casdoor/controllers/auth.go

// Copyright 2021 The casbin Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package controllers

import (
	"encoding/json"
	"fmt"

	"github.com/astaxie/beego"
	"github.com/casdoor/casdoor/idp"
	"github.com/casdoor/casdoor/object"
	"github.com/casdoor/casdoor/util"
)

func codeToResponse(code *object.Code) *Response {
	if code.Code == "" {
		return &Response{Status: "error", Msg: code.Message, Data: code.Code}
	} else {
		return &Response{Status: "ok", Msg: "", Data: code.Code}
	}
}

func (c *ApiController) HandleLoggedIn(userId string, form *RequestForm) *Response {
	resp := &Response{}
	if form.Type == ResponseTypeLogin {
		c.SetSessionUser(userId)
		util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
		resp = &Response{Status: "ok", Msg: "", Data: userId}
	} else if form.Type == ResponseTypeCode {
		clientId := c.Input().Get("clientId")
		responseType := c.Input().Get("responseType")
		redirectUri := c.Input().Get("redirectUri")
		scope := c.Input().Get("scope")
		state := c.Input().Get("state")

		code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state)
		resp = codeToResponse(code)
	} else {
		resp = &Response{Status: "error", Msg: fmt.Sprintf("Unknown response type: %s", form.Type)}
	}
	return resp
}

func (c *ApiController) GetApplicationLogin() {
	var resp Response

	clientId := c.Input().Get("clientId")
	responseType := c.Input().Get("responseType")
	redirectUri := c.Input().Get("redirectUri")
	scope := c.Input().Get("scope")
	state := c.Input().Get("state")

	msg, application := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state)
	if msg != "" {
		resp = Response{Status: "error", Msg: msg, Data: application}
	} else {
		resp = Response{Status: "ok", Msg: "", Data: application}
	}
	c.Data["json"] = resp
	c.ServeJSON()
}

func (c *ApiController) Login() {
	resp := &Response{Status: "null", Msg: ""}
	var form RequestForm
	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
	if err != nil {
		panic(err)
	}

	if form.Username != "" {
		if form.Type == ResponseTypeLogin {
			if c.GetSessionUser() != "" {
				resp = &Response{Status: "error", Msg: "Please log out first before signing in", Data: c.GetSessionUser()}
				c.Data["json"] = resp
				c.ServeJSON()
				return
			}
		}

		userId := fmt.Sprintf("%s/%s", form.Organization, form.Username)
		password := form.Password
		msg := object.CheckUserLogin(userId, password)

		if msg != "" {
			resp = &Response{Status: "error", Msg: msg, Data: ""}
		} else {
			resp = c.HandleLoggedIn(userId, &form)
		}
	} else if form.Provider != "" {
		application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
		provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))

		idProvider := idp.GetIdProvider(provider.Type, provider.ClientId, provider.ClientSecret, form.RedirectUri)
		idProvider.SetHttpClient(httpClient)

		if form.State != beego.AppConfig.String("AuthState") && form.State != application.Name {
			resp = &Response{Status: "error", Msg: fmt.Sprintf("state expected: \"%s\", but got: \"%s\"", beego.AppConfig.String("AuthState"), form.State)}
			c.Data["json"] = resp
			c.ServeJSON()
			return
		}

		// https://github.com/golang/oauth2/issues/123#issuecomment-103715338
		token, err := idProvider.GetToken(form.Code)
		if err != nil {
			resp = &Response{Status: "error", Msg: err.Error()}
			c.Data["json"] = resp
			c.ServeJSON()
			return
		}

		if !token.Valid() {
			resp = &Response{Status: "error", Msg: "Invalid token"}
			c.Data["json"] = resp
			c.ServeJSON()
			return
		}

		userInfo, err := idProvider.GetUserInfo(token)
		if err != nil {
			resp = &Response{Status: "error", Msg: fmt.Sprintf("Failed to login in: %s", err.Error())}
			c.Data["json"] = resp
			c.ServeJSON()
			return
		}

		if form.Method == "signup" {
			userId := object.GetUserIdByField(application, provider.Type, userInfo.Username)
			if userId != "" {
				//if object.IsForbidden(userId) {
				//	c.forbiddenAccountResp(userId)
				//	return
				//}

