teach/atsebay.t
Archived
1
0
Fork 0
Code Issues Pull requests Releases Activity

Compare commits

base: teach:1f00d504903ad1fd6e71a58f72ee709a19bc4376
Branches Tags
teach:master
teach:f/nb_participants_in_results
teach:f/picture-from-oidc
teach:svelte
..
compare: teach:87b69753831695d42f4780a5a7cd28a55c45866b
Branches Tags
teach:master
teach:f/nb_participants_in_results
teach:f/picture-from-oidc
teach:svelte

No commits in common. "1f00d504903ad1fd6e71a58f72ee709a19bc4376" and "87b69753831695d42f4780a5a7cd28a55c45866b" have entirely different histories.
1f00d50490 ... 87b6975383

4 changed files with 20 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

34
auth.go
View file

@ -77,51 +77,31 @@ func logout(c *gin.Context) {
c.JSON(http.StatusOK, true)
}
func completeAuth(c *gin.Context, username string, email string, firstname string, lastname string, promo uint, groups string, face_url string, session *Session) (usr *User, err error) {
func completeAuth(c *gin.Context, username string, email string, firstname string, lastname string, groups string, session *Session) (usr *User, err error) {
if !userExists(username) {
if promo == 0 {
promo = currentPromo
}
if usr, err = NewUser(username, email, firstname, lastname, promo, groups); err != nil {
if usr, err = NewUser(username, email, firstname, lastname, groups); err != nil {
return
}
} else if usr, err = getUserByLogin(username); err != nil {
return
}
upd_user := false
// Update user's promo if it has changed
if promo != 0 && promo != usr.Promo {
usr.Promo = promo
upd_user = true
}
// Update user's group if they have been modified
if len(groups) > 0 {
if len(groups) > 255 {
groups = groups[:255]
}
if usr.Groups != groups {
usr.Groups = groups
upd_user = true
usr.Update()
}
}
if upd_user {
usr.Update()
}
if session == nil {
session, err = usr.NewSession()
if err != nil {
return
}
} else {
_, err = session.SetUser(usr)
}
if face_url != "" {
session.SetKey("picture", face_url)
}
_, err = session.SetUser(usr)
if err != nil {
return
}
@ -157,7 +137,7 @@ func dummyAuth(c *gin.Context) {
return
}
if usr, err := completeAuth(c, lf["username"], lf["email"], lf["firstname"], lf["lastname"], currentPromo, "", "", nil); err != nil {
if usr, err := completeAuth(c, lf["username"], lf["email"], lf["firstname"], lf["lastname"], "", nil); err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()})
return
} else {

2
auth_krb5.go
View file

@ -83,7 +83,7 @@ func checkAuthKrb5(c *gin.Context) {
return
}
if usr, err := completeAuth(c, lf.Login, lf.Login+"@epita.fr", "", "", currentPromo, "", "", nil); err != nil {
if usr, err := completeAuth(c, lf.Login, lf.Login+"@epita.fr", "", "", "", nil); err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()})
return
} else {

32
auth_oidc.go
View file

@ -48,7 +48,7 @@ func initializeOIDC(router *gin.Engine) {
Endpoint: provider.Endpoint(),
// "openid" is a required scope for OpenID Connect flows.
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "epita", "picture"},
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "epita"},
}
oidcConfig := oidc.Config{
@ -105,20 +105,15 @@ func OIDC_CRI_complete(c *gin.Context) {
}
var claims struct {
Firstname string `json:"given_name"`
Lastname string `json:"family_name"`
Username string `json:"preferred_username"`
Email string `json:"email"`
Groups []map[string]interface{} `json:"groups"`
Campuses []string `json:"campuses"`
GraduationYears []uint `json:"graduation_years"`
Picture string `json:"picture"`
PictureSquare string `json:"picture_square"`
PictureThumb string `json:"picture_thumb"`
Firstname string `json:"given_name"`
Lastname string `json:"family_name"`
Nickname string `json:"nickname"`
Username string `json:"preferred_username"`
Email string `json:"email"`
Groups []map[string]interface{} `json:"groups"`
}
if err := idToken.Claims(&claims); err != nil {
log.Println("Unable to extract claims to Claims:", err.Error())
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": "Something goes wrong when analyzing your claims. Contact administrator to fix the issue."})
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
return
}
@ -129,16 +124,7 @@ func OIDC_CRI_complete(c *gin.Context) {
}
}
var promo uint
if len(claims.GraduationYears) > 0 {
for _, gy := range claims.GraduationYears {
if gy > promo {
promo = gy
}
}
}
if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, promo, groups, claims.PictureSquare, session); err != nil {
if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, groups, session); err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
return
}

6
users.go
View file

@ -207,14 +207,14 @@ func userExists(login string) bool {
return err == nil && z == 1
}
func NewUser(login string, email string, firstname string, lastname string, promo uint, groups string) (*User, error) {
func NewUser(login string, email string, firstname string, lastname string, groups string) (*User, error) {
t := time.Now()
if res, err := DBExec("INSERT INTO users (login, email, firstname, lastname, time, promo, groups) VALUES (?, ?, ?, ?, ?, ?, ?)", login, email, firstname, lastname, t, promo, groups); err != nil {
if res, err := DBExec("INSERT INTO users (login, email, firstname, lastname, time, promo, groups) VALUES (?, ?, ?, ?, ?, ?, ?)", login, email, firstname, lastname, t, currentPromo, groups); err != nil {
return nil, err
} else if sid, err := res.LastInsertId(); err != nil {
return nil, err
} else {
return &User{sid, login, email, firstname, lastname, t, promo, groups, false}, nil
return &User{sid, login, email, firstname, lastname, t, currentPromo, groups, false}, nil
}
}