Compare commits
4 Commits
bc03597dd4
...
5e20cec59d
| Author | SHA1 | Date | |
|---|---|---|---|
| 5e20cec59d | |||
| a3e1797240 | |||
| 6c89d3e9be | |||
| 02ce694a35 |
2
auth.go
2
auth.go
@ -82,7 +82,7 @@ func completeAuth(w http.ResponseWriter, username string, email string, firstnam
|
||||
Expires: time.Now().Add(30 * 24 * time.Hour),
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
//Secure: true,
|
||||
Secure: true,
|
||||
})
|
||||
|
||||
return
|
||||
|
||||
@ -51,7 +51,7 @@ func checkAuthKrb5(w http.ResponseWriter, _ httprouter.Params, body []byte) (int
|
||||
}
|
||||
}
|
||||
|
||||
if !found {
|
||||
if !userExists(lf.Login) && !found {
|
||||
return nil, fmt.Errorf("You are not allowed to log you in this way. Please use OpenID Connect.")
|
||||
}
|
||||
|
||||
|
||||
16
auth_oidc.go
16
auth_oidc.go
@ -20,6 +20,7 @@ var (
|
||||
oidcRedirectURL = "https://srs.nemunai.re"
|
||||
oauth2Config oauth2.Config
|
||||
oidcVerifier *oidc.IDTokenVerifier
|
||||
nextSessionMap = map[string]string{}
|
||||
)
|
||||
|
||||
func init() {
|
||||
@ -60,6 +61,12 @@ func initializeOIDC() {
|
||||
|
||||
func redirectOIDC_CRI(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
session, err := NewSession()
|
||||
|
||||
// Save next parameter
|
||||
if len(r.URL.Query().Get("next")) > 0 {
|
||||
nextSessionMap[fmt.Sprintf("%x", session.Id)] = r.URL.Query().Get("next")
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
http.Error(w, fmt.Sprintf("{'errmsg':%q}", err.Error()), http.StatusInternalServerError)
|
||||
} else {
|
||||
@ -121,5 +128,12 @@ func OIDC_CRI_complete(w http.ResponseWriter, r *http.Request, ps httprouter.Par
|
||||
return
|
||||
}
|
||||
|
||||
http.Redirect(w, r, "/", http.StatusFound)
|
||||
// Retrieve next URL associated with session
|
||||
if next, ok := nextSessionMap[fmt.Sprintf("%x", session.Id)]; ok {
|
||||
http.Redirect(w, r, next, http.StatusFound)
|
||||
delete(nextSessionMap, fmt.Sprintf("%x", session.Id))
|
||||
} else {
|
||||
http.Redirect(w, r, "/", http.StatusFound)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
19
ui/src/components/AuthButton.svelte
Normal file
19
ui/src/components/AuthButton.svelte
Normal file
@ -0,0 +1,19 @@
|
||||
<script>
|
||||
import { page } from '$app/stores';
|
||||
|
||||
let className = '';
|
||||
export { className as class };
|
||||
|
||||
let auth_route = 'auth/CRI'
|
||||
$: {
|
||||
if ($page.url.searchParams.get('next')) {
|
||||
auth_route = 'auth/CRI?next=' + encodeURIComponent($page.url.searchParams.get('next'));
|
||||
} else {
|
||||
auth_route = 'auth/CRI?';
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
||||
<a href={auth_route} target="_self" class="{className}">
|
||||
<slot></slot>
|
||||
</a>
|
||||
@ -42,6 +42,7 @@
|
||||
</script>
|
||||
|
||||
<script>
|
||||
import AuthButton from '../components/AuthButton.svelte';
|
||||
import Toaster from '../components/Toaster.svelte';
|
||||
|
||||
export let rroute = '';
|
||||
@ -129,9 +130,9 @@
|
||||
</li>
|
||||
{:else}
|
||||
<li class="nav-item">
|
||||
<a href="auth/CRI" target="_self" class="btn btn-dark">
|
||||
Se connecter
|
||||
</a>
|
||||
<AuthButton class="btn btn-dark">
|
||||
Se connecter
|
||||
</AuthButton>
|
||||
</li>
|
||||
{/if}
|
||||
</ul>
|
||||
|
||||
@ -14,6 +14,8 @@
|
||||
import { goto } from '$app/navigation';
|
||||
import { page } from '$app/stores'
|
||||
|
||||
import AuthButton from '../components/AuthButton.svelte';
|
||||
|
||||
let auth = { username: "", password: "" };
|
||||
let pleaseWait = false;
|
||||
|
||||
@ -70,9 +72,9 @@
|
||||
<div class="col">
|
||||
<h2>OpenId Connect</h2>
|
||||
<div class="text-center">
|
||||
<a href="auth/CRI" class="btn btn-primary" target="_self">
|
||||
<AuthButton class="btn btn-primary">
|
||||
Me connecter avec mon compte CRI
|
||||
</a>
|
||||
</AuthButton>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user