mirror of
https://github.com/coder/coder.git
synced 2025-07-09 11:45:56 +00:00
fix: move oauth2 routes (#12240)
* fix: move oauth2 routes From /login/oauth2/* to /oauth2/*. /login/oauth2 causes /login to no longer get served by the frontend, even if nothing is actually served on /login itself. * Add forgotten comment on delete
This commit is contained in:
@ -168,24 +168,25 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
|
||||
}
|
||||
|
||||
api.AGPL.RootHandler.Group(func(r chi.Router) {
|
||||
r.Use(
|
||||
api.oAuth2ProviderMiddleware,
|
||||
// Fetch the app as system because in the /tokens route there will be no
|
||||
// authenticated user.
|
||||
httpmw.AsAuthzSystem(httpmw.ExtractOAuth2ProviderApp(options.Database)),
|
||||
)
|
||||
// Oauth2 linking routes do not make sense under the /api/v2 path.
|
||||
r.Route("/login", func(r chi.Router) {
|
||||
r.Route("/oauth2", func(r chi.Router) {
|
||||
r.Group(func(r chi.Router) {
|
||||
r.Use(apiKeyMiddleware)
|
||||
r.Get("/authorize", api.postOAuth2ProviderAppAuthorize())
|
||||
r.Delete("/tokens", api.deleteOAuth2ProviderAppTokens())
|
||||
})
|
||||
// The /tokens endpoint will be called from an unauthorized client so we
|
||||
// cannot require an API key.
|
||||
r.Post("/tokens", api.postOAuth2ProviderAppToken())
|
||||
r.Route("/oauth2", func(r chi.Router) {
|
||||
r.Use(
|
||||
api.oAuth2ProviderMiddleware,
|
||||
// Fetch the app as system because in the /tokens route there will be no
|
||||
// authenticated user.
|
||||
httpmw.AsAuthzSystem(httpmw.ExtractOAuth2ProviderApp(options.Database)),
|
||||
)
|
||||
r.Group(func(r chi.Router) {
|
||||
r.Use(apiKeyMiddleware)
|
||||
r.Get("/authorize", api.postOAuth2ProviderAppAuthorize())
|
||||
// DELETE on /tokens is not part of the OAuth2 spec. It is our own
|
||||
// route used to revoke permissions from an application. It is here for
|
||||
// parity with POST on /tokens.
|
||||
r.Delete("/tokens", api.deleteOAuth2ProviderAppTokens())
|
||||
})
|
||||
// The /tokens endpoint will be called from an unauthorized client so we
|
||||
// cannot require an API key.
|
||||
r.Post("/tokens", api.postOAuth2ProviderAppToken())
|
||||
})
|
||||
})
|
||||
|
||||
|
@ -44,7 +44,7 @@ func authorizeMW(accessURL *url.URL) func(next http.Handler) http.Handler {
|
||||
// a minimum in order to detect whether "allow" has been pressed, however.
|
||||
cameFromSelf := (origin == "" || originU.Hostname() == accessURL.Hostname()) &&
|
||||
refererU.Hostname() == accessURL.Hostname() &&
|
||||
refererU.Path == "/login/oauth2/authorize"
|
||||
refererU.Path == "/oauth2/authorize"
|
||||
|
||||
// If we were redirected here from this same page it means the user
|
||||
// pressed the allow button so defer to the authorize handler which
|
||||
|
@ -291,7 +291,7 @@ func (api *API) deleteOAuth2ProviderAppSecret(rw http.ResponseWriter, r *http.Re
|
||||
// @Param redirect_uri query string false "Redirect here after authorization"
|
||||
// @Param scope query string false "Token scopes (currently ignored)"
|
||||
// @Success 302
|
||||
// @Router /login/oauth2/authorize [post]
|
||||
// @Router /oauth2/authorize [post]
|
||||
func (api *API) postOAuth2ProviderAppAuthorize() http.HandlerFunc {
|
||||
return identityprovider.Authorize(api.Database, api.AccessURL)
|
||||
}
|
||||
@ -306,7 +306,7 @@ func (api *API) postOAuth2ProviderAppAuthorize() http.HandlerFunc {
|
||||
// @Param refresh_token formData string false "Refresh token, required if grant_type=refresh_token"
|
||||
// @Param grant_type formData codersdk.OAuth2ProviderGrantType true "Grant type"
|
||||
// @Success 200 {object} oauth2.Token
|
||||
// @Router /login/oauth2/tokens [post]
|
||||
// @Router /oauth2/tokens [post]
|
||||
func (api *API) postOAuth2ProviderAppToken() http.HandlerFunc {
|
||||
return identityprovider.Tokens(api.Database, api.DeploymentValues.SessionDuration.Value())
|
||||
}
|
||||
@ -317,7 +317,7 @@ func (api *API) postOAuth2ProviderAppToken() http.HandlerFunc {
|
||||
// @Tags Enterprise
|
||||
// @Param client_id query string true "Client ID"
|
||||
// @Success 204
|
||||
// @Router /login/oauth2/tokens [delete]
|
||||
// @Router /oauth2/tokens [delete]
|
||||
func (api *API) deleteOAuth2ProviderAppTokens() http.HandlerFunc {
|
||||
return identityprovider.RevokeApp(api.Database)
|
||||
}
|
||||
|
Reference in New Issue
Block a user