colin
/
pocketbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[#5074] redirect with 303 in case of a POST OAuth2 callback

This commit is contained in:
Gani Georgiev 2024-06-18 12:10:12 +03:00
parent d417b86fc0
commit af9cf33553
2 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
apis/record_auth.go
View File

@ -672,28 +672,33 @@ type oauth2RedirectData struct {
} }
func (api *recordAuthApi) oauth2SubscriptionRedirect(c echo.Context) error { func (api *recordAuthApi) oauth2SubscriptionRedirect(c echo.Context) error {
redirectStatusCode := http.StatusTemporaryRedirect
if c.Request().Method != http.MethodGet {
redirectStatusCode = http.StatusSeeOther
}
data := oauth2RedirectData{} data := oauth2RedirectData{}
if err := c.Bind(&data); err != nil { if err := c.Bind(&data); err != nil {
api.app.Logger().Debug("Failed to read OAuth2 redirect data", "error", err) api.app.Logger().Debug("Failed to read OAuth2 redirect data", "error", err)
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath) return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath)
} }
if data.State == "" { if data.State == "" {
api.app.Logger().Debug("Missing OAuth2 state parameter") api.app.Logger().Debug("Missing OAuth2 state parameter")
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath) return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath)
} }
client, err := api.app.SubscriptionsBroker().ClientById(data.State) client, err := api.app.SubscriptionsBroker().ClientById(data.State)
if err != nil || client.IsDiscarded() || !client.HasSubscription(oauth2SubscriptionTopic) { if err != nil || client.IsDiscarded() || !client.HasSubscription(oauth2SubscriptionTopic) {
api.app.Logger().Debug("Missing or invalid OAuth2 subscription client", "error", err, "clientId", data.State) api.app.Logger().Debug("Missing or invalid OAuth2 subscription client", "error", err, "clientId", data.State)
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath) return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath)
} }
defer client.Unsubscribe(oauth2SubscriptionTopic) defer client.Unsubscribe(oauth2SubscriptionTopic)
encodedData, err := json.Marshal(data) encodedData, err := json.Marshal(data)
if err != nil { if err != nil {
api.app.Logger().Debug("Failed to marshalize OAuth2 redirect data", "error", err) api.app.Logger().Debug("Failed to marshalize OAuth2 redirect data", "error", err)
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath) return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath)
} }
msg := subscriptions.Message{ msg := subscriptions.Message{
@ -705,8 +710,8 @@ func (api *recordAuthApi) oauth2SubscriptionRedirect(c echo.Context) error {
if data.Error != "" || data.Code == "" { if data.Error != "" || data.Code == "" {
api.app.Logger().Debug("Failed OAuth2 redirect due to an error or missing code parameter", "error", data.Error, "clientId", data.State) api.app.Logger().Debug("Failed OAuth2 redirect due to an error or missing code parameter", "error", data.Error, "clientId", data.State)
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath) return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath)
} }
return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectSuccessPath) return c.Redirect(redirectStatusCode, oauth2RedirectSuccessPath)
} }

2
apis/record_auth_test.go
View File

@ -1714,7 +1714,7 @@ func TestRecordAuthOAuth2Redirect(t *testing.T) {
BeforeTestFunc: beforeTestFunc(clientStubs[7], map[string][]string{ BeforeTestFunc: beforeTestFunc(clientStubs[7], map[string][]string{
"c3": {`"state":"` + clientStubs[7]["c3"].Id(), `"code":"123"`}, "c3": {`"state":"` + clientStubs[7]["c3"].Id(), `"code":"123"`},
}), }),
ExpectedStatus: http.StatusTemporaryRedirect, ExpectedStatus: http.StatusSeeOther,
AfterTestFunc: func(t *testing.T, app *tests.TestApp, res *http.Response) { AfterTestFunc: func(t *testing.T, app *tests.TestApp, res *http.Response) {
app.Store().Get("cancelFunc").(context.CancelFunc)() app.Store().Get("cancelFunc").(context.CancelFunc)()