From 1d026d3ec450c94f3e0401d35f858db1627f6ef7 Mon Sep 17 00:00:00 2001 From: djpbessems Date: Sun, 10 Mar 2024 22:03:36 +1100 Subject: [PATCH] fix: Change oath scopes & direct debugging to console. --- go.mod | 4 ++-- go.sum | 1 + pkg/spamasaurusrex/main.go | 10 +++++----- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 59666b2..34fcb7e 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.19 require ( github.com/breml/rootcerts v0.2.16 github.com/gorilla/mux v1.8.1 + github.com/gorilla/sessions v1.2.2 github.com/microsoftgraph/msgraph-sdk-go v1.34.0 golang.org/x/oauth2 v0.18.0 ) @@ -14,7 +15,6 @@ require ( github.com/golang-jwt/jwt/v5 v5.2.0 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/gorilla/securecookie v1.1.2 // indirect - github.com/gorilla/sessions v1.2.2 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect golang.org/x/crypto v0.21.0 // indirect @@ -28,7 +28,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect github.com/cjlapao/common-go v0.0.39 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.1 github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/google/uuid v1.6.0 // indirect diff --git a/go.sum b/go.sum index 151ff02..459ea44 100644 --- a/go.sum +++ b/go.sum @@ -26,6 +26,7 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= diff --git a/pkg/spamasaurusrex/main.go b/pkg/spamasaurusrex/main.go index 3aaee48..4a0c703 100644 --- a/pkg/spamasaurusrex/main.go +++ b/pkg/spamasaurusrex/main.go @@ -2,7 +2,6 @@ package main import ( "context" - "fmt" "log" "net/http" "os" @@ -25,7 +24,7 @@ var config = oauth2.Config{ ClientSecret: "XN98Q~Wrp1RfakkihA1BaTKfokOSX9fuB01unanr", Endpoint: microsoft.AzureADEndpoint("ceeae22e-f163-4ac9-b7c2-45972d3aed4f"), RedirectURL: "https://alias.spamasaurus.com/callback", - Scopes: []string{"User.Read", "Profile"}, + Scopes: []string{"email", "openid", "profile", "user.read"}, } var sessionStore = sessions.NewCookieStore([]byte("xDDBjhYwyndZty3exGNq2ahE8wHRCR4DfdCJCSoWXAYncfWw2UQDH63QcJ9CkrGx")) @@ -33,7 +32,8 @@ var sessionStore = sessions.NewCookieStore([]byte("xDDBjhYwyndZty3exGNq2ahE8wHRC func rootHandler(w http.ResponseWriter, r *http.Request) { session, _ := sessionStore.Get(r, "spamasaurusRex") if token, ok := session.Values["token"]; ok { - w.Write([]byte(spew.Sdump(token))) + log.Println(spew.Sdump(token)) + w.Write([]byte("Token retrieved from session")) } else { url := config.AuthCodeURL("state", oauth2.AccessTypeOffline) http.Redirect(w, r, url, http.StatusFound) @@ -45,7 +45,7 @@ func callbackHandler(w http.ResponseWriter, r *http.Request) { token, err := config.Exchange(r.Context(), r.URL.Query().Get("code")) if err != nil { if retrieveErr, ok := err.(*oauth2.RetrieveError); ok { - w.Write([]byte(retrieveErr.ErrorDescription + " (" + retrieveErr.ErrorCode + ")")) + log.Println(retrieveErr.ErrorDescription + " (" + retrieveErr.ErrorCode + ")") } http.Error(w, "Error exchanging code for token", http.StatusInternalServerError) return @@ -56,7 +56,7 @@ func callbackHandler(w http.ResponseWriter, r *http.Request) { session.Values["token"] = token session.Save(r, w) - fmt.Fprintln(w, "Authentication successful!") + w.Write([]byte("Authentication successful!")) url := "https://alias.spamasaurus.com" http.Redirect(w, r, url, http.StatusAccepted)