fraport/fradrive-old
fraport/fradrive-old
Archived
3
1
Fork 0
Code Issues 65 Pull Requests 5 Actions Packages Projects Releases 197 Wiki Activity

chore(oauth2): fix build

Browse Source
This commit is contained in:
Sarah Vaupel 2024-05-17 05:17:39 +02:00
parent c7d21b34c7
commit 15195752d7
2 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/Auth/OAuth2.hs
View File

@ -19,6 +19,7 @@ module Auth.OAuth2
-- import qualified Data.CaseInsensitive as CI -- import qualified Data.CaseInsensitive as CI
import Data.Maybe (fromJust) import Data.Maybe (fromJust)
import qualified Data.Set as Set
import Data.Text import Data.Text
import Import.NoFoundation hiding (pack, unpack) import Import.NoFoundation hiding (pack, unpack)
@ -195,31 +196,31 @@ mkBaseUrls = do
refreshOAuth2Token :: forall m. refreshOAuth2Token :: forall m.
( MonadHandler m ( MonadHandler m
, HasAppSettings (HandlerSite m)
, MonadThrow m , MonadThrow m
) )
=> (Maybe AccessToken, Maybe RefreshToken) => (Maybe AccessToken, Maybe RefreshToken)
-> String -> String
-> Bool -> Bool
-> ExceptT UserDataException m OAuth2Token -> ExceptT UserDataException m OAuth2Token
refreshOAuth2Token (_, rToken) url secure refreshOAuth2Token (_, Nothing) _ _ = throwE $ UserDataInternalException "Could not refresh access token. Refresh token is missing."
| isJust rToken = do refreshOAuth2Token (_, Just rToken) url secure = getsYesod (view $ _appUserAuthConf . _userAuthConfSingleSource) >>= \case
AuthSourceConfAzureAdV2 AzureConf{..} -> do
req <- parseRequest $ "POST " ++ url req <- parseRequest $ "POST " ++ url
let let
body = body =
[ ("grant_type", "refresh_token") [ ("grant_type", "refresh_token")
, ("refresh_token", encodeUtf8 . rtoken $ fromJust rToken) , ("refresh_token", encodeUtf8 $ rtoken rToken)
] ]
body' <- if secure then do body'
clientID <- liftIO $ fromJust <$> lookupEnv "CLIENT_ID" | secure = body ++ [("client_id", fromString $ show azureConfClientId), ("client_secret", fromString $ unpack azureConfClientSecret), scopeParam " " $ Set.toList azureConfScopes]
clientSecret <- liftIO $ fromJust <$> lookupEnv "CLIENT_SECRET" | otherwise = scopeParam " " (Set.toList azureConfScopes) : body
return $ body ++ [("client_id", fromString clientID), ("client_secret", fromString clientSecret), scopeParam " " ["openid","profile"," offline_access"]] -- TODO read from config $logInfoS "\27[31mAdmin Handler\27[0m" $ tshow (requestBody $ urlEncodedBody body' req{ secure = secure })
else return $ scopeParam " " ["openid","profile","offline_access"] : body -- TODO read from config
$logDebugS "\27[31mAdmin Handler\27[0m" $ tshow (requestBody $ urlEncodedBody body' req{ secure = secure })
eResult <- lift $ getResponseBody <$> httpJSONEither @m @OAuth2Token (urlEncodedBody body' req{ secure = secure }) eResult <- lift $ getResponseBody <$> httpJSONEither @m @OAuth2Token (urlEncodedBody body' req{ secure = secure })
case eResult of case eResult of
Left x -> throwE $ UserDataJSONException x Left x -> throwE $ UserDataJSONException x
Right x -> return x Right x -> return x
| otherwise = throwE $ UserDataInternalException "Could not refresh access token. Refresh token is missing." _other -> throwE $ UserDataInternalException "Could not refresh access token. Invalid/Conflicting auth source configuration."
instance Show RequestBody where instance Show RequestBody where
show (RequestBodyLBS x) = show x show (RequestBodyLBS x) = show x

2
src/Foundation/Instances.hs
View File

@ -144,7 +144,7 @@ instance YesodAuth UniWorX where
let azurePlugins = P.filter ((`elem` [apAzureMock, apAzure]) . apName) plugins let azurePlugins = P.filter ((`elem` [apAzureMock, apAzure]) . apName) plugins
in if in if
| (plugin:_) <- azurePlugins | (plugin:_) <- azurePlugins
, PluginR _ p <- oauth2Url (apName plugin) -> do , PluginR _ pieces <- oauth2Url (apName plugin) -> do
$logInfoS "SSO" "Azure plugin with plugin url as expected. Calling apDispatch..." $logInfoS "SSO" "Azure plugin with plugin url as expected. Calling apDispatch..."
void $ apDispatch plugin "GET" pieces void $ apDispatch plugin "GET" pieces
| not (null azurePlugins) -> do | not (null azurePlugins) -> do