forked from mystiq/dex
handlers/connector_login: update AuthRequest irregardless of method
Before, you could not POST your credentials to a password-connector's endpoint without GETing that endpoint first. While this makes sense for browser clients; automated interactions with Dex don't need to look at the password form to fill it in. A symptom of that missing GET was that the POST succeeded (!) with login successful: connector "", username="admin", email="admin@example.com", groups=[] Note the connector "". A subsequent call to finalizeLogin would then fail with connector with ID "" not found: failed to get connector object from storage: not found Now, the connector ID of an auth request will be updated for both GETs and POSTs. Signed-off-by: Stephan Renatus <srenatus@chef.io>
This commit is contained in:
parent
5172a46171
commit
f18d7afc6f
1 changed files with 12 additions and 11 deletions
|
@ -222,11 +222,7 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
return
|
||||
}
|
||||
scopes := parseScopes(authReq.Scopes)
|
||||
showBacklink := len(s.connectors) > 1
|
||||
|
||||
switch r.Method {
|
||||
case "GET":
|
||||
// Set the connector being used for the login.
|
||||
updater := func(a storage.AuthRequest) (storage.AuthRequest, error) {
|
||||
a.ConnectorID = connID
|
||||
|
@ -238,6 +234,11 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
scopes := parseScopes(authReq.Scopes)
|
||||
showBacklink := len(s.connectors) > 1
|
||||
|
||||
switch r.Method {
|
||||
case "GET":
|
||||
switch conn := conn.Connector.(type) {
|
||||
case connector.CallbackConnector:
|
||||
// Use the auth request ID as the "state" token.
|
||||
|
|
Loading…
Reference in a new issue