auth.go

@@ -82,7 +82,7 @@ func completeAuth(w http.ResponseWriter, username string, email string, firstnam
 		Expires:  time.Now().Add(30 * 24 * time.Hour),
 		HttpOnly: true,
 		SameSite: http.SameSiteStrictMode,
-		Secure:   true,
+		//Secure: true,
 	})
 
 	return

auth_krb5.go

@@ -51,7 +51,7 @@ func checkAuthKrb5(w http.ResponseWriter, _ httprouter.Params, body []byte) (int
 		}
 	}
 
-	if !userExists(lf.Login) && !found {
+	if !found {
 		return nil, fmt.Errorf("You are not allowed to log you in this way. Please use OpenID Connect.")
 	}
 

auth_oidc.go

@@ -20,7 +20,6 @@ var (
 	oidcRedirectURL = "https://srs.nemunai.re"
 	oauth2Config    oauth2.Config
 	oidcVerifier    *oidc.IDTokenVerifier
-	nextSessionMap  = map[string]string{}
 )
 
 func init() {
@@ -61,12 +60,6 @@ func initializeOIDC() {
 
 func redirectOIDC_CRI(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	session, err := NewSession()
-
-	// Save next parameter
-	if len(r.URL.Query().Get("next")) > 0 {
-		nextSessionMap[fmt.Sprintf("%x", session.Id)] = r.URL.Query().Get("next")
-	}
-
 	if err != nil {
 		http.Error(w, fmt.Sprintf("{'errmsg':%q}", err.Error()), http.StatusInternalServerError)
 	} else {
@@ -128,12 +121,5 @@ func OIDC_CRI_complete(w http.ResponseWriter, r *http.Request, ps httprouter.Par
 		return
 	}
 
-	// Retrieve next URL associated with session
+	http.Redirect(w, r, "/", http.StatusFound)
-	if next, ok := nextSessionMap[fmt.Sprintf("%x", session.Id)]; ok {
-		http.Redirect(w, r, next, http.StatusFound)
-		delete(nextSessionMap, fmt.Sprintf("%x", session.Id))
-	} else {
-		http.Redirect(w, r, "/", http.StatusFound)
-	}
-
 }

ui/src/components/AuthButton.svelte

@@ -1,19 +0,0 @@
-<script>
- import { page } from '$app/stores';
-
- let className = '';
- export { className as class };
-
- let auth_route = 'auth/CRI'
- $: {
-     if ($page.url.searchParams.get('next')) {
-         auth_route = 'auth/CRI?next=' + encodeURIComponent($page.url.searchParams.get('next'));
-     } else {
-         auth_route = 'auth/CRI?';
-     }
- }
-</script>
-
-<a href={auth_route} target="_self" class="{className}">
-    <slot></slot>
-</a>

ui/src/routes/__layout.svelte

@@ -42,7 +42,6 @@
 </script>
 
 <script>
- import AuthButton from '../components/AuthButton.svelte';
  import Toaster from '../components/Toaster.svelte';
 
  export let rroute = '';
@@ -130,9 +129,9 @@
                     </li>
                 {:else}
                     <li class="nav-item">
-                        <AuthButton class="btn btn-dark">
+                        <a href="auth/CRI" target="_self" class="btn btn-dark">
-                            Se connecter
+	                    Se connecter
-                        </AuthButton>
+	                </a>
                     </li>
                 {/if}
 	    </ul>

ui/src/routes/auth.svelte

@@ -14,8 +14,6 @@
  import { goto } from '$app/navigation';
  import { page } from '$app/stores'
 
- import AuthButton from '../components/AuthButton.svelte';
-
  let auth = { username: "", password: "" };
  let pleaseWait = false;
 
@@ -72,9 +70,9 @@
     <div class="col">
         <h2>OpenId Connect</h2>
         <div class="text-center">
-            <AuthButton class="btn btn-primary">
+            <a href="auth/CRI" class="btn btn-primary" target="_self">
 	        Me connecter avec mon compte CRI
-            </AuthButton>
+            </a>
         </div>
     </div>
 </div>