fix: token + redirect

2022-03-16 21:44:57 +05:30
parent 83001b859c
commit 99b846811a
12 changed files with 65 additions and 32 deletions
--- a/server/db/models/user.go
+++ b/server/db/models/user.go
@@ -32,6 +32,9 @@ type User struct {
 func (user *User) AsAPIUser() *model.User {
 	isEmailVerified := user.EmailVerifiedAt != nil
 	isPhoneVerified := user.PhoneNumberVerifiedAt != nil
+	email := user.Email
+	createdAt := user.CreatedAt
+	updatedAt := user.UpdatedAt
 	return &model.User{
 		ID:                  user.ID,
 		Email:               user.Email,
@@ -41,14 +44,14 @@ func (user *User) AsAPIUser() *model.User {
 		FamilyName:          user.FamilyName,
 		MiddleName:          user.MiddleName,
 		Nickname:            user.Nickname,
-		PreferredUsername:   &user.Email,
+		PreferredUsername:   &email,
 		Gender:              user.Gender,
 		Birthdate:           user.Birthdate,
 		PhoneNumber:         user.PhoneNumber,
 		PhoneNumberVerified: &isPhoneVerified,
 		Picture:             user.Picture,
 		Roles:               strings.Split(user.Roles, ","),
-		CreatedAt:           &user.CreatedAt,
-		UpdatedAt:           &user.UpdatedAt,
+		CreatedAt:           &createdAt,
+		UpdatedAt:           &updatedAt,
 	}
 }
--- a/server/db/models/verification_requests.go
+++ b/server/db/models/verification_requests.go
@@ -17,15 +17,23 @@ type VerificationRequest struct {
 }

 func (v *VerificationRequest) AsAPIVerificationRequest() *model.VerificationRequest {
+	token := v.Token
+	createdAt := v.CreatedAt
+	updatedAt := v.UpdatedAt
+	email := v.Email
+	nonce := v.Nonce
+	redirectURI := v.RedirectURI
+	expires := v.ExpiresAt
+	identifier := v.Identifier
 	return &model.VerificationRequest{
 		ID:          v.ID,
-		Token:       &v.Token,
-		Identifier:  &v.Identifier,
-		Expires:     &v.ExpiresAt,
-		CreatedAt:   &v.CreatedAt,
-		UpdatedAt:   &v.UpdatedAt,
-		Email:       &v.Email,
-		Nonce:       &v.Nonce,
-		RedirectURI: &v.RedirectURI,
+		Token:       &token,
+		Identifier:  &identifier,
+		Expires:     &expires,
+		CreatedAt:   &createdAt,
+		UpdatedAt:   &updatedAt,
+		Email:       &email,
+		Nonce:       &nonce,
+		RedirectURI: &redirectURI,
 	}
 }
--- a/server/graph/generated/generated.go
+++ b/server/graph/generated/generated.go
@@ -1358,6 +1358,7 @@ input SignUpInput {
 	confirm_password: String!
 	roles: [String!]
 	scope: [String!]
+	redirect_uri: String
 }

 input LoginInput {
@@ -7415,6 +7416,14 @@ func (ec *executionContext) unmarshalInputSignUpInput(ctx context.Context, obj i
 			if err != nil {
 				return it, err
 			}
+		case "redirect_uri":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("redirect_uri"))
+			it.RedirectURI, err = ec.unmarshalOString2ᚖstring(ctx, v)
+			if err != nil {
+				return it, err
+			}
 		}
 	}

--- a/server/graph/model/models_gen.go
+++ b/server/graph/model/models_gen.go
@@ -159,6 +159,7 @@ type SignUpInput struct {
 	ConfirmPassword string   `json:"confirm_password"`
 	Roles           []string `json:"roles"`
 	Scope           []string `json:"scope"`
+	RedirectURI     *string  `json:"redirect_uri"`
 }

 type UpdateEnvInput struct {
--- a/server/graph/schema.graphqls
+++ b/server/graph/schema.graphqls
@@ -182,6 +182,7 @@ input SignUpInput {
 	confirm_password: String!
 	roles: [String!]
 	scope: [String!]
+	redirect_uri: String
 }

 input LoginInput {
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -1,6 +1,7 @@
 package handlers

 import (
+	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
@@ -50,6 +51,8 @@ func AuthorizeHandler() gin.HandlerFunc {
 			gc.JSON(400, gin.H{"error": "invalid response mode"})
 		}

+		fmt.Println("=> redirect URI:", redirectURI)
+		fmt.Println("=> state:", state)
 		if redirectURI == "" {
 			redirectURI = "/app"
 		}
--- a/server/handlers/oauth_login.go
+++ b/server/handlers/oauth_login.go
@@ -16,7 +16,11 @@ import (
 func OAuthLoginHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		hostname := utils.GetHost(c)
+		// deprecating redirectURL instead use redirect_uri
 		redirectURI := strings.TrimSpace(c.Query("redirectURL"))
+		if redirectURI == "" {
+			redirectURI = strings.TrimSpace(c.Query("redirect_uri"))
+		}
 		roles := strings.TrimSpace(c.Query("roles"))
 		state := strings.TrimSpace(c.Query("state"))
 		scopeString := strings.TrimSpace(c.Query("scope"))
--- a/server/handlers/token.go
+++ b/server/handlers/token.go
@@ -110,8 +110,6 @@ func TokenHandler() gin.HandlerFunc {
 				return
 			}

-			// rollover the session for security
-			sessionstore.RemoveState(sessionDataSplit[1])
 			// validate session
 			claims, err := token.ValidateBrowserSession(gc, sessionDataSplit[1])
 			if err != nil {
@@ -121,6 +119,8 @@ func TokenHandler() gin.HandlerFunc {
 				})
 				return
 			}
+			// rollover the session for security
+			sessionstore.RemoveState(sessionDataSplit[1])
 			userID = claims.Subject
 			roles = claims.Roles
 			scope = claims.Scope
--- a/server/resolvers/update_user.go
+++ b/server/resolvers/update_user.go
@@ -154,6 +154,8 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 		return res, err
 	}

+	createdAt := user.CreatedAt
+	updatedAt := user.UpdatedAt
 	res = &model.User{
 		ID:         params.ID,
 		Email:      user.Email,
@@ -161,8 +163,8 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 		GivenName:  user.GivenName,
 		FamilyName: user.FamilyName,
 		Roles:      strings.Split(user.Roles, ","),
-		CreatedAt:  &user.CreatedAt,
-		UpdatedAt:  &user.UpdatedAt,
+		CreatedAt:  &createdAt,
+		UpdatedAt:  &updatedAt,
 	}
 	return res, nil
 }