2016-07-25 20:00:28 +00:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
2020-01-15 18:04:48 +00:00
|
|
|
"bytes"
|
2016-08-25 20:10:19 +00:00
|
|
|
"fmt"
|
2017-02-02 18:29:57 +00:00
|
|
|
"html/template"
|
2016-08-25 20:10:19 +00:00
|
|
|
"io"
|
2016-07-25 20:00:28 +00:00
|
|
|
"net/http"
|
2019-09-27 14:04:43 +00:00
|
|
|
"net/url"
|
|
|
|
"path"
|
2016-08-25 20:10:19 +00:00
|
|
|
"path/filepath"
|
|
|
|
"sort"
|
2016-11-30 22:26:54 +00:00
|
|
|
"strings"
|
2016-08-25 20:10:19 +00:00
|
|
|
)
|
2016-07-25 20:00:28 +00:00
|
|
|
|
2016-08-25 20:10:19 +00:00
|
|
|
const (
|
2020-01-28 19:14:30 +00:00
|
|
|
tmplApproval = "approval.html"
|
|
|
|
tmplLogin = "login.html"
|
|
|
|
tmplPassword = "password.html"
|
|
|
|
tmplOOB = "oob.html"
|
|
|
|
tmplError = "error.html"
|
|
|
|
tmplDevice = "device.html"
|
|
|
|
tmplDeviceSuccess = "device_success.html"
|
2020-01-15 18:04:48 +00:00
|
|
|
tmplHeader = "header.html"
|
|
|
|
tmplFooter = "footer.html"
|
2016-07-25 20:00:28 +00:00
|
|
|
)
|
|
|
|
|
2016-11-30 22:26:54 +00:00
|
|
|
type templates struct {
|
2020-01-28 19:14:30 +00:00
|
|
|
loginTmpl *template.Template
|
|
|
|
approvalTmpl *template.Template
|
|
|
|
passwordTmpl *template.Template
|
|
|
|
oobTmpl *template.Template
|
|
|
|
errorTmpl *template.Template
|
|
|
|
deviceTmpl *template.Template
|
|
|
|
deviceSuccessTmpl *template.Template
|
2016-11-30 22:26:54 +00:00
|
|
|
}
|
2016-08-25 20:10:19 +00:00
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
// loadTemplates parses the expected templates from the provided directory.
|
|
|
|
func loadTemplates(c WebConfig, issuerPath string) (*templates, error) {
|
2020-12-22 07:07:28 +00:00
|
|
|
// fallback to the default theme if the legacy theme name is provided
|
2020-01-15 18:04:48 +00:00
|
|
|
if c.Theme == "coreos" || c.Theme == "tectonic" {
|
|
|
|
c.Theme = ""
|
2016-11-30 22:26:54 +00:00
|
|
|
}
|
2020-01-15 18:04:48 +00:00
|
|
|
if c.Theme == "" {
|
|
|
|
c.Theme = "light"
|
2016-11-30 22:26:54 +00:00
|
|
|
}
|
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
if c.Issuer == "" {
|
|
|
|
c.Issuer = "dex"
|
2016-11-30 22:26:54 +00:00
|
|
|
}
|
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
if c.LogoURL == "" {
|
|
|
|
c.LogoURL = "theme/logo.png"
|
|
|
|
}
|
2016-11-30 22:26:54 +00:00
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
funcs := template.FuncMap{
|
|
|
|
"issuer": func() string { return c.Issuer },
|
|
|
|
"logo": func() string { return c.LogoURL },
|
|
|
|
"url": func(reqPath, assetPath string) string { return relativeURL(issuerPath, reqPath, assetPath) },
|
|
|
|
"theme": func(reqPath, assetPath string) string {
|
|
|
|
return relativeURL(issuerPath, reqPath, path.Join("themes", c.Theme, assetPath))
|
|
|
|
},
|
|
|
|
"lower": strings.ToLower,
|
|
|
|
"extra": func(k string) string { return c.Extra[k] },
|
2016-11-30 22:26:54 +00:00
|
|
|
}
|
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
group := template.New("")
|
2016-11-30 22:26:54 +00:00
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
// load all of our templates individually.
