From b0b3eb0805dee92fe1e409a02a6a8499046f7b5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=A2=D0=BE=D0=B2=D0=B0=D1=80=D0=B8=D1=89=20=D0=BF=D1=80?=
 =?UTF-8?q?=D0=BE=D0=B3=D1=80=D0=B0=D0=BC=D0=BC=D0=B8=D1=81=D1=82?=
 <46831212+ComradeProgrammer@users.noreply.github.com>
Date: Fri, 22 Apr 2022 22:45:52 +0800
Subject: [PATCH] fix: fix failure of introspection (#682)

* fix: fix failure of introspection

* Update token.go

Co-authored-by: Yang Luo <hsluoyz@qq.com>
---
 authz/authz.go          |  4 +---
 controllers/token.go    | 16 +++++++---------
 routers/authz_filter.go |  5 +++++
 3 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/authz/authz.go b/authz/authz.go
index 91f28aa6..d0dab756 100644
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -80,9 +80,7 @@ p, *, *, GET, /api/get-app-login, *, *
 p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
-p, *, *, POST, /api/login/oauth/access_token, *, *
-p, *, *, POST, /api/login/oauth/refresh_token, *, *
-p, *, *, GET, /api/login/oauth/logout, *, *
+p, *, *, *, /api/login/oauth, *, *
 p, *, *, GET, /api/get-application, *, *
 p, *, *, GET, /api/get-user, *, *
 p, *, *, GET, /api/get-user-application, *, *
diff --git a/controllers/token.go b/controllers/token.go
index 51e794bc..b907fc6b 100644
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -275,21 +275,20 @@ func (c *ApiController) IntrospectToken() {
 	tokenValue := c.Input().Get("token")
 	clientId, clientSecret, ok := c.Ctx.Request.BasicAuth()
 	if !ok {
-		util.LogWarning(c.Ctx, "Basic Authorization parses failed")
-		c.Data["json"] = Response{Status: "error", Msg: "Unauthorized operation"}
-		c.ServeJSON()
-		return
+		clientId = c.Input().Get("client_id")
+		clientSecret = c.Input().Get("client_secret")
+		if clientId == "" || clientSecret == "" {
+			c.ResponseError("empty clientId or clientSecret")
+			return
+		}
 	}
 	application := object.GetApplicationByClientId(clientId)
 	if application == nil || application.ClientSecret != clientSecret {
-		util.LogWarning(c.Ctx, "Basic Authorization failed")
-		c.Data["json"] = Response{Status: "error", Msg: "Unauthorized operation"}
-		c.ServeJSON()
+		c.ResponseError("invalid application or wrong clientSecret")
 		return
 	}
 	token := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
 	if token == nil {
-		util.LogWarning(c.Ctx, "application: %s can not find token", application.Name)
 		c.Data["json"] = &object.IntrospectionResponse{Active: false}
 		c.ServeJSON()
 		return
@@ -299,7 +298,6 @@ func (c *ApiController) IntrospectToken() {
 		// and token revoked case. but we not implement
 		// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
 		// refs: https://tools.ietf.org/html/rfc7009
-		util.LogWarning(c.Ctx, "token invalid")
 		c.Data["json"] = &object.IntrospectionResponse{Active: false}
 		c.ServeJSON()
 		return
diff --git a/routers/authz_filter.go b/routers/authz_filter.go
index e8c75750..c6d3a935 100644
--- a/routers/authz_filter.go
+++ b/routers/authz_filter.go
@@ -104,6 +104,11 @@ func getUrlPath(urlPath string) string {
 	if strings.HasPrefix(urlPath, "/cas") && (strings.HasSuffix(urlPath, "/serviceValidate") || strings.HasSuffix(urlPath, "/proxy") || strings.HasSuffix(urlPath, "/proxyValidate") || strings.HasSuffix(urlPath, "/validate") || strings.HasSuffix(urlPath, "/p3/serviceValidate") || strings.HasSuffix(urlPath, "/p3/proxyValidate") || strings.HasSuffix(urlPath, "/samlValidate")) {
 		return "/cas"
 	}
+
+	if strings.HasPrefix(urlPath, "/api/login/oauth") {
+		return "/api/login/oauth"
+	}
+
 	return urlPath
 }