Skip to content

Commit

Permalink
fix: pass URL params explicitly
Browse files Browse the repository at this point in the history
  • Loading branch information
alnr committed Sep 2, 2024
1 parent 9e5e681 commit 5195727
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 22 deletions.
4 changes: 2 additions & 2 deletions selfservice/strategy/code/strategy_login.go
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow,
}
return nil, nil
case flow.StateEmailSent:
i, err := s.loginVerifyCode(ctx, r, f, &p, sess)
i, err := s.loginVerifyCode(ctx, f, &p, sess)
if err != nil {
return nil, s.HandleLoginError(r, f, &p, err)
}
Expand Down Expand Up @@ -437,7 +437,7 @@ func maybeNormalizeEmail(input string) string {
return input
}

func (s *Strategy) loginVerifyCode(ctx context.Context, r *http.Request, f *login.Flow, p *updateLoginFlowWithCodeMethod, sess *session.Session) (_ *identity.Identity, err error) {
func (s *Strategy) loginVerifyCode(ctx context.Context, f *login.Flow, p *updateLoginFlowWithCodeMethod, sess *session.Session) (_ *identity.Identity, err error) {
ctx, span := s.deps.Tracer(ctx).Tracer().Start(ctx, "selfservice.strategy.code.strategy.loginVerifyCode")
defer otelx.End(span, &err)

Expand Down
18 changes: 9 additions & 9 deletions selfservice/strategy/code/strategy_recovery.go
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request,
return s.retryRecoveryFlow(w, r, f.Type, RetryWithError(err))
}
case flow.TypeAPI:
if err := s.deps.SessionPersister().UpsertSession(r.Context(), sess); err != nil {
if err := s.deps.SessionPersister().UpsertSession(ctx, sess); err != nil {
return s.retryRecoveryFlow(w, r, f.Type, RetryWithError(err))
}
f.ContinueWith = append(f.ContinueWith, flow.NewContinueWithSetToken(sess.Token))
Expand All @@ -217,7 +217,7 @@ func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request,
return s.retryRecoveryFlow(w, r, f.Type, RetryWithError(err))
}

returnToURL := s.deps.Config().SelfServiceFlowRecoveryReturnTo(r.Context(), nil)
returnToURL := s.deps.Config().SelfServiceFlowRecoveryReturnTo(ctx, nil)
returnTo := ""
if returnToURL != nil {
returnTo = returnToURL.String()
Expand All @@ -230,12 +230,12 @@ func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request,
config := s.deps.Config()

sf.UI.Messages.Set(text.NewRecoverySuccessful(time.Now().Add(config.SelfServiceFlowSettingsPrivilegedSessionMaxAge(ctx))))
if err := s.deps.SettingsFlowPersister().UpdateSettingsFlow(r.Context(), sf); err != nil {
if err := s.deps.SettingsFlowPersister().UpdateSettingsFlow(ctx, sf); err != nil {
return s.retryRecoveryFlow(w, r, f.Type, RetryWithError(err))
}

if s.deps.Config().UseContinueWithTransitions(ctx) {
redirectTo := sf.AppendTo(s.deps.Config().SelfServiceFlowSettingsUI(r.Context())).String()
redirectTo := sf.AppendTo(s.deps.Config().SelfServiceFlowSettingsUI(ctx)).String()
switch {
case f.Type.IsAPI(), x.IsJSONRequest(r):
f.ContinueWith = append(f.ContinueWith, flow.NewContinueWithSettingsUI(sf, redirectTo))
Expand All @@ -245,9 +245,9 @@ func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request,
}
} else {
if x.IsJSONRequest(r) {
s.deps.Writer().WriteError(w, r, flow.NewBrowserLocationChangeRequiredError(sf.AppendTo(s.deps.Config().SelfServiceFlowSettingsUI(r.Context())).String()))
s.deps.Writer().WriteError(w, r, flow.NewBrowserLocationChangeRequiredError(sf.AppendTo(s.deps.Config().SelfServiceFlowSettingsUI(ctx)).String()))
} else {
http.Redirect(w, r, sf.AppendTo(s.deps.Config().SelfServiceFlowSettingsUI(r.Context())).String(), http.StatusSeeOther)
http.Redirect(w, r, sf.AppendTo(s.deps.Config().SelfServiceFlowSettingsUI(ctx)).String(), http.StatusSeeOther)
}
}

