mirror of
https://github.com/casdoor/casdoor.git
synced 2025-05-23 02:35:49 +08:00
152 lines
4.3 KiB
Go
152 lines
4.3 KiB
Go
// Copyright 2020 The casbin Authors. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package controllers
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/astaxie/beego"
|
|
"github.com/casdoor/casdoor/idp"
|
|
"github.com/casdoor/casdoor/object"
|
|
"github.com/casdoor/casdoor/util"
|
|
"golang.org/x/oauth2"
|
|
)
|
|
|
|
func (c *ApiController) AuthLogin() {
|
|
applicationName := c.Input().Get("application")
|
|
providerName := c.Input().Get("provider")
|
|
code := c.Input().Get("code")
|
|
state := c.Input().Get("state")
|
|
method := c.Input().Get("method")
|
|
redirectUrl := c.Input().Get("redirect_url")
|
|
|
|
application := object.GetApplication(fmt.Sprintf("admin/%s", applicationName))
|
|
provider := object.GetProvider(fmt.Sprintf("admin/%s", providerName))
|
|
|
|
idProvider := idp.GetIdProvider(provider.Type)
|
|
oauthConfig := idProvider.GetConfig()
|
|
oauthConfig.ClientID = provider.ClientId
|
|
oauthConfig.ClientSecret = provider.ClientSecret
|
|
oauthConfig.RedirectURL = redirectUrl
|
|
|
|
var resp Response
|
|
var res authResponse
|
|
res.IsAuthenticated = true
|
|
|
|
if state != beego.AppConfig.String("AuthState") {
|
|
res.IsAuthenticated = false
|
|
resp = Response{Status: "error", Msg: "unauthorized", Data: res}
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
// https://github.com/golang/oauth2/issues/123#issuecomment-103715338
|
|
ctx := context.WithValue(oauth2.NoContext, oauth2.HTTPClient, httpClient)
|
|
token, err := oauthConfig.Exchange(ctx, code)
|
|
if err != nil {
|
|
res.IsAuthenticated = false
|
|
panic(err)
|
|
}
|
|
|
|
if !token.Valid() {
|
|
resp = Response{Status: "error", Msg: "unauthorized", Data: res}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
res.Email, res.Method, res.Avatar, err = idProvider.GetUserInfo(httpClient, token)
|
|
if err != nil {
|
|
resp = Response{Status: "error", Msg: "Login failed, please try again."}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
if method == "signup" {
|
|
userId := ""
|
|
if provider.Type == "github" {
|
|
userId = object.GetUserIdByField(application, "github", res.Method)
|
|
} else if provider.Type == "google" {
|
|
userId = object.GetUserIdByField(application, "google", res.Email)
|
|
}
|
|
|
|
if userId != "" {
|
|
//if object.IsForbidden(userId) {
|
|
// c.forbiddenAccountResp(userId)
|
|
// return
|
|
//}
|
|
|
|
//if len(object.GetMemberAvatar(userId)) == 0 {
|
|
// avatar := UploadAvatarToOSS(res.Avatar, userId)
|
|
// object.LinkMemberAccount(userId, "avatar", avatar)
|
|
//}
|
|
|
|
c.SetSessionUser(userId)
|
|
util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
|
|
res.IsSignedUp = true
|
|
} else {
|
|
//if object.IsForbidden(userId) {
|
|
// c.forbiddenAccountResp(userId)
|
|
// return
|
|
//}
|
|
|
|
if userId := object.GetUserIdByField(application, "email", res.Email); userId != "" {
|
|
c.SetSessionUser(userId)
|
|
util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
|
|
res.IsSignedUp = true
|
|
|
|
if provider.Type == "github" {
|
|
_ = object.LinkUserAccount(userId, "github", res.Method)
|
|
} else if provider.Type == "google" {
|
|
_ = object.LinkUserAccount(userId, "google", res.Email)
|
|
}
|
|
} else {
|
|
res.IsSignedUp = false
|
|
}
|
|
}
|
|
//res.Method = res.Email
|
|
resp = Response{Status: "ok", Msg: "success", Data: res}
|
|
} else {
|
|
userId := c.GetSessionUser()
|
|
if userId == "" {
|
|
resp = Response{Status: "error", Msg: "user doesn't exist", Data: res}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
var linkRes bool
|
|
if provider.Type == "github" {
|
|
_ = object.LinkUserAccount(userId, "github", res.Method)
|
|
} else if provider.Type == "google" {
|
|
_ = object.LinkUserAccount(userId, "google", res.Email)
|
|
}
|
|
if linkRes {
|
|
resp = Response{Status: "ok", Msg: "success", Data: linkRes}
|
|
} else {
|
|
resp = Response{Status: "error", Msg: "link account failed", Data: linkRes}
|
|
}
|
|
//if len(object.GetMemberAvatar(userId)) == 0 {
|
|
// avatar := UploadAvatarToOSS(tempUserAccount.AvatarUrl, userId)
|
|
// object.LinkUserAccount(userId, "avatar", avatar)
|
|
//}
|
|
}
|
|
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
}
|