writefreely/oauth.go

package writefreely

import (
	"context"
	"encoding/json"
	"fmt"
	"github.com/gorilla/mux"
	"github.com/gorilla/sessions"
	"github.com/writeas/impart"
	"github.com/writeas/nerds/store"
	"github.com/writeas/web-core/auth"
	"github.com/writeas/web-core/log"
	"github.com/writeas/writefreely/config"
	"io"
	"io/ioutil"
	"net/http"
	"time"
)

// TokenResponse contains data returned when a token is created either
// through a code exchange or using a refresh token.
type TokenResponse struct {
	AccessToken  string `json:"access_token"`
	ExpiresIn    int    `json:"expires_in"`
	RefreshToken string `json:"refresh_token"`
	TokenType    string `json:"token_type"`
	Error        string `json:"error"`
}

// InspectResponse contains data returned when an access token is inspected.
type InspectResponse struct {
	ClientID    string    `json:"client_id"`
	UserID      string    `json:"user_id"`
	ExpiresAt   time.Time `json:"expires_at"`
	Username    string    `json:"username"`
	DisplayName string    `json:"-"`
	Email       string    `json:"email"`
	Error       string    `json:"error"`
}

// tokenRequestMaxLen is the most bytes that we'll read from the /oauth/token
// endpoint. One megabyte is plenty.
const tokenRequestMaxLen = 1000000

// infoRequestMaxLen is the most bytes that we'll read from the
// /oauth/inspect endpoint.
const infoRequestMaxLen = 1000000

// OAuthDatastoreProvider provides a minimal interface of data store, config,
// and session store for use with the oauth handlers.
type OAuthDatastoreProvider interface {
	DB() OAuthDatastore
	Config() *config.Config
	SessionStore() sessions.Store
}

// OAuthDatastore provides a minimal interface of data store methods used in
// oauth functionality.
type OAuthDatastore interface {
	GetIDForRemoteUser(context.Context, string, string, string) (int64, error)
	RecordRemoteUserID(context.Context, int64, string, string, string, string) error
	ValidateOAuthState(context.Context, string) (string, string, error)
	GenerateOAuthState(context.Context, string, string) (string, error)

	CreateUser(*config.Config, *User, string) error
	GetUserByID(int64) (*User, error)
}

type HttpClient interface {
	Do(req *http.Request) (*http.Response, error)
}

type oauthClient interface {
	GetProvider() string
	GetClientID() string
	buildLoginURL(state string) (string, error)
	exchangeOauthCode(ctx context.Context, code string) (*TokenResponse, error)
	inspectOauthAccessToken(ctx context.Context, accessToken string) (*InspectResponse, error)
}

type oauthHandler struct {
	Config      *config.Config
	DB          OAuthDatastore
	Store       sessions.Store
	EmailKey    []byte
	oauthClient oauthClient
}

func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Request) error {
	ctx := r.Context()
	state, err := h.DB.GenerateOAuthState(ctx, h.oauthClient.GetProvider(), h.oauthClient.GetClientID())
	if err != nil {
		return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
	}
	location, err := h.oauthClient.buildLoginURL(state)
	if err != nil {
		return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
	}
	return impart.HTTPError{http.StatusTemporaryRedirect, location}
}

func configureSlackOauth(parentHandler *Handler, r *mux.Router, app *App) {
	if app.Config().SlackOauth.ClientID != "" {
		oauthClient := slackOauthClient{
			ClientID:         app.Config().SlackOauth.ClientID,
			ClientSecret:     app.Config().SlackOauth.ClientSecret,
			TeamID:           app.Config().SlackOauth.TeamID,
			CallbackLocation: app.Config().App.Host + "/oauth/callback",
			HttpClient:       config.DefaultHTTPClient(),
		}
		configureOauthRoutes(parentHandler, r, app, oauthClient)
	}
}

func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) {
	if app.Config().WriteAsOauth.ClientID != "" {
		oauthClient := writeAsOauthClient{
			ClientID:         app.Config().WriteAsOauth.ClientID,
			ClientSecret:     app.Config().WriteAsOauth.ClientSecret,
			ExchangeLocation: config.OrDefaultString(app.Config().WriteAsOauth.TokenLocation, writeAsExchangeLocation),
			InspectLocation:  config.OrDefaultString(app.Config().WriteAsOauth.InspectLocation, writeAsIdentityLocation),
			AuthLocation:     config.OrDefaultString(app.Config().WriteAsOauth.AuthLocation, writeAsAuthLocation),
			HttpClient:       config.DefaultHTTPClient(),
			CallbackLocation: app.Config().App.Host + "/oauth/callback",
		}
		configureOauthRoutes(parentHandler, r, app, oauthClient)
	}
}