|
|
|
|
// some http.FilSystem implementations don't implement Readdir
|
2016-11-30 22:26:54 +00:00
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
loginTemplate, err := loadTemplate(c.Dir, tmplLogin, funcs, group)
|
2016-11-30 22:26:54 +00:00
|
|
|
if err != nil {
|
2020-01-15 18:04:48 +00:00
|
|
|
return nil, err
|
2016-11-30 22:26:54 +00:00
|
|
|
}
|
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
approvalTemplate, err := loadTemplate(c.Dir, tmplApproval, funcs, group)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2016-11-30 22:26:54 +00:00
|
|
|
}
|
2020-01-15 18:04:48 +00:00
|
|
|
|
|
|
|
passwordTemplate, err := loadTemplate(c.Dir, tmplPassword, funcs, group)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2016-08-25 20:10:19 +00:00
|
|
|
}
|
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
oobTemplate, err := loadTemplate(c.Dir, tmplOOB, funcs, group)
|
2019-09-27 14:04:43 +00:00
|
|
|
if err != nil {
|
2020-01-15 18:04:48 +00:00
|
|
|
return nil, err
|
2019-09-27 14:04:43 +00:00
|
|
|
}
|
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
errorTemplate, err := loadTemplate(c.Dir, tmplError, funcs, group)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2016-11-30 22:26:54 +00:00
|
|
|
}
|
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
deviceTemplate, err := loadTemplate(c.Dir, tmplDevice, funcs, group)
|
2016-11-30 22:26:54 +00:00
|
|
|
if err != nil {
|
2020-01-15 18:04:48 +00:00
|
|
|
return nil, err
|
2016-11-30 22:26:54 +00:00
|
|
|
}
|
2020-01-15 18:04:48 +00:00
|
|
|
|
|
|
|
deviceSuccessTemplate, err := loadTemplate(c.Dir, tmplDeviceSuccess, funcs, group)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2016-08-25 20:10:19 +00:00
|
|
|
}
|
2020-01-15 18:04:48 +00:00
|
|
|
|
|
|
|
_, err = loadTemplate(c.Dir, tmplHeader, funcs, group)
|
|
|
|
if err != nil {
|
|
|
|
// we don't actually care if this template exists
|
2016-08-25 20:10:19 +00:00
|
|
|
}
|
2020-01-15 18:04:48 +00:00
|
|
|
|
|
|
|
_, err = loadTemplate(c.Dir, tmplFooter, funcs, group)
|
|
|
|
if err != nil {
|
|
|
|
// we don't actually care if this template exists
|
|
|
|
}
|
|
|
|
|
2016-08-25 20:10:19 +00:00
|
|
|
return &templates{
|
2020-01-15 18:04:48 +00:00
|
|
|
loginTmpl: loginTemplate,
|
|
|
|
approvalTmpl: approvalTemplate,
|
|
|
|
passwordTmpl: passwordTemplate,
|
|
|
|
oobTmpl: oobTemplate,
|
|
|
|
errorTmpl: errorTemplate,
|
|
|
|
deviceTmpl: deviceTemplate,
|
|
|
|
deviceSuccessTmpl: deviceSuccessTemplate,
|
2016-08-25 20:10:19 +00:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2019-09-27 14:04:43 +00:00
|
|
|
// relativeURL returns the URL of the asset relative to the URL of the request path.
|
|
|
|
// The serverPath is consulted to trim any prefix due in case it is not listening
|
|
|
|
// to the root path.
|
|
|
|
//
|
|
|
|
// Algorithm:
|
|
|
|
// 1. Remove common prefix of serverPath and reqPath
|
|
|
|
// 2. Remove common prefix of assetPath and reqPath
|
|
|
|
// 3. For each part of reqPath remaining(minus one), go up one level (..)