Expand All @@ -265,7 +265,7 @@ func (s *Strategy) recoveryUseCode(w http.ResponseWriter, r *http.Request, body
}

if f.Type == flow.TypeBrowser && !x.IsJSONRequest(r) {
http.Redirect(w, r, f.AppendTo(s.deps.Config().SelfServiceFlowRecoveryUI(r.Context())).String(), http.StatusSeeOther)
http.Redirect(w, r, f.AppendTo(s.deps.Config().SelfServiceFlowRecoveryUI(ctx)).String(), http.StatusSeeOther)
} else {
s.deps.Writer().Write(w, r, f)
}
Expand Down Expand Up @@ -395,7 +395,7 @@ func (s *Strategy) recoveryHandleFormSubmission(w http.ResponseWriter, r *http.R
// re-initialize the UI with a "clean" new state
f.UI = &container.Container{
Method: "POST",
Action: flow.AppendFlowTo(urlx.AppendPaths(s.deps.Config().SelfPublicURL(r.Context()), recovery.RouteSubmitFlow), f.ID).String(),
Action: flow.AppendFlowTo(urlx.AppendPaths(s.deps.Config().SelfPublicURL(ctx), recovery.RouteSubmitFlow), f.ID).String(),
}

f.UI.SetCSRF(s.deps.GenerateCSRFToken(r))
Expand All @@ -420,7 +420,7 @@ func (s *Strategy) recoveryHandleFormSubmission(w http.ResponseWriter, r *http.R
f.UI.Nodes.Append(node.NewInputField("email", body.Email, node.CodeGroup, node.InputAttributeTypeSubmit).
WithMetaLabel(text.NewInfoNodeResendOTP()),
)
if err := s.deps.RecoveryFlowPersister().UpdateRecoveryFlow(r.Context(), f); err != nil {
if err := s.deps.RecoveryFlowPersister().UpdateRecoveryFlow(ctx, f); err != nil {
return s.HandleRecoveryError(w, r, f, body, err)
}

Expand Down
21 changes: 10 additions & 11 deletions selfservice/strategy/oidc/strategy.go
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,7 @@ func (s *Strategy) validateFlow(ctx context.Context, r *http.Request, rid uuid.U
return ar, err // this must return the error
}

func (s *Strategy) ValidateCallback(w http.ResponseWriter, r *http.Request) (f contextFlow, providerID string, ac *AuthCodeContainer, err error) {
func (s *Strategy) ValidateCallback(w http.ResponseWriter, r *http.Request, urlParams httprouter.Params) (f contextFlow, providerID string, ac *AuthCodeContainer, err error) {
var (
codeParam = stringsx.Coalesce(r.URL.Query().Get("code"), r.URL.Query().Get("authCode"))
stateParam = r.URL.Query().Get("state")
Expand All @@ -268,7 +268,6 @@ func (s *Strategy) ValidateCallback(w http.ResponseWriter, r *http.Request) (f c

// Determine the provider from the flow context or the URL.
providerID = providerFromFlow(f)
urlParams, _ := r.Context().Value(httprouter.ParamsKey).(httprouter.Params)
if providerFromURL := urlParams.ByName("provider"); providerFromURL != "" {
// We're serving an old-style OIDC callback URL with provider in the URL.
if providerID == "" {
Expand Down Expand Up @@ -372,7 +371,7 @@ func (s *Strategy) HandleCallback(w http.ResponseWriter, r *http.Request, ps htt
defer otelx.End(span, &err)
r = r.WithContext(ctx)