				//if len(object.GetMemberAvatar(userId)) == 0 {
				//	avatar := UploadAvatarToOSS(res.Avatar, userId)
				//	object.LinkMemberAccount(userId, "avatar", avatar)
				//}

				resp = c.HandleLoggedIn(userId, &form)
			} else {
				//if userId := object.GetUserIdByField(application, "email", userInfo.Email); userId != "" {
				//	resp = c.HandleLoggedIn(userId, &form)
				//
				//	object.LinkUserAccount(userId, provider.Type, userInfo.Username)
				//}

				if !application.EnableSignUp {
					resp = &Response{Status: "error", Msg: fmt.Sprintf("The account for provider: %s and username: %s does not exist and is not allowed to register as new account, please contact your IT support", provider.Type, userInfo.Username)}
					c.Data["json"] = resp
					c.ServeJSON()
					return
				} else {
					resp = &Response{Status: "error", Msg: fmt.Sprintf("The account for provider: %s and username: %s does not exist, please register an account first", provider.Type, userInfo.Username)}
					c.Data["json"] = resp
					c.ServeJSON()
					return
				}
			}
			//resp = &Response{Status: "ok", Msg: "", Data: res}
		} else {
			userId := c.GetSessionUser()
			if userId == "" {
				resp = &Response{Status: "error", Msg: "The account does not exist", Data: userInfo}
				c.Data["json"] = resp
				c.ServeJSON()
				return
			}

			isLinked := object.LinkUserAccount(userId, provider.Type, userInfo.Username)
			if isLinked {
				resp = &Response{Status: "ok", Msg: "", Data: isLinked}
			} else {
				resp = &Response{Status: "error", Msg: "Failed to link user account", Data: isLinked}
			}
			//if len(object.GetMemberAvatar(userId)) == 0 {
			//	avatar := UploadAvatarToOSS(tempUserAccount.AvatarUrl, userId)
			//	object.LinkUserAccount(userId, "avatar", avatar)
			//}
		}
	} else {
		panic("unknown authentication type (not password or provider)")
	}

	c.Data["json"] = resp
	c.ServeJSON()
}
Update license header. 2021-03-13 23:06:03 +08:00			`// Copyright 2021 The casbin Authors. All Rights Reserved.`
Add github oauth. 2021-02-14 00:22:24 +08:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package controllers`

			`import (`
Change /api/auth/login to POST. 2021-03-15 00:49:16 +08:00			`"encoding/json"`
Add github oauth. 2021-02-14 00:22:24 +08:00			`"fmt"`

			`"github.com/astaxie/beego"`
Add IdProvider interface. 2021-02-21 22:33:53 +08:00			`"github.com/casdoor/casdoor/idp"`
Add github oauth. 2021-02-14 00:22:24 +08:00			`"github.com/casdoor/casdoor/object"`
			`"github.com/casdoor/casdoor/util"`
			`)`

Finish /login/oauth/authorize 2021-03-20 22:34:22 +08:00			`func codeToResponse(code object.Code) Response {`
			`if code.Code == "" {`
			`return &Response{Status: "error", Msg: code.Message, Data: code.Code}`
			`} else {`
			`return &Response{Status: "ok", Msg: "", Data: code.Code}`
			`}`
			`}`

Add /api/get-app-login 2021-03-20 10:51:00 +08:00			`func (c ApiController) HandleLoggedIn(userId string, form RequestForm) *Response {`
			`resp := &Response{}`
			`if form.Type == ResponseTypeLogin {`
			`c.SetSessionUser(userId)`
			`util.LogInfo(c.Ctx, "API: [%s] signed in", userId)`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`resp = &Response{Status: "ok", Msg: "", Data: userId}`
Add /api/get-app-login 2021-03-20 10:51:00 +08:00			`} else if form.Type == ResponseTypeCode {`
			`clientId := c.Input().Get("clientId")`
			`responseType := c.Input().Get("responseType")`
			`redirectUri := c.Input().Get("redirectUri")`
			`scope := c.Input().Get("scope")`
			`state := c.Input().Get("state")`