func configureOauthRoutes(parentHandler *Handler, r *mux.Router, app *App, oauthClient oauthClient) {
	handler := &oauthHandler{
		Config:      app.Config(),
		DB:          app.DB(),
		Store:       app.SessionStore(),
		oauthClient: oauthClient,
		EmailKey:    app.keys.EmailKey,
	}
	r.HandleFunc("/oauth/"+oauthClient.GetProvider(), parentHandler.OAuth(handler.viewOauthInit)).Methods("GET")
	r.HandleFunc("/oauth/callback", parentHandler.OAuth(handler.viewOauthCallback)).Methods("GET")
}

func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http.Request) error {
	ctx := r.Context()

	code := r.FormValue("code")
	state := r.FormValue("state")

	provider, clientID, err := h.DB.ValidateOAuthState(ctx, state)
	if err != nil {
		log.Error("Unable to ValidateOAuthState: %s", err)
		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
	}

	tokenResponse, err := h.oauthClient.exchangeOauthCode(ctx, code)
	if err != nil {
		log.Error("Unable to exchangeOauthCode: %s", err)
		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
	}

	// Now that we have the access token, let's use it real quick to make sur
	// it really really works.
	tokenInfo, err := h.oauthClient.inspectOauthAccessToken(ctx, tokenResponse.AccessToken)
	if err != nil {
		log.Error("Unable to inspectOauthAccessToken: %s", err)
		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
	}

	localUserID, err := h.DB.GetIDForRemoteUser(ctx, tokenInfo.UserID, provider, clientID)
	if err != nil {
		log.Error("Unable to GetIDForRemoteUser: %s", err)
		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
	}

	if localUserID == -1 {
		// We don't have, nor do we want, the password from the origin, so we
		//create a random string. If the user needs to set a password, they
		//can do so through the settings page or through the password reset
		//flow.
		randPass := store.Generate62RandomString(14)
		hashedPass, err := auth.HashPass([]byte(randPass))
		if err != nil {
			return impart.HTTPError{http.StatusInternalServerError, "unable to create password hash"}
		}
		newUser := &User{
			Username:   tokenInfo.Username,
			HashedPass: hashedPass,
			HasPass:    true,
			Email:      prepareUserEmail(tokenInfo.Email, h.EmailKey),
			Created:    time.Now().Truncate(time.Second).UTC(),
		}
		displayName := tokenInfo.DisplayName
		if len(displayName) == 0 {
			displayName = tokenInfo.Username
		}

		err = h.DB.CreateUser(h.Config, newUser, displayName)
		if err != nil {
			return impart.HTTPError{http.StatusInternalServerError, err.Error()}
		}

		err = h.DB.RecordRemoteUserID(ctx, newUser.ID, tokenInfo.UserID, provider, clientID, tokenResponse.AccessToken)
		if err != nil {
			return impart.HTTPError{http.StatusInternalServerError, err.Error()}
		}

		if err := loginOrFail(h.Store, w, r, newUser); err != nil {
			return impart.HTTPError{http.StatusInternalServerError, err.Error()}
		}
		return nil
	}

	user, err := h.DB.GetUserByID(localUserID)
	if err != nil {
		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
	}
	if err = loginOrFail(h.Store, w, r, user); err != nil {
		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
	}
	return nil
}

func limitedJsonUnmarshal(body io.ReadCloser, n int, thing interface{}) error {
	lr := io.LimitReader(body, int64(n+1))
	data, err := ioutil.ReadAll(lr)
	if err != nil {
		return err
	}
	if len(data) == n+1 {
		return fmt.Errorf("content larger than max read allowance: %d", n)
	}
	return json.Unmarshal(data, thing)
}

func loginOrFail(store sessions.Store, w http.ResponseWriter, r *http.Request, user *User) error {
	// An error may be returned, but a valid session should always be returned.
	session, _ := store.Get(r, cookieName)
	session.Values[cookieUserVal] = user.Cookie()
	if err := session.Save(r, w); err != nil {
		fmt.Println("error saving session", err)
		return err
	}
	http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
	return nil
}
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`package writefreely`

