mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-11 14:54:34 -05:00
3ee5432664
Include https://github.com/mattermost/mattermost-plugin-api into the mono repo Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com> Co-authored-by: Michael Kochell <mjkochell@gmail.com> Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com> Co-authored-by: Alex Dovenmuehle <alex.dovenmuehle@mattermost.com> Co-authored-by: Michael Kochell <6913320+mickmister@users.noreply.github.com> Co-authored-by: Christopher Poile <cpoile@gmail.com> Co-authored-by: İlker Göktuğ Öztürk <ilkergoktugozturk@gmail.com> Co-authored-by: Shota Gvinepadze <wineson@gmail.com> Co-authored-by: Ali Farooq <ali.farooq0@pm.me> Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> Co-authored-by: Daniel Espino García <larkox@gmail.com> Co-authored-by: Christopher Speller <crspeller@gmail.com> Co-authored-by: Alex Dovenmuehle <adovenmuehle@gmail.com> Co-authored-by: Szymon Gibała <szymongib@gmail.com> Co-authored-by: Lev <1187448+levb@users.noreply.github.com> Co-authored-by: Jason Frerich <jason.frerich@mattermost.com> Co-authored-by: Agniva De Sarker <agnivade@yahoo.co.in> Co-authored-by: Artur M. Wolff <artur.m.wolff@gmail.com> Co-authored-by: Madhav Hugar <16546715+madhavhugar@users.noreply.github.com> Co-authored-by: Joe <security.joe@pm.me> Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com> Co-authored-by: José Peso <trilopin@users.noreply.github.com>
105 lines
2.8 KiB
Go
105 lines
2.8 KiB
Go
// Copyright (c) 2019-present Mattermost, Inc. All Rights Reserved.
|
|
// See License for license information.
|
|
|
|
package oauther
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
func (o *oAuther) oauth2Complete(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodGet {
|
|
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
authedUserID := r.Header.Get("Mattermost-User-ID")
|
|
if authedUserID == "" {
|
|
o.logger.Debugf("oauth2Complete: reached by non authed user")
|
|
http.Error(w, "Not authorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
code := r.URL.Query().Get("code")
|
|
if code == "" {
|
|
o.logger.Debugf("oauth2Complete: reached with no code")
|
|
http.Error(w, "Bad request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
state := r.URL.Query().Get("state")
|
|
|
|
var storedState string
|
|
err := o.store.Get(o.getStateKey(authedUserID), &storedState)
|
|
if err != nil {
|
|
o.logger.Warnf("oauth2Complete: cannot get state, err=%s", err.Error())
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
if storedState != state {
|
|
o.logger.Debugf("oauth2Complete: state mismatch")
|
|
o.logger.Debugf("received state '%s'; expected state '%s%", state, storedState)
|
|
http.Error(w, "Not authorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
userID := strings.Split(state, "_")[1]
|
|
if userID != authedUserID {
|
|
o.logger.Debugf("oauth2Complete: authed user mismatch")
|
|
http.Error(w, "Not authorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
ctx := context.Background()
|
|
token, err := o.config.Exchange(ctx, code)
|
|
if err != nil {
|
|
o.logger.Warnf("oauth2Complete: could not generate token, err=%s", err.Error())
|
|
http.Error(w, "Not authorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
var payload []byte
|
|
err = o.store.Get(o.getPayloadKey(userID), &payload)
|
|
if err != nil {
|
|
o.logger.Errorf("oauth2Complete: could not fetch payload, err=&s", err.Error())
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
ok, err := o.store.Set(o.getTokenKey(userID), token)
|
|
if err != nil {
|
|
o.logger.Errorf("oauth2Complete: cannot store the token, err=%s", err.Error())
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
if !ok {
|
|
o.logger.Errorf("oauth2Complete: cannot store token without error")
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
html := fmt.Sprintf(`
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<script>
|
|
window.close();
|
|
</script>
|
|
</head>
|
|
<body>
|
|
<p>%s</p>
|
|
</body>
|
|
</html>
|
|
`, o.connectedString)
|
|
|
|
w.Header().Set("Content-Type", "text/html")
|
|
_, err = w.Write([]byte(html))
|
|
if err != nil {
|
|
o.logger.Errorf("oauth2Complete: error writing response, err=%s", err.Error())
|
|
}
|
|
|
|
if o.onConnect != nil {
|
|
o.onConnect(userID, *token, payload)
|
|
}
|
|
}
|