NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit3bfb213

committed

Allow fetching app with query param and form value

1 parent06f9b8c commit3bfb213Copy full SHA for 3bfb213

File tree

1 file changed

+43

-3

lines changed

coderd/httpmw
- oauth2.go

1 file changed

+43

-3

lines changed

`‎coderd/httpmw/oauth2.go`

Lines changed: 43 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,8 @@ import (`
`6`	`6`	`"net/http"`
`7`	`7`	`"reflect"`
`8`	`8`
	`9`	`+"github.com/go-chi/chi/v5"`
	`10`	`+"github.com/google/uuid"`
`9`	`11`	`"golang.org/x/oauth2"`
`10`	`12`
`11`	`13`	`"github.com/coder/coder/v2/coderd/database"`
`@@ -194,9 +196,47 @@ func ExtractOAuth2ProviderApp(db database.Store) func(http.Handler) http.Handler`
`194`	`196`	`returnfunc(next http.Handler) http.Handler {`
`195`	`197`	`returnhttp.HandlerFunc(func(rw http.ResponseWriter,r*http.Request) {`
`196`	`198`	`ctx:=r.Context()`
`197`		`-appID,ok:=ParseUUIDParam(rw,r,"app")`
`198`		`-if!ok {`
`199`		`-return`
	`199`	`+`
	`200`	`+// App can come from a URL param, query param, or form value.`
	`201`	`+paramID:="app"`
	`202`	`+varappID uuid.UUID`
	`203`	`+ifchi.URLParam(r,paramID)!="" {`
	`204`	`+varokbool`
	`205`	`+appID,ok=ParseUUIDParam(rw,r,"app")`
	`206`	`+if!ok {`
	`207`	`+return`
	`208`	`+}`
	`209`	`+}else {`
	`210`	`+// If not provided by the url, then it is provided according to the`
	`211`	`+// oauth 2 spec. This can occur with query params, or in the body as form`
	`212`	`+// parameters.`
	`213`	`+// This also depends on if you are doing a POST (tokens) or GET (authorize).`
	`214`	`+`
	`215`	`+// This can also be sent as a query param for oauth exchanging.`
	`216`	`+// According to the oauth2 spec.`
	`217`	`+paramAppID:=r.URL.Query().Get("client_id")`
	`218`	`+ifparamAppID=="" {`
	`219`	`+// Check the form params!`
	`220`	`+ifr.ParseForm()==nil {`
	`221`	`+paramAppID=r.Form.Get("client_id")`
	`222`	`+}`
	`223`	`+}`
	`224`	`+ifparamAppID=="" {`
	`225`	`+httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
	`226`	`+Message:"Missing OAuth2 client ID.",`
	`227`	`+})`
	`228`	`+return`
	`229`	`+}`
	`230`	`+`
	`231`	`+varerrerror`
	`232`	`+appID,err=uuid.Parse(paramAppID)`
	`233`	`+iferr!=nil {`
	`234`	`+httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
	`235`	`+Message:"Invalid OAuth2 client ID.",`
	`236`	`+Detail:err.Error(),`
	`237`	`+})`
	`238`	`+return`
	`239`	`+}`
`200`	`240`	`}`
`201`	`241`
`202`	`242`	`app,err:=db.GetOAuth2ProviderAppByID(ctx,appID)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit3bfb213

File tree

1 file changed

1 file changed

`‎coderd/httpmw/oauth2.go`

0 commit comments