			`import (`
			`"context"`
			`"encoding/json"`
Unit tests, integration testing, and code cleanup for oauth support. Part of T705. 2019-12-23 19:30:32 +00:00			`"fmt"`
Merging T705-oauth into T710-oauth-slack. T705,T710 2019-12-27 18:40:11 +00:00			`"github.com/gorilla/mux"`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`"github.com/gorilla/sessions"`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`"github.com/writeas/impart"`
Code cleanup from PR 255 feedback. T705 2019-12-27 18:35:48 +00:00			`"github.com/writeas/nerds/store"`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`"github.com/writeas/web-core/auth"`
			`"github.com/writeas/web-core/log"`
			`"github.com/writeas/writefreely/config"`
			`"io"`
			`"io/ioutil"`
			`"net/http"`
			`"time"`
			`)`

			`// TokenResponse contains data returned when a token is created either`
			`// through a code exchange or using a refresh token.`
			`type TokenResponse struct {`
			AccessToken string `json:"access_token"`
			ExpiresIn int `json:"expires_in"`
			RefreshToken string `json:"refresh_token"`
			TokenType string `json:"token_type"`
Check for error response in code exchange This checks to see if we get a response with a populated `error` field in exchangeOauthCode(). If so, we return that error message as an error, to ensure the callback logic doesn't continue with a bad response. Ref T705 2019-12-30 23:25:24 +00:00			Error string `json:"error"`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

			`// InspectResponse contains data returned when an access token is inspected.`
			`type InspectResponse struct {`
Adding slack display name to inspect response to use in user creation as per PR feedback. T710 2020-01-02 20:55:28 +00:00			ClientID string `json:"client_id"`
			UserID string `json:"user_id"`
			ExpiresAt time.Time `json:"expires_at"`
			Username string `json:"username"`
			DisplayName string `json:"-"`
			Email string `json:"email"`
			Error string `json:"error"`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

			`// tokenRequestMaxLen is the most bytes that we'll read from the /oauth/token`
			`// endpoint. One megabyte is plenty.`
			`const tokenRequestMaxLen = 1000000`

			`// infoRequestMaxLen is the most bytes that we'll read from the`
			`// /oauth/inspect endpoint.`
			`const infoRequestMaxLen = 1000000`

			`// OAuthDatastoreProvider provides a minimal interface of data store, config,`
			`// and session store for use with the oauth handlers.`
			`type OAuthDatastoreProvider interface {`
			`DB() OAuthDatastore`
			`Config() *config.Config`
			`SessionStore() sessions.Store`
			`}`

			`// OAuthDatastore provides a minimal interface of data store methods used in`
			`// oauth functionality.`
			`type OAuthDatastore interface {`
Code cleanup in prep for PR. T710 2019-12-30 18:32:06 +00:00			`GetIDForRemoteUser(context.Context, string, string, string) (int64, error)`
			`RecordRemoteUserID(context.Context, int64, string, string, string, string) error`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`ValidateOAuthState(context.Context, string) (string, string, error)`
Merging T705-oauth into T710-oauth-slack. T705,T710 2019-12-27 18:40:11 +00:00			`GenerateOAuthState(context.Context, string, string) (string, error)`

Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`CreateUser(config.Config, User, string) error`
Updating oauth user lookup call as per PR feedback. T710 2020-01-03 16:31:38 +00:00			`GetUserByID(int64) (*User, error)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

			`type HttpClient interface {`
			`Do(req http.Request) (http.Response, error)`
			`}`

Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`type oauthClient interface {`
			`GetProvider() string`
			`GetClientID() string`
			`buildLoginURL(state string) (string, error)`
			`exchangeOauthCode(ctx context.Context, code string) (*TokenResponse, error)`
			`inspectOauthAccessToken(ctx context.Context, accessToken string) (*InspectResponse, error)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