			`code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state)`
			`resp = codeToResponse(code)`
			`} else {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: fmt.Sprintf("Unknown response type: %s", form.Type)}`
Add /api/get-app-login 2021-03-20 10:51:00 +08:00			`}`
			`return resp`
			`}`

			`func (c *ApiController) GetApplicationLogin() {`
			`var resp Response`

			`clientId := c.Input().Get("clientId")`
			`responseType := c.Input().Get("responseType")`
			`redirectUri := c.Input().Get("redirectUri")`
			`scope := c.Input().Get("scope")`
			`state := c.Input().Get("state")`

			`msg, application := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state)`
			`if msg != "" {`
			`resp = Response{Status: "error", Msg: msg, Data: application}`
			`} else {`
			`resp = Response{Status: "ok", Msg: "", Data: application}`
			`}`
			`c.Data["json"] = resp`
			`c.ServeJSON()`
Add HandleLoggedIn(). 2021-03-15 19:11:41 +08:00			`}`

Merge two login functions. 2021-03-20 00:23:37 +08:00			`func (c *ApiController) Login() {`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`resp := &Response{Status: "null", Msg: ""}`
Add codeToResponse(). 2021-03-20 09:11:03 +08:00			`var form RequestForm`
Change /api/auth/login to POST. 2021-03-15 00:49:16 +08:00			`err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)`
			`if err != nil {`
			`panic(err)`
			`}`
Add github oauth. 2021-02-14 00:22:24 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if form.Username != "" {`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`if form.Type == ResponseTypeLogin {`
			`if c.GetSessionUser() != "" {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: "Please log out first before signing in", Data: c.GetSessionUser()}`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
			`}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`}`
Add IdProvider interface. 2021-02-21 22:33:53 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`userId := fmt.Sprintf("%s/%s", form.Organization, form.Username)`
			`password := form.Password`
			`msg := object.CheckUserLogin(userId, password)`
Add github oauth. 2021-02-14 00:22:24 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if msg != "" {`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`resp = &Response{Status: "error", Msg: msg, Data: ""}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`} else {`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`resp = c.HandleLoggedIn(userId, &form)`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`}`
			`} else if form.Provider != "" {`
			`application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))`
			`provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))`
Add github oauth. 2021-02-14 00:22:24 +08:00
Change provider interface. 2021-03-23 23:23:59 +08:00			`idProvider := idp.GetIdProvider(provider.Type, provider.ClientId, provider.ClientSecret, form.RedirectUri)`
			`idProvider.SetHttpClient(httpClient)`
Add github oauth. 2021-02-14 00:22:24 +08:00
Fix double GET params issue, fix double state bug. 2021-03-20 23:50:34 +08:00			`if form.State != beego.AppConfig.String("AuthState") && form.State != application.Name {`
Change provider interface. 2021-03-23 23:23:59 +08:00			`resp = &Response{Status: "error", Msg: fmt.Sprintf("state expected: \"%s\", but got: \"%s\"", beego.AppConfig.String("AuthState"), form.State)}`
Fix double GET params issue, fix double state bug. 2021-03-20 23:50:34 +08:00			`c.Data["json"] = resp`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`c.ServeJSON()`
			`return`
			`}`
Add github oauth. 2021-02-14 00:22:24 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`// https://github.com/golang/oauth2/issues/123#issuecomment-103715338`
Change provider interface. 2021-03-23 23:23:59 +08:00			`token, err := idProvider.GetToken(form.Code)`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if err != nil {`
Improve login error handling. 2021-03-25 23:22:34 +08:00			`resp = &Response{Status: "error", Msg: err.Error()}`
			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`}`
Add github oauth. 2021-02-14 00:22:24 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if !token.Valid() {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: "Invalid token"}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
Add GoogleIdProvider. 2021-02-21 23:51:40 +08:00			`}`

