llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-08 00:50:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add OIDC feature support. (#373)

Browse Source 
1. add nonce parameter.
2. add sub in userinfo endpoint.

Signed-off-by: 0x2a <stevesough@gmail.com>
This commit is contained in:
Steve0x2a
2021-12-15 21:42:16 +08:00
committed by GitHub
parent 370e835499
commit 98f6cc0085
7 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
controllers/account.go
View File

@ -61,6 +61,7 @@ type RequestForm struct {
type Response struct { type Response struct {
Status string `json:"status"` Status string `json:"status"`
Msg string `json:"msg"` Msg string `json:"msg"`
Sub string `json:"sub"`
Data interface{} `json:"data"` Data interface{} `json:"data"`
Data2 interface{} `json:"data2"` Data2 interface{} `json:"data2"`
} }
@ -217,8 +218,14 @@ func (c *ApiController) GetAccount() {
} }
organization := object.GetMaskedOrganization(object.GetOrganizationByUser(user)) organization := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
resp := Response{
c.ResponseOk(user, organization) Status: "ok",
Sub: userId,
Data: user,
Data2: organization,
}
c.Data["json"] = resp
c.ServeJSON()
} }
// GetHumanCheck ... // GetHumanCheck ...

4
controllers/auth.go
View File

@ -51,8 +51,8 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
redirectUri := c.Input().Get("redirectUri") redirectUri := c.Input().Get("redirectUri")
scope := c.Input().Get("scope") scope := c.Input().Get("scope")
state := c.Input().Get("state") state := c.Input().Get("state")
nonce := c.Input().Get("nonce")
code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state) code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce)
resp = codeToResponse(code) resp = codeToResponse(code)
if application.HasPromptPage() { if application.HasPromptPage() {

3
controllers/token.go
View File

@ -136,8 +136,9 @@ func (c *ApiController) GetOAuthCode() {
redirectUri := c.Input().Get("redirect_uri") redirectUri := c.Input().Get("redirect_uri")
scope := c.Input().Get("scope") scope := c.Input().Get("scope")
state := c.Input().Get("state") state := c.Input().Get("state")
nonce := c.Input().Get("nonce")
c.Data["json"] = object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state) c.Data["json"] = object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce)
c.ServeJSON() c.ServeJSON()
} }

4
object/token.go
View File

@ -175,7 +175,7 @@ func CheckOAuthLogin(clientId string, responseType string, redirectUri string, s
return "", application return "", application
} }
func GetOAuthCode(userId string, clientId string, responseType string, redirectUri string, scope string, state string) *Code { func GetOAuthCode(userId string, clientId string, responseType string, redirectUri string, scope string, state string, nonce string) *Code {
user := GetUser(userId) user := GetUser(userId)
if user == nil { if user == nil {
return &Code{ return &Code{
@ -192,7 +192,7 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
} }
} }
accessToken, err := generateJwtToken(application, user) accessToken, err := generateJwtToken(application, user, nonce)
if err != nil { if err != nil {
panic(err) panic(err)
} }

6
object/token_jwt.go
View File

@ -31,17 +31,19 @@ var tokenJwtPrivateKey string
type Claims struct { type Claims struct {
User User
Nonce string `json:"nonce,omitempty"`
jwt.RegisteredClaims jwt.RegisteredClaims
} }
func generateJwtToken(application *Application, user *User) (string, error) { func generateJwtToken(application *Application, user *User, nonce string) (string, error) {
nowTime := time.Now() nowTime := time.Now()
expireTime := nowTime.Add(time.Duration(application.ExpireInHours) * time.Hour) expireTime := nowTime.Add(time.Duration(application.ExpireInHours) * time.Hour)
user.Password = "" user.Password = ""
claims := Claims{ claims := Claims{
User: *user, User: *user,
Nonce: nonce,
RegisteredClaims: jwt.RegisteredClaims{ RegisteredClaims: jwt.RegisteredClaims{
Issuer: beego.AppConfig.String("origin"), Issuer: beego.AppConfig.String("origin"),
Subject: user.Id, Subject: user.Id,

2
web/src/auth/AuthBackend.js
View File

@ -44,7 +44,7 @@ function oAuthParamsToQuery(oAuthParams) {
} }
// code // code
return `?clientId=${oAuthParams.clientId}&responseType=${oAuthParams.responseType}&redirectUri=${oAuthParams.redirectUri}&scope=${oAuthParams.scope}&state=${oAuthParams.state}`; return `?clientId=${oAuthParams.clientId}&responseType=${oAuthParams.responseType}&redirectUri=${oAuthParams.redirectUri}&scope=${oAuthParams.scope}&state=${oAuthParams.state}&nonce=${oAuthParams.nonce}`;
} }
export function getApplicationLogin(oAuthParams) { export function getApplicationLogin(oAuthParams) {

2
web/src/auth/Util.js
View File

@ -82,6 +82,7 @@ export function getOAuthGetParameters(params) {
const redirectUri = queries.get("redirect_uri"); const redirectUri = queries.get("redirect_uri");
const scope = queries.get("scope"); const scope = queries.get("scope");
const state = queries.get("state"); const state = queries.get("state");
const nonce = queries.get("nonce")
if (clientId === undefined || clientId === null) { if (clientId === undefined || clientId === null) {
// login // login
@ -94,6 +95,7 @@ export function getOAuthGetParameters(params) {
redirectUri: redirectUri, redirectUri: redirectUri,
scope: scope, scope: scope,
state: state, state: state,
nonce: nonce,
}; };
} }
} }