			`type oauthHandler struct {`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`Config *config.Config`
			`DB OAuthDatastore`
			`Store sessions.Store`
Encrypting email from oauth signup as per PR feedback. T710 2020-01-03 16:28:06 +00:00			`EmailKey []byte`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`oauthClient oauthClient`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 21:19:26 +00:00			`func (h oauthHandler) viewOauthInit(app App, w http.ResponseWriter, r http.Request) error {`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`ctx := r.Context()`
			`state, err := h.DB.GenerateOAuthState(ctx, h.oauthClient.GetProvider(), h.oauthClient.GetClientID())`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`if err != nil {`
Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 21:19:26 +00:00			`return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`location, err := h.oauthClient.buildLoginURL(state)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`if err != nil {`
Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 21:19:26 +00:00			`return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`
Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 21:19:26 +00:00			`return impart.HTTPError{http.StatusTemporaryRedirect, location}`
Merging T705-oauth into T710-oauth-slack. T705,T710 2019-12-27 18:40:11 +00:00			`}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00
Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 21:19:26 +00:00			`func configureSlackOauth(parentHandler Handler, r mux.Router, app *App) {`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`if app.Config().SlackOauth.ClientID != "" {`
			`oauthClient := slackOauthClient{`
			`ClientID: app.Config().SlackOauth.ClientID,`
			`ClientSecret: app.Config().SlackOauth.ClientSecret,`
			`TeamID: app.Config().SlackOauth.TeamID,`
			`CallbackLocation: app.Config().App.Host + "/oauth/callback",`
write.as oauth client cleanup as per PR feedback. T710 2020-01-02 20:50:54 +00:00			`HttpClient: config.DefaultHTTPClient(),`
Merging T705-oauth into T710-oauth-slack. T705,T710 2019-12-27 18:40:11 +00:00			`}`
Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 21:19:26 +00:00			`configureOauthRoutes(parentHandler, r, app, oauthClient)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00
Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 21:19:26 +00:00			`func configureWriteAsOauth(parentHandler Handler, r mux.Router, app *App) {`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`if app.Config().WriteAsOauth.ClientID != "" {`
			`oauthClient := writeAsOauthClient{`
			`ClientID: app.Config().WriteAsOauth.ClientID,`
			`ClientSecret: app.Config().WriteAsOauth.ClientSecret,`
write.as oauth client cleanup as per PR feedback. T710 2020-01-02 20:50:54 +00:00			`ExchangeLocation: config.OrDefaultString(app.Config().WriteAsOauth.TokenLocation, writeAsExchangeLocation),`
			`InspectLocation: config.OrDefaultString(app.Config().WriteAsOauth.InspectLocation, writeAsIdentityLocation),`
			`AuthLocation: config.OrDefaultString(app.Config().WriteAsOauth.AuthLocation, writeAsAuthLocation),`
			`HttpClient: config.DefaultHTTPClient(),`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`CallbackLocation: app.Config().App.Host + "/oauth/callback",`
			`}`
Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 21:19:26 +00:00			`configureOauthRoutes(parentHandler, r, app, oauthClient)`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 21:19:26 +00:00			`func configureOauthRoutes(parentHandler Handler, r mux.Router, app *App, oauthClient oauthClient) {`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`handler := &oauthHandler{`
			`Config: app.Config(),`
			`DB: app.DB(),`
			`Store: app.SessionStore(),`
			`oauthClient: oauthClient,`
Encrypting email from oauth signup as per PR feedback. T710 2020-01-03 16:28:06 +00:00			`EmailKey: app.keys.EmailKey,`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`
Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 21:19:26 +00:00			`r.HandleFunc("/oauth/"+oauthClient.GetProvider(), parentHandler.OAuth(handler.viewOauthInit)).Methods("GET")`
			`r.HandleFunc("/oauth/callback", parentHandler.OAuth(handler.viewOauthCallback)).Methods("GET")`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`func (h oauthHandler) viewOauthCallback(app App, w http.ResponseWriter, r http.Request) error {`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`ctx := r.Context()`

			`code := r.FormValue("code")`
			`state := r.FormValue("state")`

Code cleanup in prep for PR. T710 2019-12-30 18:32:06 +00:00			`provider, clientID, err := h.DB.ValidateOAuthState(ctx, state)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`if err != nil {`
Add logging in viewOauthCallback() Ref T705 2019-12-30 23:23:45 +00:00			`log.Error("Unable to ValidateOAuthState: %s", err)`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return impart.HTTPError{http.StatusInternalServerError, err.Error()}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`tokenResponse, err := h.oauthClient.exchangeOauthCode(ctx, code)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`if err != nil {`
Add logging in viewOauthCallback() Ref T705 2019-12-30 23:23:45 +00:00			`log.Error("Unable to exchangeOauthCode: %s", err)`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return impart.HTTPError{http.StatusInternalServerError, err.Error()}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

			`// Now that we have the access token, let's use it real quick to make sur`
			`// it really really works.`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`tokenInfo, err := h.oauthClient.inspectOauthAccessToken(ctx, tokenResponse.AccessToken)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`if err != nil {`
Add logging in viewOauthCallback() Ref T705 2019-12-30 23:23:45 +00:00			`log.Error("Unable to inspectOauthAccessToken: %s", err)`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return impart.HTTPError{http.StatusInternalServerError, err.Error()}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

