fix: add code to login query params

fix: add code to query params
fix: add code to other response methods
2022-10-19 12:01:34 +05:30 · 2022-10-19 11:29:49 +05:30 · 2022-10-19 09:03:00 +05:30
1 changed files with 20 additions and 16 deletions
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -77,8 +77,11 @@ func AuthorizeHandler() gin.HandlerFunc {
 			"redirect_uri":   redirectURI,
 		})

+		code := uuid.New().String()
+		memorystore.Provider.SetState(codeChallenge, code)
+
 		// used for response mode query or fragment
-		loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI
+		loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI + "&code=" + code
 		loginURL := "/app?" + loginState

 		if responseMode == constants.ResponseModeFragment {
@@ -147,9 +150,6 @@ func AuthorizeHandler() gin.HandlerFunc {
 			sessionKey = claims.LoginMethod + ":" + user.ID
 		}

-		// rollover the session for security
-		go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
-		if responseType == constants.ResponseTypeCode {
 		nonce := uuid.New().String()
 		newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
 		if err != nil {
@@ -158,6 +158,15 @@ func AuthorizeHandler() gin.HandlerFunc {
 			return
 		}

+		if err := memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken); err != nil {
+			log.Debug("SetState failed: ", err)
+			handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
+			return
+		}
+
+		// rollover the session for security
+		go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
+		if responseType == constants.ResponseTypeCode {
 			if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken); err != nil {
 				log.Debug("SetUserSession failed: ", err)
 				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
@@ -165,12 +174,6 @@ func AuthorizeHandler() gin.HandlerFunc {
 			}

 			cookie.SetSession(gc, newSessionToken)
-			code := uuid.New().String()
-			if err := memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken); err != nil {
-				log.Debug("SetState failed: ", err)
-				handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
-				return
-			}

 			// in case, response type is code and user is already logged in send the code and state
 			// and cookie session will already be rolled over and set
@@ -240,7 +243,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 			}

 			// used of query mode
-			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
+			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&code=" + code

 			res := map[string]interface{}{
 				"access_token": authToken.AccessToken.Token,
@@ -249,6 +252,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 				"scope":        scope,
 				"token_type":   "Bearer",
 				"expires_in":   expiresIn,
+				"code":         code,
 			}

 			if authToken.RefreshToken != nil {
Author	SHA1	Message	Date
Lakhan Samani	cc23784df8	fix: add code to login query params	2022-10-19 12:01:34 +05:30
Lakhan Samani	7ff3b3018a	fix: add code to query params	2022-10-19 11:29:49 +05:30
Lakhan Samani	2b52932e98	fix: add code to other response methods	2022-10-19 09:03:00 +05:30