|
|
|
|
// 4. For each part of assetPath remaining, append it to result
|
|
|
|
//
|
2020-10-17 21:54:27 +00:00
|
|
|
// eg
|
|
|
|
// server listens at localhost/dex so serverPath is dex
|
|
|
|
// reqPath is /dex/auth
|
|
|
|
// assetPath is static/main.css
|
|
|
|
// relativeURL("/dex", "/dex/auth", "static/main.css") = "../static/main.css"
|
2019-09-27 14:04:43 +00:00
|
|
|
func relativeURL(serverPath, reqPath, assetPath string) string {
|
2020-04-16 20:43:31 +00:00
|
|
|
if u, err := url.ParseRequestURI(assetPath); err == nil && u.Scheme != "" {
|
|
|
|
// assetPath points to the external URL, no changes needed
|
|
|
|
return assetPath
|
|
|
|
}
|
|
|
|
|
2019-09-27 14:04:43 +00:00
|
|
|
splitPath := func(p string) []string {
|
|
|
|
res := []string{}
|
|
|
|
parts := strings.Split(path.Clean(p), "/")
|
|
|
|
for _, part := range parts {
|
|
|
|
if part != "" {
|
|
|
|
res = append(res, part)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return res
|
|
|
|
}
|
|
|
|
|
|
|
|
stripCommonParts := func(s1, s2 []string) ([]string, []string) {
|
|
|
|
min := len(s1)
|
|
|
|
if len(s2) < min {
|
|
|
|
min = len(s2)
|
|
|
|
}
|
|
|
|
|
|
|
|
splitIndex := min
|
|
|
|
for i := 0; i < min; i++ {
|
|
|
|
if s1[i] != s2[i] {
|
|
|
|
splitIndex = i
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return s1[splitIndex:], s2[splitIndex:]
|
|
|
|
}
|
|
|
|
|
|
|
|
server, req, asset := splitPath(serverPath), splitPath(reqPath), splitPath(assetPath)
|
|
|
|
|
|
|
|
// Remove common prefix of request path with server path
|
2020-10-17 21:02:29 +00:00
|
|
|
_, req = stripCommonParts(server, req)
|
2019-09-27 14:04:43 +00:00
|
|
|
|
|
|
|
// Remove common prefix of request path with asset path
|
|
|
|
asset, req = stripCommonParts(asset, req)
|
|
|
|
|
|
|
|
// For each part of the request remaining (minus one) -> go up one level (..)
|
|
|
|
// For each part of the asset remaining -> append it
|
|
|
|
var relativeURL string
|
|
|
|
for i := 0; i < len(req)-1; i++ {
|
|
|
|
relativeURL = path.Join("..", relativeURL)
|
|
|
|
}
|
|
|
|
relativeURL = path.Join(relativeURL, path.Join(asset...))
