From 359d3604d2ddc28e14bcc6a09574460307ee425d Mon Sep 17 00:00:00 2001 From: LittleSheep Date: Tue, 30 Jan 2024 21:15:15 +0800 Subject: [PATCH] :bug: Bug fixes of missing id token (via goth) --- pkg/security/challanges.go | 4 ++-- pkg/server/challanges_api.go | 31 +++++++++++++------------------ pkg/server/oauth_api.go | 2 +- 3 files changed, 16 insertions(+), 21 deletions(-) diff --git a/pkg/security/challanges.go b/pkg/security/challanges.go index 424f7b2..eeb0e6d 100644 --- a/pkg/security/challanges.go +++ b/pkg/security/challanges.go @@ -18,9 +18,9 @@ func CalcRisk(user models.Account, ip, ua string) int { IpAddress: ip, }).Model(models.AuthChallenge{}).Count(&secureFactor).Error; err == nil { if secureFactor >= 3 { - risk -= 2 + risk -= 3 } else if secureFactor >= 1 { - risk -= 1 + risk -= 2 } } diff --git a/pkg/server/challanges_api.go b/pkg/server/challanges_api.go index 3f3485f..c80f97c 100644 --- a/pkg/server/challanges_api.go +++ b/pkg/server/challanges_api.go @@ -102,41 +102,36 @@ func exchangeToken(c *fiber.Ctx) error { return err } + var err error + var access, refresh string switch data.GrantType { case "authorization_code": // Authorization Code Mode - access, refresh, err := security.ExchangeOauthToken(data.ClientID, data.ClientSecret, data.RedirectUri, data.Code) + access, refresh, err = security.ExchangeOauthToken(data.ClientID, data.ClientSecret, data.RedirectUri, data.Code) if err != nil { return fiber.NewError(fiber.StatusBadRequest, err.Error()) } - - return c.JSON(fiber.Map{ - "access_token": access, - "refresh_token": refresh, - }) case "grant_token": // Internal Usage - access, refresh, err := security.ExchangeToken(data.Code) + access, refresh, err = security.ExchangeToken(data.Code) if err != nil { return fiber.NewError(fiber.StatusBadRequest, err.Error()) } - - return c.JSON(fiber.Map{ - "access_token": access, - "refresh_token": refresh, - }) case "refresh_token": // Refresh Token - access, refresh, err := security.RefreshToken(data.RefreshToken) + access, refresh, err = security.RefreshToken(data.RefreshToken) if err != nil { return fiber.NewError(fiber.StatusBadRequest, err.Error()) } - - return c.JSON(fiber.Map{ - "access_token": access, - "refresh_token": refresh, - }) default: return fiber.NewError(fiber.StatusBadRequest, "unsupported exchange token type") } + + return c.JSON(fiber.Map{ + "id_token": access, + "access_token": access, + "refresh_token": refresh, + "token_type": "Bearer", + "expires_in": (30 * time.Minute).Seconds(), + }) } diff --git a/pkg/server/oauth_api.go b/pkg/server/oauth_api.go index 3a0eec1..9497f25 100644 --- a/pkg/server/oauth_api.go +++ b/pkg/server/oauth_api.go @@ -19,7 +19,7 @@ func preConnect(c *fiber.Ctx) error { if err := database.C.Where(&models.ThirdClient{Alias: id}).First(&client).Error; err != nil { return fiber.NewError(fiber.StatusNotFound, err.Error()) } else if !client.IsDraft && !lo.Contains(client.Callbacks, strings.Split(redirect, "?")[0]) { - return fiber.NewError(fiber.StatusBadRequest, "invalid request url") + return fiber.NewError(fiber.StatusBadRequest, "invalid callback url") } user := c.Locals("principal").(models.Account)