f, pid, cntnr, err := s.ValidateCallback(w, r)
f, pid, cntnr, err := s.ValidateCallback(w, r, ps)
if err != nil {
if f != nil {
s.forwardError(w, r, f, s.handleError(ctx, w, r, f, pid, nil, err))
Expand Down Expand Up @@ -578,28 +577,28 @@ func (s *Strategy) handleError(ctx context.Context, w http.ResponseWriter, r *ht
rf.UI.Messages.Add(text.NewErrorValidationDuplicateCredentialsOnOIDCLink())
}

lf, err := s.registrationToLogin(w, r, rf, usedProviderID)
lf, err := s.registrationToLogin(w, r, rf)
if err != nil {
return err
}
// return a new login flow with the error message embedded in the login flow.
var redirectURL *url.URL
if lf.Type == flow.TypeAPI {
returnTo := s.d.Config().SelfServiceBrowserDefaultReturnTo(r.Context())
returnTo := s.d.Config().SelfServiceBrowserDefaultReturnTo(ctx)
if redirecter, ok := f.(flow.FlowWithRedirect); ok {
secureReturnTo, err := x.SecureRedirectTo(r, returnTo, redirecter.SecureRedirectToOpts(r.Context(), s.d)...)
secureReturnTo, err := x.SecureRedirectTo(r, returnTo, redirecter.SecureRedirectToOpts(ctx, s.d)...)
if err == nil {
returnTo = secureReturnTo
}
}
redirectURL = lf.AppendTo(returnTo)
} else {
redirectURL = lf.AppendTo(s.d.Config().SelfServiceFlowLoginUI(r.Context()))
redirectURL = lf.AppendTo(s.d.Config().SelfServiceFlowLoginUI(ctx))
}
if dc, err := flow.DuplicateCredentials(lf); err == nil && dc != nil {
redirectURL = urlx.CopyWithQuery(redirectURL, url.Values{"no_org_ui": {"true"}})
s.populateAccountLinkingUI(r.Context(), lf, usedProviderID, dc.DuplicateIdentifier, dup.AvailableCredentials())
if err := s.d.LoginFlowPersister().UpdateLoginFlow(r.Context(), lf); err != nil {
s.populateAccountLinkingUI(ctx, lf, usedProviderID, dc.DuplicateIdentifier, dup.AvailableCredentials())
if err := s.d.LoginFlowPersister().UpdateLoginFlow(ctx, lf); err != nil {
return err
}
}
Expand All @@ -615,12 +614,12 @@ func (s *Strategy) handleError(ctx context.Context, w http.ResponseWriter, r *ht
AddProvider(rf.UI, usedProviderID, text.NewInfoRegistrationContinue())

if traits != nil {
ds, err := s.d.Config().DefaultIdentityTraitsSchemaURL(r.Context())
ds, err := s.d.Config().DefaultIdentityTraitsSchemaURL(ctx)
if err != nil {
return err
}

traitNodes, err := container.NodesFromJSONSchema(r.Context(), node.OpenIDConnectGroup, ds.String(), "", nil)
traitNodes, err := container.NodesFromJSONSchema(ctx, node.OpenIDConnectGroup, ds.String(), "", nil)
if err != nil {
return err
}
Expand Down
1 change: 1 addition & 0 deletions selfservice/strategy/oidc/strategy_registration.go
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,7 @@ func (s *Strategy) registrationToLogin(w http.ResponseWriter, r *http.Request, r
func (s *Strategy) processRegistration(ctx context.Context, w http.ResponseWriter, r *http.Request, rf *registration.Flow, token *identity.CredentialsOIDCEncryptedTokens, claims *Claims, provider Provider, container *AuthCodeContainer, idToken string) (_ *login.Flow, err error) {
ctx, span := s.d.Tracer(ctx).Tracer().Start(ctx, "selfservice.strategy.oidc.strategy.processRegistration")
defer otelx.End(span, &err)
r = r.WithContext(ctx)

if _, _, err := s.d.PrivilegedIdentityPool().FindByCredentialsIdentifier(r.Context(), identity.CredentialsTypeOIDC, identity.OIDCUniqueID(provider.Config().ID, claims.Subject)); err == nil {
// If the identity already exists, we should perform the login flow instead.
Expand Down

0 comments on commit 5195727

Please sign in to comment.