108,17 +108,6 @@
                     <input type="text" id="clientsecret" placeholder="Client Secret">
                 </div>
             </div>
-            <div class="field">
-                <label>Default user group</label>
-                <div class="ui selection fluid dropdown" autocomplete="false">
-                    <input type="hidden" id="group" name="group" autocomplete="false">
-                    <i class="dropdown icon"></i>
-                    <div class="default text">Select user group</div>
-                    <div id="grouplist" class="menu">
-
-                    </div>
-                </div>
-            </div>
             <button id="ntb" onclick="update();" class="ui green button" type="submit">Update</button>
         </div>
         <div class="ui divider"></div>
@@ -129,7 +118,6 @@
     <script>
         $(document).ready(function() {
             loadIdpList();
-            loadGroupList();
             read();
         });
 
@@ -142,7 +130,6 @@
                 $("#redirecturl").val(data.redirect_url);
                 $("#clientid").val(data.client_id);
                 $("#clientsecret").val(data.client_secret);
-                $("#group").parent().dropdown("set selected", data.default_user_group);
             });
         }
 
@@ -153,12 +140,11 @@
                     redirecturl: $("#redirecturl").val(),
                     clientid: $("#clientid").val(),
                     clientsecret: $("#clientsecret").val(),
-                    defaultusergroup: $("#group").val()
                 })
                 .done(function(data) {
-                    if (data.error != undefined){
+                    if (data.error != undefined) {
                         alert(data.error);
-                    }else{
+                    } else {
                         //OK!
                         $("#updateSet").stop().finish().slideDown("fast").delay(3000).slideUp('fast');
                     }
@@ -178,21 +164,6 @@
             }
             $("#idplist").parent().dropdown();
         }
-
-        function loadGroupList() {
-            $("#grouplist").html("");
-            $.get("../../system/permission/listgroup", function(data) {
-                if (data.error !== undefined) {
-                    alert(data.error);
-                } else {
-                    for (var i = 0; i < data.length; i++) {
-                        let groupinfo = data[i];
-                        $("#grouplist").append(`<div class="item" data-value="${groupinfo}">${groupinfo}</div>`);
-                    }
-                }
-                $("#grouplist").parent().dropdown();
-            });
-        }
     </script>
 </body>