From 0beb0bf5b2e175efb5e89e255603fc8b2e4d23c2 Mon Sep 17 00:00:00 2001 From: Colin Alston Date: Thu, 11 Apr 2019 15:27:45 +0100 Subject: [PATCH 1/2] Add a method to authenticate without a config file --- google/google.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/google/google.go b/google/google.go index a105248..9dd0278 100644 --- a/google/google.go +++ b/google/google.go @@ -69,6 +69,19 @@ func Setup(redirectURL, credFile string, scopes []string, secret []byte) { } } +// Setup the authorization path without a config file +func SetupFromString(redirectURL, clientID string, clientSecret string, scopes []string, secret []byte) { + store = sessions.NewCookieStore(secret) + + conf = &oauth2.Config{ + ClientID: clientID, + ClientSecret: clientSecret, + RedirectURL: redirectURL, + Scopes: scopes, + Endpoint: google.Endpoint, + } +} + func Session(name string) gin.HandlerFunc { return sessions.Sessions(name, store) } From 3d76b5d565dcba8ded372dac0337dcf205ea5a4e Mon Sep 17 00:00:00 2001 From: Colin Alston Date: Thu, 11 Apr 2019 17:21:39 +0100 Subject: [PATCH 2/2] Redirect to login page on auth failure --- google/google.go | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/google/google.go b/google/google.go index 9dd0278..cb4fa87 100644 --- a/google/google.go +++ b/google/google.go @@ -7,7 +7,7 @@ import ( "crypto/rand" "encoding/base64" "encoding/json" - "fmt" + //"fmt" "io/ioutil" "net/http" @@ -44,6 +44,8 @@ var conf *oauth2.Config var state string var store sessions.CookieStore +var loginURL string + func randToken() string { b := make([]byte, 32) rand.Read(b) @@ -51,8 +53,9 @@ func randToken() string { } // Setup the authorization path -func Setup(redirectURL, credFile string, scopes []string, secret []byte) { +func Setup(redirectURL, cLoginURL string, credFile string, scopes []string, secret []byte) { store = sessions.NewCookieStore(secret) + loginURL = cLoginURL var c Credentials file, err := ioutil.ReadFile(credFile) if err != nil { @@ -70,8 +73,9 @@ func Setup(redirectURL, credFile string, scopes []string, secret []byte) { } // Setup the authorization path without a config file -func SetupFromString(redirectURL, clientID string, clientSecret string, scopes []string, secret []byte) { +func SetupFromString(redirectURL, cLoginURL string, clientID string, clientSecret string, scopes []string, secret []byte) { store = sessions.NewCookieStore(secret) + loginURL = cLoginURL conf = &oauth2.Config{ ClientID: clientID, @@ -115,7 +119,8 @@ func Auth() gin.HandlerFunc { session := sessions.Default(ctx) retrievedState := session.Get("state") if retrievedState != ctx.Query("state") { - ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("Invalid session state: %s", retrievedState)) + ctx.Redirect(302, loginURL) + //ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("Invalid session state: %s", retrievedState)) return }