|
|
@@ -63,9 +63,9 @@ func NewOauthHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, c
|
|
|
//HandleOauthLogin xxx
|
|
|
func (oh *OauthHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
|
|
|
//add cookies
|
|
|
- redirect, e := r.URL.Query()["redirect"]
|
|
|
+ redirect, err := r.URL.Query()["redirect"]
|
|
|
uuid := ""
|
|
|
- if !e || len(redirect[0]) < 1 {
|
|
|
+ if !err || len(redirect[0]) < 1 {
|
|
|
uuid = oh.syncDb.Store("/")
|
|
|
} else {
|
|
|
uuid = oh.syncDb.Store(redirect[0])
|
|
|
@@ -85,13 +85,22 @@ func (oh *OauthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request)
|
|
|
return
|
|
|
}
|
|
|
|
|
|
- state := r.FormValue("state")
|
|
|
+ state, err := mv(r, "state", true)
|
|
|
if state != uuid.Value {
|
|
|
sendTextResponse(w, "Invalid oauth state.")
|
|
|
return
|
|
|
}
|
|
|
+ if err != nil {
|
|
|
+ sendTextResponse(w, "Invalid state parameter.")
|
|
|
+ return
|
|
|
+ }
|
|
|
+
|
|
|
+ code, err := mv(r, "code", true)
|
|
|
+ if err != nil {
|
|
|
+ sendTextResponse(w, "Invalid state parameter.")
|
|
|
+ return
|
|
|
+ }
|
|
|
|
|
|
- code := r.FormValue("code")
|
|
|
token, err := oh.googleOauthConfig.Exchange(oauth2.NoContext, code)
|
|
|
if err != nil {
|
|
|
sendTextResponse(w, "Code exchange failed.")
|
|
|
@@ -145,7 +154,12 @@ func (oh *OauthHandler) addCookie(w http.ResponseWriter, name, value string, ttl
|
|
|
}
|
|
|
|
|
|
func (oh *OauthHandler) ReadConfig(w http.ResponseWriter, r *http.Request) {
|
|
|
- enabled, _ := strconv.ParseBool(oh.readSingleConfig("enabled"))
|
|
|
+ enabled, err := strconv.ParseBool(oh.readSingleConfig("enabled"))
|
|
|
+ if err != nil {
|
|
|
+ sendTextResponse(w, "Invalid config value [key=enabled].")
|
|
|
+ return
|
|
|
+ }
|
|
|
+
|
|
|
idp := oh.readSingleConfig("idp")
|
|
|
redirecturl := oh.readSingleConfig("redirecturl")
|
|
|
clientid := oh.readSingleConfig("clientid")
|
AY