mirror of
https://github.com/casdoor/casdoor.git
synced 2025-07-03 12:30:19 +08:00
feat: authorize via clientId and clientSecret
Signed-off-by: Kininaru <shiftregister233@outlook.com>
This commit is contained in:
@ -23,6 +23,7 @@ import (
|
||||
"github.com/astaxie/beego/context"
|
||||
"github.com/casdoor/casdoor/authz"
|
||||
"github.com/casdoor/casdoor/controllers"
|
||||
"github.com/casdoor/casdoor/object"
|
||||
"github.com/casdoor/casdoor/util"
|
||||
)
|
||||
|
||||
@ -41,6 +42,22 @@ func getUsername(ctx *context.Context) (username string) {
|
||||
// bug in Beego: this call will panic when file session store is empty
|
||||
// so we catch the panic
|
||||
username = ctx.Input.Session("username").(string)
|
||||
|
||||
if len(username) == 0 {
|
||||
query := ctx.Request.URL.RawQuery
|
||||
clientId := parseQuery(query, "clientId")
|
||||
clientSecret := parseQuery(query, "clientSecret")
|
||||
if len(clientId) == 0 || len(clientSecret) == 0 {
|
||||
return
|
||||
}
|
||||
|
||||
app := object.GetApplicationByClientId(clientId)
|
||||
if app == nil || app.ClientSecret != clientSecret {
|
||||
return
|
||||
}
|
||||
return "built-in/service"
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user