handlers/connector_login: update AuthRequest irregardless of method

Before, you could not POST your credentials to a password-connector's
endpoint without GETing that endpoint first. While this makes sense for
browser clients; automated interactions with Dex don't need to look at
the password form to fill it in.

A symptom of that missing GET was that the POST succeeded (!) with

    login successful: connector "", username="admin", email="admin@example.com", groups=[]

Note the connector "". A subsequent call to finalizeLogin would then
fail with

    connector with ID "" not found: failed to get connector object from storage: not found

Now, the connector ID of an auth request will be updated for both GETs
and POSTs.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
This commit is contained in:
Stephan Renatus 2017-12-08 11:49:47 +01:00
parent 5172a46171
commit f18d7afc6f

View File

@ -222,11 +222,7 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
} }
return return
} }
scopes := parseScopes(authReq.Scopes)
showBacklink := len(s.connectors) > 1
switch r.Method {
case "GET":
// Set the connector being used for the login. // Set the connector being used for the login.
updater := func(a storage.AuthRequest) (storage.AuthRequest, error) { updater := func(a storage.AuthRequest) (storage.AuthRequest, error) {
a.ConnectorID = connID a.ConnectorID = connID
@ -238,6 +234,11 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
return return
} }
scopes := parseScopes(authReq.Scopes)
showBacklink := len(s.connectors) > 1
switch r.Method {
case "GET":
switch conn := conn.Connector.(type) { switch conn := conn.Connector.(type) {
case connector.CallbackConnector: case connector.CallbackConnector:
// Use the auth request ID as the "state" token. // Use the auth request ID as the "state" token.