fix: make code_challenge optional

fix: form post template
fix: error detection
2022-10-18 23:14:24 +05:30 · 2022-10-18 23:03:55 +05:30 · 2022-10-18 22:34:57 +05:30 · 2022-10-18 22:00:54 +05:30
2 changed files with 23 additions and 27 deletions
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -64,7 +64,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 		if err := validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge); err != nil {
 			log.Debug("invalid authorization request: ", err)
-			gc.JSON(http.StatusBadRequest, gin.H{"error": err})
+			gc.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 			return
 		}
@@ -86,7 +86,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 		loginError := map[string]interface{}{
 			"type": "authorization_response",
-			"response": map[string]string{
+			"response": map[string]interface{}{
 				"error":             "login_required",
 				"error_description": "Login is required",
 			},
@@ -106,13 +106,14 @@ func AuthorizeHandler() gin.HandlerFunc {
 			handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
 			return
 		}
 		userID := claims.Subject
 		user, err := db.Provider.GetUserByID(gc, userID)
 		if err != nil {
 			log.Debug("GetUserByID failed: ", err)
 			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
 				"type": "authorization_response",
-				"response": map[string]string{
+				"response": map[string]interface{}{
 					"error":             "signup_required",
 					"error_description": "Sign up required",
 				},
@@ -163,25 +164,24 @@ func AuthorizeHandler() gin.HandlerFunc {
 			// 	},
 			// })
-			// params := "code=" + code + "&state=" + state
+			params := "code=" + code + "&state=" + state
-
+			if responseMode == constants.ResponseModeQuery {
-			// if responseMode == constants.ResponseModeQuery {
+				if strings.Contains(redirectURI, "?") {
-			// 	if strings.Contains(redirectURI, "?") {
+					redirectURI = redirectURI + "&" + params
-			// 		redirectURI = redirectURI + "&" + params
+				} else {
-			// 	} else {
+					redirectURI = redirectURI + "?" + params
-			// 		redirectURI = redirectURI + "?" + params
+				}
-			// 	}
+			} else if responseMode == constants.ResponseModeFragment {
-			// } else if responseMode == constants.ResponseModeFragment {
+				if strings.Contains(redirectURI, "#") {
-			// 	if strings.Contains(redirectURI, "#") {
+					redirectURI = redirectURI + "&" + params
-			// 		redirectURI = redirectURI + "&" + params
+				} else {
-			// 	} else {
+					redirectURI = redirectURI + "#" + params
-			// 		redirectURI = redirectURI + "#" + params
+				}
-			// 	}
+			}
 			// }
 			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
 				"type": "authorization_response",
-				"response": map[string]string{
+				"response": map[string]interface{}{
 					"code":  code,
 					"state": state,
 				},
@@ -270,10 +270,6 @@ func validateAuthorizeRequest(responseType, responseMode, clientID, state, codeC
 		return fmt.Errorf("invalid response mode %s. 'query', 'fragment', 'form_post' and 'web_message' are valid response_mode", responseMode)
 	}
 	if responseType == constants.ResponseTypeCode && strings.TrimSpace(codeChallenge) == "" {
 		return fmt.Errorf("code_challenge is required for %s '%s'", responseType, constants.ResponseTypeCode)
 	}
 	if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
 		return fmt.Errorf("invalid client_id %s", clientID)
 	}
@@ -287,7 +283,7 @@ func validateAuthorizeRequest(responseType, responseMode, clientID, state, codeC
 func handleResponse(gc *gin.Context, responseMode, loginURI, redirectURI string, data map[string]interface{}, httpStatusCode int) {
 	isAuthenticationRequired := false
-	if _, ok := data["error"]; ok {
+	if _, ok := data["response"].(map[string]interface{})["error"]; ok {
 		isAuthenticationRequired = true
 	}
@@ -308,7 +304,7 @@ func handleResponse(gc *gin.Context, responseMode, loginURI, redirectURI string,
 	case constants.ResponseModeFormPost:
 		gc.HTML(httpStatusCode, authorizeFormPostTemplate, gin.H{
 			"target_origin":          redirectURI,
-			"authorization_response": data,
+			"authorization_response": data["response"],
 		})
 		return
 	}
--- a/templates/authorize_form_post.tmpl
+++ b/templates/authorize_form_post.tmpl
@@ -4,9 +4,9 @@
 		<title>Authorization Response</title>
 	</head>
 	<body onload="document.forms['authorize_form_post'].submit()">
-        <form action={{.target_origin}} name="authorize_form_post">
+        <form action="{{.target_origin}}" name="authorize_form_post" method="POST">
            {{ range $key, $val := .authorization_response }}
-                <input type="hidden" key={{$key}} value={{$val}} name={{$key}} id={{$key}} />
+                <input type="hidden" key="{{$key}}" value="{{$val}}" name="{{$key}}" id="{{$key}}" />
            {{ end }}
        </form>
 	</body>
Author	SHA1	Message	Date
Lakhan Samani	252cd1fa2d	fix: make code_challenge optional	2022-10-18 23:14:24 +05:30
Lakhan Samani	7c2693b086	fix: form post template	2022-10-18 23:03:55 +05:30
Lakhan Samani	eaa10ec5bc	fix: error detection	2022-10-18 22:34:57 +05:30
Lakhan Samani	253128ca0c	fix: query params for code response	2022-10-18 22:00:54 +05:30