|
|
|
|
|
|
|
|
return relativeURL
|
|
|
|
}
|
|
|
|
|
2020-01-15 18:04:48 +00:00
|
|
|
// load a template by name from the templates dir
|
|
|
|
func loadTemplate(dir http.FileSystem, name string, funcs template.FuncMap, group *template.Template) (*template.Template, error) {
|
|
|
|
file, err := dir.Open(filepath.Join("templates", name))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
defer file.Close()
|
|
|
|
|
|
|
|
var buffer bytes.Buffer
|
|
|
|
buffer.ReadFrom(file)
|
|
|
|
contents := buffer.String()
|
|
|
|
|
|
|
|
return group.New(name).Funcs(funcs).Parse(contents)
|
|
|
|
}
|
|
|
|
|
2016-08-25 20:10:19 +00:00
|
|
|
var scopeDescriptions = map[string]string{
|
|
|
|
"offline_access": "Have offline access",
|
|
|
|
"profile": "View basic profile information",
|
2017-12-17 17:08:19 +00:00
|
|
|
"email": "View your email address",
|
2016-08-25 20:10:19 +00:00
|
|
|
}
|
|
|
|
|
2016-07-25 20:00:28 +00:00
|
|
|
type connectorInfo struct {
|
2016-08-25 20:10:19 +00:00
|
|
|
ID string
|
|
|
|
Name string
|
|
|
|
URL string
|
2019-10-29 23:33:52 +00:00
|
|
|
Type string
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|
|
|
|
|
2016-08-25 20:10:19 +00:00
|
|
|
type byName []connectorInfo
|
|
|
|
|
|
|
|
func (n byName) Len() int { return len(n) }
|
|
|
|
func (n byName) Less(i, j int) bool { return n[i].Name < n[j].Name }
|
|
|
|
func (n byName) Swap(i, j int) { n[i], n[j] = n[j], n[i] }
|
|
|
|
|
2020-01-28 19:14:30 +00:00
|
|
|
func (t *templates) device(r *http.Request, w http.ResponseWriter, postURL string, userCode string, lastWasInvalid bool) error {
|
2020-02-04 15:07:18 +00:00
|
|
|
if lastWasInvalid {
|
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
|
|
}
|
2020-01-28 19:14:30 +00:00
|
|
|
data := struct {
|
|
|
|
PostURL string
|
|
|
|
UserCode string
|
|
|
|
Invalid bool
|
|
|
|
ReqPath string
|
|
|
|
}{postURL, userCode, lastWasInvalid, r.URL.Path}
|
|
|
|
return renderTemplate(w, t.deviceTmpl, data)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (t *templates) deviceSuccess(r *http.Request, w http.ResponseWriter, clientName string) error {
|
|
|
|
data := struct {
|
|
|
|
ClientName string
|
|
|
|
ReqPath string
|
|
|
|
}{clientName, r.URL.Path}
|
|
|
|
return renderTemplate(w, t.deviceSuccessTmpl, data)
|
|
|
|
}
|
|
|
|
|
2020-10-17 21:02:29 +00:00
|
|
|
func (t *templates) login(r *http.Request, w http.ResponseWriter, connectors []connectorInfo) error {
|
2016-08-25 20:10:19 +00:00
|
|
|
sort.Sort(byName(connectors))
|
2016-07-25 20:00:28 +00:00
|
|
|
data := struct {
|
|
|
|
Connectors []connectorInfo
|
2019-09-27 14:04:43 +00:00
|
|
|
ReqPath string
|
|
|
|
}{connectors, r.URL.Path}
|
2016-12-12 22:54:01 +00:00
|
|
|
return renderTemplate(w, t.loginTmpl, data)
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|
|
|
|
|
2020-10-17 21:02:29 +00:00
|
|
|
func (t *templates) password(r *http.Request, w http.ResponseWriter, postURL, lastUsername, usernamePrompt string, lastWasInvalid, showBacklink bool) error {
|
2016-07-25 20:00:28 +00:00
|
|
|
data := struct {
|
2017-11-07 09:28:21 +00:00
|
|
|
PostURL string
|
2017-11-09 15:20:20 +00:00
|
|
|
BackLink bool
|
2017-11-07 09:28:21 +00:00
|
|
|
Username string
|
|
|
|
UsernamePrompt string
|
|
|
|
Invalid bool
|
2019-09-27 14:04:43 +00:00
|
|
|
