fix: oauth params null value error (#465)

Signed-off-by: Steve0x2a <stevesough@gmail.com>

conf/app.conf

@@ -16,4 +16,4 @@ httpProxy = "127.0.0.1:10808"
 verificationCodeTimeout = 10
 initScore = 2000
 logPostOnly = true
-origin = "https://door.casbin.com"
+origin =

controllers/auth.go

@@ -55,7 +55,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		challengeMethod := c.Input().Get("code_challenge_method")
 		codeChallenge := c.Input().Get("code_challenge")
 
-		if challengeMethod != "S256" && challengeMethod != "null" {
+		if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
 			c.ResponseError("Challenge method should be S256")
 			return
 		}

controllers/oidc_discovery.go

@@ -20,7 +20,8 @@ import "github.com/casdoor/casdoor/object"
 // @Tag OIDC API
 // @router /.well-known/openid-configuration [get]
 func (c *RootController) GetOidcDiscovery() {
-	c.Data["json"] = object.GetOidcDiscovery()
+	host := c.Ctx.Request.Host
+	c.Data["json"] = object.GetOidcDiscovery(host)
 	c.ServeJSON()
 }
 

controllers/token.go

@@ -145,7 +145,7 @@ func (c *ApiController) GetOAuthCode() {
 	challengeMethod := c.Input().Get("code_challenge_method")
 	codeChallenge := c.Input().Get("code_challenge")
 
-	if challengeMethod != "S256" && challengeMethod != "null" {
+	if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
 		c.ResponseError("Challenge method should be S256")
 		return
 	}

object/oidc_discovery.go

@@ -18,6 +18,7 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
+	"strings"
 
 	"github.com/astaxie/beego"
 	"gopkg.in/square/go-jose.v2"
@@ -40,22 +41,39 @@ type OidcDiscovery struct {
 	RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
 }
 
-var oidcDiscovery OidcDiscovery
+func getOriginFromHost(host string) (string, string) {
+	protocol := "https://"
+	if strings.HasPrefix(host, "localhost") {
+		protocol = "http://"
+	}
+
+	if host == "localhost:8000" {
+		return fmt.Sprintf("%s%s", protocol, "localhost:7001"), fmt.Sprintf("%s%s", protocol, "localhost:8000")
+	} else {
+		return fmt.Sprintf("%s%s", protocol, host), fmt.Sprintf("%s%s", protocol, host)
+	}
+}
+
+func GetOidcDiscovery(host string) OidcDiscovery {
+	originFrontend, originBackend := getOriginFromHost(host)
 
-func init() {
 	origin := beego.AppConfig.String("origin")
+	if origin != "" {
+		originFrontend = origin
+		originBackend = origin
+	}
 
 	// Examples:
 	// https://login.okta.com/.well-known/openid-configuration
 	// https://auth0.auth0.com/.well-known/openid-configuration
 	// https://accounts.google.com/.well-known/openid-configuration
 	// https://access.line.me/.well-known/openid-configuration
-	oidcDiscovery = OidcDiscovery{
+	oidcDiscovery := OidcDiscovery{
-		Issuer:                                 origin,
+		Issuer:                                 originFrontend,
-		AuthorizationEndpoint:                  fmt.Sprintf("%s/login/oauth/authorize", origin),
+		AuthorizationEndpoint:                  fmt.Sprintf("%s/login/oauth/authorize", originFrontend),
-		TokenEndpoint:                          fmt.Sprintf("%s/api/login/oauth/access_token", origin),
+		TokenEndpoint:                          fmt.Sprintf("%s/api/login/oauth/access_token", originBackend),
-		UserinfoEndpoint:                       fmt.Sprintf("%s/api/userinfo", origin),
+		UserinfoEndpoint:                       fmt.Sprintf("%s/api/userinfo", originBackend),
-		JwksUri:                                fmt.Sprintf("%s/api/certs", origin),
+		JwksUri:                                fmt.Sprintf("%s/api/certs", originBackend),
 		ResponseTypesSupported:                 []string{"id_token"},
 		ResponseModesSupported:                 []string{"login", "code", "link"},
 		GrantTypesSupported:                    []string{"password", "authorization_code"},
@@ -66,9 +84,7 @@ func init() {
 		RequestParameterSupported:              true,
 		RequestObjectSigningAlgValuesSupported: []string{"HS256", "HS384", "HS512"},
 	}
-}
 
-func GetOidcDiscovery() OidcDiscovery {
 	return oidcDiscovery
 }
 

web/src/auth/Util.js

@@ -75,18 +75,22 @@ export function renderMessageLarge(ths, msg) {
   }
 }
 
+function getRefinedValue(value){
+  return (value === null)? "" : value
+}
+
 export function getOAuthGetParameters(params) {
   const queries = (params !== undefined) ? params : new URLSearchParams(window.location.search);
-  const clientId = queries.get("client_id");
+  const clientId = getRefinedValue(queries.get("client_id"));
-  const responseType = queries.get("response_type");
+  const responseType = getRefinedValue(queries.get("response_type"));
-  const redirectUri = queries.get("redirect_uri");
+  const redirectUri = getRefinedValue(queries.get("redirect_uri"));
-  const scope = queries.get("scope");
+  const scope = getRefinedValue(queries.get("scope"));
-  const state = queries.get("state");
+  const state = getRefinedValue(queries.get("state"));
-  const nonce = queries.get("nonce")
+  const nonce = getRefinedValue(queries.get("nonce"))
-  const challengeMethod = queries.get("code_challenge_method")
+  const challengeMethod = getRefinedValue(queries.get("code_challenge_method"))
-  const codeChallenge = queries.get("code_challenge")
+  const codeChallenge = getRefinedValue(queries.get("code_challenge"))
   
-  if (clientId === undefined || clientId === null) {
+  if (clientId === undefined || clientId === null || clientId === "") {
     // login
     return null;
   } else {