From 05e9af089c3041fa162e4dca3b1c5906496e8e90 Mon Sep 17 00:00:00 2001
From: Tobi Smethurst <31960611+tsmethurst@users.noreply.github.com>
Date: Fri, 23 Jul 2021 10:36:28 +0200
Subject: Oidc (#109)

* add oidc config

* inching forward with oidc idp

* lil webfingy fix

* bit more progress

* further oidc

* oidc now working

* document dex config

* replace broken images

* add additional credits

* tiny doc update

* update

* add oidc config

* inching forward with oidc idp

* bit more progress

* further oidc

* oidc now working

* document dex config

* replace broken images

* add additional credits

* tiny doc update

* update

* document

* docs + comments
---
 internal/api/client/auth/signin.go | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'internal/api/client/auth/signin.go')

diff --git a/internal/api/client/auth/signin.go b/internal/api/client/auth/signin.go
index 7974a8cfa..543505cbd 100644
--- a/internal/api/client/auth/signin.go
+++ b/internal/api/client/auth/signin.go
@@ -39,7 +39,24 @@ type login struct {
 // The idea is to present a sign in page to the user, where they can enter their username and password.
 // The form will then POST to the sign in page, which will be handled by SignInPOSTHandler
 func (m *Module) SignInGETHandler(c *gin.Context) {
-	m.log.WithField("func", "SignInGETHandler").Trace("serving sign in html")
+	l := m.log.WithField("func", "SignInGETHandler")
+	l.Trace("entering sign in handler")
+	if m.idp != nil {
+		s := sessions.Default(c)
+
+		stateI := s.Get(sessionState)
+		state, ok := stateI.(string)
+		if !ok {
+			m.clearSession(s)
+			c.JSON(http.StatusForbidden, gin.H{"error": "state not found in session"})
+			return
+		}
+
+		redirect := m.idp.AuthCodeURL(state)
+		l.Debugf("redirecting to external idp at %s", redirect)
+		c.Redirect(http.StatusSeeOther, redirect)
+		return
+	}
 	c.HTML(http.StatusOK, "sign-in.tmpl", gin.H{})
 }
 
@@ -52,6 +69,7 @@ func (m *Module) SignInPOSTHandler(c *gin.Context) {
 	form := &login{}
 	if err := c.ShouldBind(form); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		m.clearSession(s)
 		return
 	}
 	l.Tracef("parsed form: %+v", form)
@@ -59,12 +77,14 @@ func (m *Module) SignInPOSTHandler(c *gin.Context) {
 	userid, err := m.ValidatePassword(form.Email, form.Password)
 	if err != nil {
 		c.String(http.StatusForbidden, err.Error())
+		m.clearSession(s)
 		return
 	}
 
 	s.Set(sessionUserID, userid)
 	if err := s.Save(); err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		m.clearSession(s)
 		return
 	}
 
-- 
cgit v1.2.3