improve basic auth experience

Author: alan-nettica

api/v1/auth/auth.go

@@ -68,6 +68,7 @@ func oauth2URL(c *gin.Context) {
 		redirect_uri = os.Getenv("OAUTH2_AGENT_REDIRECT_URL")
 
 		cacheDb.Set(clientId, state, 1*time.Hour)
+		cacheDb.Set(state, state, 1*time.Hour)
 	} else {
 
 		state, err = util.GenerateRandomString(32)
@@ -89,6 +90,7 @@ func oauth2URL(c *gin.Context) {
 		}
 		// save clientId and state so we can retrieve for verification
 		cacheDb.Set(clientId, state, 1*time.Hour)
+		cacheDb.Set(state, state, 1*time.Hour)
 		codeUrl = oauth2Client.CodeUrl(state)
 		if referer != "" {
 			codeUrl = codeUrl + "&referer=" + referer
@@ -136,6 +138,10 @@ func oauth2Exchange(c *gin.Context) {
 	cacheDb := c.MustGet("cache").(*cache.Cache)
 	savedState, exists := cacheDb.Get(loginVals.ClientId)
 
+	if !exists {
+		savedState, exists = cacheDb.Get(loginVals.State)
+	}
+
 	if loginVals.State != "basic_auth" {
 		if !exists || savedState != loginVals.State {
 			log.WithFields(log.Fields{
@@ -198,6 +204,10 @@ func token(c *gin.Context) {
 	cacheDb := c.MustGet("cache").(*cache.Cache)
 	savedState, exists := cacheDb.Get(loginVals.Code)
 
+	if !exists {
+		savedState, exists = cacheDb.Get(loginVals.State)
+	}
+
 	if !exists || savedState != loginVals.State {
 		log.WithFields(log.Fields{
 			"state":      loginVals.State,
@@ -259,6 +269,10 @@ func login(c *gin.Context) {
 	cacheDb := c.MustGet("cache").(*cache.Cache)
 	savedState, exists := cacheDb.Get(loginVals.ClientId)
 
+	if !exists {
+		savedState, exists = cacheDb.Get(loginVals.State)
+	}
+
 	if loginVals.State != "basic_auth" {
 		if !exists || savedState != loginVals.State {
 			log.WithFields(log.Fields{
@@ -296,13 +310,18 @@ func login(c *gin.Context) {
 	user := parts[0]
 	pass := parts[1]
 
+	x := strings.Split(user, "@")
+	if len(x) > 0 {
+		user = x[0]
+	}
+
 	// validate the username and password
 	err = shadow.ShadowAuthPlain(user, pass)
 	if err != nil {
 		log.WithFields(log.Fields{
 			"err": err,
-		}).Error("shadow: invalid username or password")
-		c.AbortWithStatus(http.StatusBadRequest)
+		}).Error("invalid username or password")
+		c.JSON(http.StatusForbidden, gin.H{"error": "invalid username or password"})
 		return
 	}
 
@@ -440,7 +459,7 @@ func logout(c *gin.Context) {
 		return
 	}
 
-	cacheDb.Delete(c.Request.Header.Get(util.AuthTokenHeaderName))
+	cacheDb.Delete(util.GetCleanAuthToken(c))
 
 	var logoutUrl string
 

auth/basic/basic.go

@@ -93,6 +93,29 @@ func (o *Oauth2Basic) Exchange2(code string) (*oauth2.Token, error) {
 	return token, err
 }
 
+func getServerName() string {
+	// compute the name of the server
+	server := os.Getenv("SERVER")
+	server = strings.Replace(server, "http://", "", -1)
+	server = strings.Replace(server, "https://", "", -1)
+	parts := strings.SplitN(server, ".", 2)
+	if len(parts) == 2 {
+		server = parts[1]
+	} else {
+		server = parts[0]
+	}
+	parts = strings.SplitN(server, ":", 2)
+	if len(parts) > 0 {
+		server = parts[0]
+	}
+
+	if server == "" {
+		server = "localhost"
+	}
+
+	return server
+}
+
 // UserInfo get token user
 func (o *Oauth2Basic) UserInfo(oauth2Token *oauth2.Token) (*model.User, error) {
 	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
@@ -109,11 +132,18 @@ func (o *Oauth2Basic) UserInfo(oauth2Token *oauth2.Token) (*model.User, error) {
 		return nil, err
 	}
 
+	server := getServerName()
+
+	email := idToken.Subject
+	if !strings.Contains(email, "@") {
+		email = email + "@" + server
+	}
+	email = strings.ToLower(email)
+
 	// get some infos about user
 	user := &model.User{}
 	user.Sub = idToken.Subject
-	user.Email = idToken.Subject + "@localhost"
-	user.Email = strings.ToLower(user.Email)
+	user.Email = email
 	user.Picture = os.Getenv("SERVER") + "/account-circle.png"
 	user.Issuer = idToken.Issuer
 	user.IssuedAt = idToken.IssuedAt

ui/src/store/modules/auth.js

@@ -107,8 +107,9 @@ const actions = {
 
       })
       .catch(err => {
+        console.log("login error", err);
         commit('authStatus', 'error')
-        commit('error', err);
+        commit('error', err.response.data.error);
         commit('logout')
       })
   },

ui/src/views/Login.vue

@@ -17,6 +17,7 @@
                                         label="Username"
                                         :rules="[ v => !!v || 'username is required', ]"
                                         required
+                                        @keyup.enter="login"
                                 />
                                 <v-text-field
                                         v-model="password"
@@ -27,6 +28,7 @@
                                         label="Password"
                                         :rules="[ v => !!v || 'password is required', ]"
                                         required
+                                        @keyup.enter="login"
                                 />
 
                             </v-form>