Fix the gitlab oauth issue.

Now the problem is tha API is wrong. Sigh...

Fix the gitlab oauth issue.
23e363c2 · Kevin Lyda · c82e7ee1 · 23e363c2 · 23e363c2 · 23e363c2
Commit 23e363c2 authored 6 years ago by Kevin Lyda
--- a/server/auth/gitlab/gitlab.go
+++ b/server/auth/gitlab/gitlab.go
@@ -2,6 +2,7 @@ package gitlab
 import (
 	"errors"
+	"log"
 	"strconv"
 	"github.com/nsheridan/cashier/server/config"
@@ -46,6 +47,7 @@ func New(c *config.Auth) (*Config, error) {
 			return nil, errors.New("gitlab_opts if allusers is set, siteurl must be set")
 		}
 	}
+	oauth2.RegisterBrokenAuthHeaderProvider(siteURL)
 	return &Config{
 		config: &oauth2.Config{
@@ -75,18 +77,22 @@ func (c *Config) Name() string {
 // Valid validates the oauth token.
 func (c *Config) Valid(token *oauth2.Token) bool {
 	if !token.Valid() {
+		log.Printf("Auth fail (oauth2 Valid failure)")
 		return false
 	}
 	if c.allusers {
+		log.Printf("Auth success (allusers)")
 		metrics.M.AuthValid.WithLabelValues("gitlab").Inc()
 		return true
 	}
 	if len(c.whitelist) > 0 && !c.whitelist[c.Username(token)] {
+		log.Printf("Auth fail (not in whitelist)")
 		return false
 	}
 	if c.group == "" {
 		// There's no group and token is valid.  Can only reach
 		// here if user whitelist is set and user is in whitelist.
+		log.Printf("Auth success (no groups specified in server config)")
 		metrics.M.AuthValid.WithLabelValues("gitlab").Inc()
 		return true
 	}
@@ -94,14 +100,17 @@ func (c *Config) Valid(token *oauth2.Token) bool {
 	client.SetBaseURL(c.baseurl)
 	groups, _, err := client.Groups.SearchGroup(c.group)
 	if err != nil {
+		log.Printf("Auth failure (error fetching groups: %s)", err)
 		return false
 	}
 	for _, g := range groups {
 		if g.Path == c.group {
 			metrics.M.AuthValid.WithLabelValues("gitlab").Inc()
+			log.Printf("Auth success (in allowed group)")
 			return true
 		}
 	}
+	log.Printf("Auth failure (not in allowed groups)")
 	return false
 }

--- a/server/handlers.go
+++ b/server/handlers.go
@@ -88,6 +88,7 @@ func (a *app) auth(w http.ResponseWriter, r *http.Request) {
 	case "/auth/callback":
 		state := a.getSessionVariable(r, "state")
 		if r.FormValue("state") != state {
+			log.Printf("Not authorized on /auth/callback")
 			w.WriteHeader(http.StatusUnauthorized)
 			w.Write([]byte(http.StatusText(http.StatusUnauthorized)))
 			break
@@ -99,11 +100,13 @@ func (a *app) auth(w http.ResponseWriter, r *http.Request) {
 		code := r.FormValue("code")
 		token, err := a.authprovider.Exchange(code)
 		if err != nil {
+			log.Printf("Error on /auth/callback: %v", err)
 			w.WriteHeader(http.StatusInternalServerError)
 			w.Write([]byte(http.StatusText(http.StatusInternalServerError)))
 			w.Write([]byte(err.Error()))
 			break
 		}
+		log.Printf("Token found on /auth/callback, redirecting to %s", originURL)
 		a.setAuthToken(w, r, token)
 		http.Redirect(w, r, originURL, http.StatusFound)
 	default:
@@ -112,7 +115,9 @@ func (a *app) auth(w http.ResponseWriter, r *http.Request) {
 }
 func (a *app) index(w http.ResponseWriter, r *http.Request) {
+	log.Printf("Entering index handler.")
 	tok := a.getAuthToken(r)
+	log.Printf("Token found: %v\n", tok)
 	page := struct {
 		Token string
 	}{tok.AccessToken}

--- a/server/server.go
+++ b/server/server.go
@@ -251,8 +251,11 @@ func (a *app) setSessionVariable(w http.ResponseWriter, r *http.Request, key, va
 func (a *app) authed(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		log.Printf("Checking auth for %s.", r.URL.EscapedPath())
 		t := a.getAuthToken(r)
+		log.Printf("Token is: %v.", t)
 		if !t.Valid() || !a.authprovider.Valid(t) {
+			log.Printf("Invalid token t.Valid() = %s.", t.Valid())
 			a.setSessionVariable(w, r, "origin_url", r.URL.EscapedPath())
 			http.Redirect(w, r, "/auth/login", http.StatusSeeOther)
 			return