Change provider interface. 2021-03-23 23:23:59 +08:00			`userInfo, err := idProvider.GetUserInfo(token)`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if err != nil {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: fmt.Sprintf("Failed to login in: %s", err.Error())}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
			`}`
Add GoogleIdProvider. 2021-02-21 23:51:40 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if form.Method == "signup" {`
Improve IDP username handling. 2021-03-24 00:11:20 +08:00			`userId := object.GetUserIdByField(application, provider.Type, userInfo.Username)`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`if userId != "" {`
			`//if object.IsForbidden(userId) {`
			`// c.forbiddenAccountResp(userId)`
			`// return`
			`//}`
Add GoogleIdProvider. 2021-02-21 23:51:40 +08:00
Merge two login functions. 2021-03-20 00:23:37 +08:00			`//if len(object.GetMemberAvatar(userId)) == 0 {`
			`// avatar := UploadAvatarToOSS(res.Avatar, userId)`
			`// object.LinkMemberAccount(userId, "avatar", avatar)`
			`//}`
Add GoogleIdProvider. 2021-02-21 23:51:40 +08:00
Return code for /api/login 2021-03-20 13:05:34 +08:00			`resp = c.HandleLoggedIn(userId, &form)`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`} else {`
Add EnableSignUp. 2021-03-26 21:55:39 +08:00			`//if userId := object.GetUserIdByField(application, "email", userInfo.Email); userId != "" {`
			`// resp = c.HandleLoggedIn(userId, &form)`
			`//`
			`// object.LinkUserAccount(userId, provider.Type, userInfo.Username)`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`//}`

Add EnableSignUp. 2021-03-26 21:55:39 +08:00			`if !application.EnableSignUp {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: fmt.Sprintf("The account for provider: %s and username: %s does not exist and is not allowed to register as new account, please contact your IT support", provider.Type, userInfo.Username)}`
Add EnableSignUp. 2021-03-26 21:55:39 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
			`} else {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: fmt.Sprintf("The account for provider: %s and username: %s does not exist, please register an account first", provider.Type, userInfo.Username)}`
Add EnableSignUp. 2021-03-26 21:55:39 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
Add GoogleIdProvider. 2021-02-21 23:51:40 +08:00			`}`
Add github oauth. 2021-02-14 00:22:24 +08:00			`}`
Return code for /api/login 2021-03-20 13:05:34 +08:00			`//resp = &Response{Status: "ok", Msg: "", Data: res}`
Add github oauth. 2021-02-14 00:22:24 +08:00			`} else {`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`userId := c.GetSessionUser()`
			`if userId == "" {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: "The account does not exist", Data: userInfo}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`return`
			`}`

Improve IDP username handling. 2021-03-24 00:11:20 +08:00			`isLinked := object.LinkUserAccount(userId, provider.Type, userInfo.Username)`
			`if isLinked {`
			`resp = &Response{Status: "ok", Msg: "", Data: isLinked}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`} else {`
Improve response message. 2021-03-28 08:59:12 +08:00			`resp = &Response{Status: "error", Msg: "Failed to link user account", Data: isLinked}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`}`
			`//if len(object.GetMemberAvatar(userId)) == 0 {`
			`// avatar := UploadAvatarToOSS(tempUserAccount.AvatarUrl, userId)`
			`// object.LinkUserAccount(userId, "avatar", avatar)`
			`//}`
Add github oauth. 2021-02-14 00:22:24 +08:00			`}`
Merge two login functions. 2021-03-20 00:23:37 +08:00			`} else {`
			`panic("unknown authentication type (not password or provider)")`
Add github oauth. 2021-02-14 00:22:24 +08:00			`}`

			`c.Data["json"] = resp`
			`c.ServeJSON()`
			`}`