promote basic auth to cookie

This commit is contained in:
Jehiah Czebotar 2012-12-26 10:35:02 -05:00
parent 42f539109e
commit c459806ab0
2 changed files with 32 additions and 18 deletions

View File

@ -83,3 +83,9 @@ server {
} }
} }
``` ```
## Documentation
* /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)
* /oauth2/start - a URL that will redirect to start the oauth cycle
* /oauth2/callback - the URL used at the end of the oauth cycle

View File

@ -148,13 +148,13 @@ func (p *OauthProxy) getUserInfo(token string) (string, error) {
return email, nil return email, nil
} }
func ClearCookie(rw http.ResponseWriter, req *http.Request, key string) { func (p *OauthProxy) ClearCookie(rw http.ResponseWriter, req *http.Request) {
domain := strings.Split(req.Host, ":")[0] domain := strings.Split(req.Host, ":")[0]
if *cookieDomain != "" { if *cookieDomain != "" {
domain = *cookieDomain domain = *cookieDomain
} }
cookie := &http.Cookie{ cookie := &http.Cookie{
Name: key, Name: p.CookieKey,
Value: "", Value: "",
Path: "/", Path: "/",
Domain: domain, Domain: domain,
@ -164,6 +164,25 @@ func ClearCookie(rw http.ResponseWriter, req *http.Request, key string) {
http.SetCookie(rw, cookie) http.SetCookie(rw, cookie)
} }
func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val string) {
domain := strings.Split(req.Host, ":")[0] // strip the port (if any)
if *cookieDomain != "" {
domain = *cookieDomain
}
cookie := &http.Cookie{
Name: p.CookieKey,
Value: signedCookieValue(p.CookieSeed, p.CookieKey, val),
Path: "/",
Domain: domain,
Expires: time.Now().Add(time.Duration(168) * time.Hour), // 7 days
HttpOnly: true,
// Secure: req. ... ? set if X-Scheme: https ?
}
http.SetCookie(rw, cookie)
}
func (p *OauthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, message string) { func (p *OauthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, message string) {
log.Printf("ErrorPage %d %s %s", code, title, message) log.Printf("ErrorPage %d %s %s", code, title, message)
rw.WriteHeader(code) rw.WriteHeader(code)
@ -180,6 +199,7 @@ func (p *OauthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, m
func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code int) { func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code int) {
// TODO: capture state for which url to redirect to at the end // TODO: capture state for which url to redirect to at the end
p.ClearCookie(rw, req)
rw.WriteHeader(code) rw.WriteHeader(code)
templates := getTemplates() templates := getTemplates()
t := struct{ SignInMessage string }{SignInMessage: p.SignInMessage} t := struct{ SignInMessage string }{SignInMessage: p.SignInMessage}
@ -189,7 +209,6 @@ func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
// check if this is a redirect back at the end of oauth // check if this is a redirect back at the end of oauth
if req.URL.Path == signInPath { if req.URL.Path == signInPath {
ClearCookie(rw, req, p.CookieKey)
p.SignInPage(rw, req, 200) p.SignInPage(rw, req, 200)
return return
} }
@ -232,21 +251,7 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
// set cookie, or deny // set cookie, or deny
if p.Validator(email) { if p.Validator(email) {
log.Printf("authenticating %s completed", email) log.Printf("authenticating %s completed", email)
domain := strings.Split(req.Host, ":")[0] p.SetCookie(rw, req, email)
if *cookieDomain != "" {
domain = *cookieDomain
}
cookie := &http.Cookie{
Name: p.CookieKey,
Value: signedCookieValue(p.CookieSeed, p.CookieKey, email),
Path: "/",
Domain: domain,
Expires: time.Now().Add(time.Duration(168) * time.Hour), // 7 days
HttpOnly: true,
// Secure: req. ... ? set if X-Scheme: https ?
}
http.SetCookie(rw, cookie)
http.Redirect(rw, req, "/", 302) http.Redirect(rw, req, "/", 302)
return return
} else { } else {
@ -266,6 +271,9 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
if !ok { if !ok {
user, ok = p.CheckBasicAuth(req) user, ok = p.CheckBasicAuth(req)
if ok {
p.SetCookie(rw, req, user)
}
} }
if !ok { if !ok {