From f18d7afc6fad3686ae065adffc718a6273dde07f Mon Sep 17 00:00:00 2001 From: Stephan Renatus Date: Fri, 8 Dec 2017 11:49:47 +0100 Subject: [PATCH 1/2] handlers/connector_login: update AuthRequest irregardless of method Before, you could not POST your credentials to a password-connector's endpoint without GETing that endpoint first. While this makes sense for browser clients; automated interactions with Dex don't need to look at the password form to fill it in. A symptom of that missing GET was that the POST succeeded (!) with login successful: connector "", username="admin", email="admin@example.com", groups=[] Note the connector "". A subsequent call to finalizeLogin would then fail with connector with ID "" not found: failed to get connector object from storage: not found Now, the connector ID of an auth request will be updated for both GETs and POSTs. Signed-off-by: Stephan Renatus --- server/handlers.go | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/server/handlers.go b/server/handlers.go index 926b4000..d36c55bc 100644 --- a/server/handlers.go +++ b/server/handlers.go @@ -222,22 +222,23 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) { } return } + + // Set the connector being used for the login. + updater := func(a storage.AuthRequest) (storage.AuthRequest, error) { + a.ConnectorID = connID + return a, nil + } + if err := s.storage.UpdateAuthRequest(authReqID, updater); err != nil { + s.logger.Errorf("Failed to set connector ID on auth request: %v", err) + s.renderError(w, http.StatusInternalServerError, "Database error.") + return + } + scopes := parseScopes(authReq.Scopes) showBacklink := len(s.connectors) > 1 switch r.Method { case "GET": - // Set the connector being used for the login. - updater := func(a storage.AuthRequest) (storage.AuthRequest, error) { - a.ConnectorID = connID - return a, nil - } - if err := s.storage.UpdateAuthRequest(authReqID, updater); err != nil { - s.logger.Errorf("Failed to set connector ID on auth request: %v", err) - s.renderError(w, http.StatusInternalServerError, "Database error.") - return - } - switch conn := conn.Connector.(type) { case connector.CallbackConnector: // Use the auth request ID as the "state" token. From f013a44581472c2361083eadbd8b4cc046028fa1 Mon Sep 17 00:00:00 2001 From: Stephan Renatus Date: Mon, 11 Dec 2017 08:25:25 +0100 Subject: [PATCH 2/2] handlers/connector_login: check before update (optimization) Signed-off-by: Stephan Renatus --- server/handlers.go | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/server/handlers.go b/server/handlers.go index d36c55bc..430253c3 100644 --- a/server/handlers.go +++ b/server/handlers.go @@ -224,14 +224,16 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) { } // Set the connector being used for the login. - updater := func(a storage.AuthRequest) (storage.AuthRequest, error) { - a.ConnectorID = connID - return a, nil - } - if err := s.storage.UpdateAuthRequest(authReqID, updater); err != nil { - s.logger.Errorf("Failed to set connector ID on auth request: %v", err) - s.renderError(w, http.StatusInternalServerError, "Database error.") - return + if authReq.ConnectorID != connID { + updater := func(a storage.AuthRequest) (storage.AuthRequest, error) { + a.ConnectorID = connID + return a, nil + } + if err := s.storage.UpdateAuthRequest(authReqID, updater); err != nil { + s.logger.Errorf("Failed to set connector ID on auth request: %v", err) + s.renderError(w, http.StatusInternalServerError, "Database error.") + return + } } scopes := parseScopes(authReq.Scopes)