ec1f89217a
Full Mattermost server source with integrated Community Enterprise features. Includes vendor directory for offline/air-gapped builds. Structure: - enterprise-impl/: Enterprise feature implementations - enterprise-community/: Init files that register implementations - enterprise/: Bridge imports (community_imports.go) - vendor/: All dependencies for offline builds Build (online): go build ./cmd/mattermost Build (offline/air-gapped): go build -mod=vendor ./cmd/mattermost 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
106 lines
2.8 KiB
Go
106 lines
2.8 KiB
Go
// Copyright (c) 2019-present Mattermost, Inc. All Rights Reserved.
|
|
// See License for license information.
|
|
|
|
package oauther
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
func (o *oAuther) oauth2Complete(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodGet {
|
|
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
authedUserID := r.Header.Get("Mattermost-User-ID")
|
|
if authedUserID == "" {
|
|
o.logger.Debugf("oauth2Complete: reached by non authed user")
|
|
http.Error(w, "Not authorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
code := r.URL.Query().Get("code")
|
|
if code == "" {
|
|
o.logger.Debugf("oauth2Complete: reached with no code")
|
|
http.Error(w, "Bad request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
state := r.URL.Query().Get("state")
|
|
|
|
var storedState string
|
|
err := o.store.Get(o.getStateKey(authedUserID), &storedState)
|
|
if err != nil {
|
|
o.logger.Warnf("oauth2Complete: cannot get state, err=%s", err.Error())
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
if storedState != state {
|
|
o.logger.Debugf("oauth2Complete: state mismatch")
|
|
o.logger.Debugf("received state '%s'; expected state '%s%", state, storedState)
|
|
http.Error(w, "Not authorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
userID := strings.Split(state, "_")[1]
|
|
if userID != authedUserID {
|
|
o.logger.Debugf("oauth2Complete: authed user mismatch")
|
|
http.Error(w, "Not authorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
ctx := context.Background()
|
|
token, err := o.config.Exchange(ctx, code)
|
|
if err != nil {
|
|
o.logger.Warnf("oauth2Complete: could not generate token, err=%s", err.Error())
|
|
http.Error(w, "Not authorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
var payload []byte
|
|
err = o.store.Get(o.getPayloadKey(userID), &payload)
|
|
if err != nil {
|
|
o.logger.Errorf("oauth2Complete: could not fetch payload, err=&s", err.Error())
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
ok, err := o.store.Set(o.getTokenKey(userID), token)
|
|
if err != nil {
|
|
o.logger.Errorf("oauth2Complete: cannot store the token, err=%s", err.Error())
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
if !ok {
|
|
o.logger.Errorf("oauth2Complete: cannot store token without error")
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
html := fmt.Sprintf(`
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<script>
|
|
window.close();
|
|
</script>
|
|
</head>
|
|
<body>
|
|
<p>%s</p>
|
|
</body>
|
|
</html>
|
|
`, o.connectedString)
|
|
|
|
w.Header().Set("Content-Type", "text/html")
|
|
_, err = w.Write([]byte(html))
|
|
if err != nil {
|
|
o.logger.Errorf("oauth2Complete: error writing response, err=%s", err.Error())
|
|
}
|
|
|
|
if o.onConnect != nil {
|
|
o.onConnect(userID, *token, payload)
|
|
}
|
|
}
|