Skip to content

Commit cfec49a

Browse files
adhocoreadhocore
committed
refactor: make RequestAuth able to be used standalone from outside
1 parent 27b2267 commit cfec49a

File tree

1 file changed

+26
-21
lines changed

1 file changed

+26
-21
lines changed

goic.go

Lines changed: 26 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -122,40 +122,26 @@ func (g *Goic) Supports(name string) bool {
122122
}
123123

124124
// RequestAuth is the starting point of OpenID flow
125-
func (g *Goic) RequestAuth(p *Provider, res http.ResponseWriter, req *http.Request) error {
125+
func (g *Goic) RequestAuth(p *Provider, state, nonce, redir string, res http.ResponseWriter, req *http.Request) error {
126126
if !g.Supports(p.Name) {
127127
return ErrProviderSupport
128128
}
129129

130-
redir, err := http.NewRequest("GET", p.wellKnown.AuthURI, nil)
130+
redirect, err := http.NewRequest("GET", p.wellKnown.AuthURI, nil)
131131
if err != nil {
132132
return err
133133
}
134134

135-
qry := redir.URL.Query()
135+
qry := redirect.URL.Query()
136136
qry.Add("response_type", "code")
137-
qry.Add("redirect_uri", currentURL(req, false))
137+
qry.Add("redirect_uri", redir)
138138
qry.Add("client_id", p.clientID)
139139
qry.Add("scope", p.Scope)
140-
141-
nonce, state := RandomString(nonceLength), RandomString(stateLength)
142-
143-
g.sLock.Lock()
144-
for {
145-
if _, ok := g.states[state]; !ok {
146-
break
147-
}
148-
state = RandomString(stateLength)
149-
}
150-
151-
g.states[state] = nonce
152-
g.sLock.Unlock()
153-
154140
qry.Add("state", state)
155141
qry.Add("nonce", nonce)
156-
redir.URL.RawQuery = qry.Encode()
142+
redirect.URL.RawQuery = qry.Encode()
157143

158-
http.Redirect(res, req, redir.URL.String(), http.StatusFound)
144+
http.Redirect(res, req, redirect.URL.String(), http.StatusFound)
159145
return nil
160146
}
161147

@@ -325,7 +311,8 @@ func (g *Goic) process(res http.ResponseWriter, req *http.Request) {
325311
code, state := qry.Get("code"), qry.Get("state")
326312
p := g.providers[name]
327313
if code == "" {
328-
if err := g.RequestAuth(p, res, req); err != nil {
314+
state, nonce := g.initStateAndNonce()
315+
if err := g.RequestAuth(p, state, nonce, redir, res, req); err != nil {
329316
g.errorHTML(res, err, restart, "request auth")
330317
}
331318
return
@@ -351,6 +338,24 @@ func (g *Goic) process(res http.ResponseWriter, req *http.Request) {
351338
g.userCallback(tok, g.UserInfo(tok), res, req)
352339
}
353340

341+
// initStateAndNonce inits one time state and nonce
342+
func (g *Goic) initStateAndNonce() (string, string) {
343+
nonce, state := RandomString(nonceLength), RandomString(stateLength)
344+
345+
g.sLock.Lock()
346+
for {
347+
if _, ok := g.states[state]; !ok {
348+
break
349+
}
350+
state = RandomString(stateLength)
351+
}
352+
353+
g.states[state] = nonce
354+
g.sLock.Unlock()
355+
356+
return state, nonce
357+
}
358+
354359
// UserCallback sets a callback for post user verification
355360
func (g *Goic) UserCallback(cb UserCallback) *Goic {
356361
g.userCallback = cb

0 commit comments

Comments
 (0)