mirror of
https://github.com/freckle/yesod-auth-oauth2.git
synced 2026-04-26 20:57:48 +02:00
silky
patrick brisbin
parent
6c16a7458d
commit
7354c36e13
@ -24,6 +24,7 @@ import Control.Applicative ((<$>))
|
|||||||
|
|
||||||
import Control.Exception.Lifted
|
import Control.Exception.Lifted
|
||||||
import Control.Monad.IO.Class
|
import Control.Monad.IO.Class
|
||||||
|
import Control.Monad (unless)
|
||||||
import Data.ByteString (ByteString)
|
import Data.ByteString (ByteString)
|
||||||
import Data.Monoid ((<>))
|
import Data.Monoid ((<>))
|
||||||
import Data.Text (Text, pack)
|
import Data.Text (Text, pack)
|
||||||
@ -35,7 +36,6 @@ import Network.OAuth.OAuth2
|
|||||||
import System.Random
|
import System.Random
|
||||||
import Yesod.Auth
|
import Yesod.Auth
|
||||||
import Yesod.Core
|
import Yesod.Core
|
||||||
import Yesod.Form
|
|
||||||
|
|
||||||
import qualified Data.ByteString.Lazy as BL
|
import qualified Data.ByteString.Lazy as BL
|
||||||
import qualified Data.ByteString.Char8 as C8
|
import qualified Data.ByteString.Char8 as C8
|
||||||
@ -98,22 +98,23 @@ authOAuth2Widget widget name oauth getCreds = AuthPlugin name dispatch login
|
|||||||
lift $ redirect authUrl
|
lift $ redirect authUrl
|
||||||
|
|
||||||
dispatch "GET" ["callback"] = do
|
dispatch "GET" ["callback"] = do
|
||||||
newToken <- lookupGetParam "state"
|
csrfToken <- requireGetParam "state"
|
||||||
oldToken <- lookupSession tokenSessionKey
|
oldToken <- lookupSession tokenSessionKey
|
||||||
deleteSession tokenSessionKey
|
deleteSession tokenSessionKey
|
||||||
case newToken of
|
unless (oldToken == Just csrfToken) $ permissionDenied "Invalid OAuth2 state token"
|
||||||
Just csrfToken | newToken == oldToken -> do
|
code <- requireGetParam "code"
|
||||||
code <- lift $ runInputGet $ ireq textField "code"
|
oauth' <- withCallback csrfToken
|
||||||
oauth' <- withCallback csrfToken
|
master <- lift getYesod
|
||||||
master <- lift getYesod
|
result <- liftIO $ fetchAccessToken (authHttpManager master) oauth' (encodeUtf8 code)
|
||||||
result <- liftIO $ fetchAccessToken (authHttpManager master) oauth' (encodeUtf8 code)
|
case result of
|
||||||
case result of
|
Left _ -> permissionDenied "Unable to retreive OAuth2 token"
|
||||||
Left _ -> permissionDenied "Unable to retreive OAuth2 token"
|
Right token -> do
|
||||||
Right token -> do
|
creds <- liftIO $ getCreds (authHttpManager master) token
|
||||||
creds <- liftIO $ getCreds (authHttpManager master) token
|
lift $ setCredsRedirect creds
|
||||||
lift $ setCredsRedirect creds
|
where
|
||||||
_ ->
|
requireGetParam key = do
|
||||||
permissionDenied "Invalid OAuth2 state token"
|
m <- lookupGetParam key
|
||||||
|
maybe (permissionDenied $ "'" <> key <> "' parameter not provided") return m
|
||||||
|
|
||||||
dispatch _ _ = notFound
|
dispatch _ _ = notFound
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user