ReqPath string
|
|
|
|
}{postURL, showBacklink, lastUsername, usernamePrompt, lastWasInvalid, r.URL.Path}
|
2016-12-12 22:54:01 +00:00
|
|
|
return renderTemplate(w, t.passwordTmpl, data)
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|
|
|
|
|
2020-10-17 21:02:29 +00:00
|
|
|
func (t *templates) approval(r *http.Request, w http.ResponseWriter, authReqID, username, clientName string, scopes []string) error {
|
2016-08-25 20:10:19 +00:00
|
|
|
accesses := []string{}
|
|
|
|
for _, scope := range scopes {
|
|
|
|
access, ok := scopeDescriptions[scope]
|
|
|
|
if ok {
|
|
|
|
accesses = append(accesses, access)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
sort.Strings(accesses)
|
2016-07-25 20:00:28 +00:00
|
|
|
data := struct {
|
2016-10-27 17:20:30 +00:00
|
|
|
User string
|
|
|
|
Client string
|
|
|
|
AuthReqID string
|
|
|
|
Scopes []string
|
2019-09-27 14:04:43 +00:00
|
|
|
ReqPath string
|
|
|
|
}{username, clientName, authReqID, accesses, r.URL.Path}
|
2016-12-12 22:54:01 +00:00
|
|
|
return renderTemplate(w, t.approvalTmpl, data)
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|
|
|
|
|
2020-10-17 21:02:29 +00:00
|
|
|
func (t *templates) oob(r *http.Request, w http.ResponseWriter, code string) error {
|
2016-10-19 19:45:17 +00:00
|
|
|
data := struct {
|
2019-09-27 14:04:43 +00:00
|
|
|
Code string
|
|
|
|
ReqPath string
|
|
|
|
}{code, r.URL.Path}
|
2016-12-12 22:54:01 +00:00
|
|
|
return renderTemplate(w, t.oobTmpl, data)
|
2016-10-19 19:45:17 +00:00
|
|
|
}
|
|
|
|
|
2019-09-27 14:04:43 +00:00
|
|
|
func (t *templates) err(r *http.Request, w http.ResponseWriter, errCode int, errMsg string) error {
|
2017-12-01 05:23:45 +00:00
|
|
|
w.WriteHeader(errCode)
|
2016-12-14 22:17:59 +00:00
|
|
|
data := struct {
|
|
|
|
ErrType string
|
|
|
|
ErrMsg string
|
2019-09-27 14:04:43 +00:00
|
|
|
ReqPath string
|
|
|
|
}{http.StatusText(errCode), errMsg, r.URL.Path}
|
2017-12-01 05:23:45 +00:00
|
|
|
if err := t.errorTmpl.Execute(w, data); err != nil {
|
2020-10-17 21:02:29 +00:00
|
|
|
return fmt.Errorf("rendering template %s failed: %s", t.errorTmpl.Name(), err)
|
2017-12-01 05:23:45 +00:00
|
|
|
}
|
|
|
|
return nil
|
2016-12-14 22:17:59 +00:00
|
|
|
}
|
|
|
|
|
2016-12-13 20:23:16 +00:00
|
|
|
// small io.Writer utility to determine if executing the template wrote to the underlying response writer.
|
2016-08-25 20:10:19 +00:00
|
|
|
type writeRecorder struct {
|
|
|
|
wrote bool
|
|
|
|
w io.Writer
|
|
|
|
}
|
|
|
|
|
|
|
|
func (w *writeRecorder) Write(p []byte) (n int, err error) {
|
|
|
|
w.wrote = true
|
|
|
|
return w.w.Write(p)
|
|
|
|
}
|
2016-07-25 20:00:28 +00:00
|
|
|
|
2016-12-12 22:54:01 +00:00
|
|
|
func renderTemplate(w http.ResponseWriter, tmpl *template.Template, data interface{}) error {
|
2016-08-25 20:10:19 +00:00
|
|
|
wr := &writeRecorder{w: w}
|
|
|
|
if err := tmpl.Execute(wr, data); err != nil {
|
|
|
|
if !wr.wrote {
|
|
|
|
// TODO(ericchiang): replace with better internal server error.
|
|
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
|
|
}
|
2020-10-17 21:02:29 +00:00
|
|
|
return fmt.Errorf("rendering template %s failed: %s", tmpl.Name(), err)
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|
2016-12-12 22:54:01 +00:00
|
|
|
return nil
|
2016-07-25 20:00:28 +00:00
|
|
|
}
|