Code cleanup in prep for PR. T710 2019-12-30 18:32:06 +00:00			`localUserID, err := h.DB.GetIDForRemoteUser(ctx, tokenInfo.UserID, provider, clientID)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`if err != nil {`
Add logging in viewOauthCallback() Ref T705 2019-12-30 23:23:45 +00:00			`log.Error("Unable to GetIDForRemoteUser: %s", err)`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return impart.HTTPError{http.StatusInternalServerError, err.Error()}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

			`if localUserID == -1 {`
			`// We don't have, nor do we want, the password from the origin, so we`
			`//create a random string. If the user needs to set a password, they`
			`//can do so through the settings page or through the password reset`
			`//flow.`
Code cleanup from PR 255 feedback. T705 2019-12-27 18:35:48 +00:00			`randPass := store.Generate62RandomString(14)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`hashedPass, err := auth.HashPass([]byte(randPass))`
			`if err != nil {`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return impart.HTTPError{http.StatusInternalServerError, "unable to create password hash"}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`
			`newUser := &User{`
			`Username: tokenInfo.Username,`
			`HashedPass: hashedPass,`
			`HasPass: true,`
Encrypting email from oauth signup as per PR feedback. T710 2020-01-03 16:28:06 +00:00			`Email: prepareUserEmail(tokenInfo.Email, h.EmailKey),`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`Created: time.Now().Truncate(time.Second).UTC(),`
			`}`
Adding slack display name to inspect response to use in user creation as per PR feedback. T710 2020-01-02 20:55:28 +00:00			`displayName := tokenInfo.DisplayName`
			`if len(displayName) == 0 {`
			`displayName = tokenInfo.Username`
			`}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00
Adding slack display name to inspect response to use in user creation as per PR feedback. T710 2020-01-02 20:55:28 +00:00			`err = h.DB.CreateUser(h.Config, newUser, displayName)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`if err != nil {`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return impart.HTTPError{http.StatusInternalServerError, err.Error()}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

Code cleanup in prep for PR. T710 2019-12-30 18:32:06 +00:00			`err = h.DB.RecordRemoteUserID(ctx, newUser.ID, tokenInfo.UserID, provider, clientID, tokenResponse.AccessToken)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`if err != nil {`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return impart.HTTPError{http.StatusInternalServerError, err.Error()}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

Unit tests, integration testing, and code cleanup for oauth support. Part of T705. 2019-12-23 19:30:32 +00:00			`if err := loginOrFail(h.Store, w, r, newUser); err != nil {`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return impart.HTTPError{http.StatusInternalServerError, err.Error()}`
Unit tests, integration testing, and code cleanup for oauth support. Part of T705. 2019-12-23 19:30:32 +00:00			`}`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return nil`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

Updating oauth user lookup call as per PR feedback. T710 2020-01-03 16:31:38 +00:00			`user, err := h.DB.GetUserByID(localUserID)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`if err != nil {`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return impart.HTTPError{http.StatusInternalServerError, err.Error()}`
Unit tests, integration testing, and code cleanup for oauth support. Part of T705. 2019-12-23 19:30:32 +00:00			`}`
			`if err = loginOrFail(h.Store, w, r, user); err != nil {`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return impart.HTTPError{http.StatusInternalServerError, err.Error()}`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`
Pass OAuth requests through new OAuth handler This gives us our standard logging and passes around errors with impart.HTTPError. Ref T705 2019-12-30 23:14:01 +00:00			`return nil`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`func limitedJsonUnmarshal(body io.ReadCloser, n int, thing interface{}) error {`
			`lr := io.LimitReader(body, int64(n+1))`
			`data, err := ioutil.ReadAll(lr)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`if err != nil {`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`return err`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`if len(data) == n+1 {`
			`return fmt.Errorf("content larger than max read allowance: %d", n)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`
Feature complete on MVP slack auth integration. T710 2019-12-28 20:15:47 +00:00			`return json.Unmarshal(data, thing)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`}`

Unit tests, integration testing, and code cleanup for oauth support. Part of T705. 2019-12-23 19:30:32 +00:00			`func loginOrFail(store sessions.Store, w http.ResponseWriter, r http.Request, user User) error {`
			`// An error may be returned, but a valid session should always be returned.`
			`session, _ := store.Get(r, cookieName)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`session.Values[cookieUserVal] = user.Cookie()`
Unit tests, integration testing, and code cleanup for oauth support. Part of T705. 2019-12-23 19:30:32 +00:00			`if err := session.Save(r, w); err != nil {`
			`fmt.Println("error saving session", err)`
Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 16:48:04 +00:00			`return err`
			`}`
			`http.Redirect(w, r, "/", http.StatusTemporaryRedirect)`
			`return nil`
			`}`