From 580f64b7f203a2a55e0df1d34545e19fc070fecd Mon Sep 17 00:00:00 2001 From: djpbessems Date: Fri, 8 Mar 2024 11:50:00 +1100 Subject: [PATCH] fix: Refactor to use interactivebrowser login --- pkg/graphhelper/graphhelper.go | 50 ++++++++++++++++++++++------------ pkg/spamasaurusrex/main.go | 33 +++++++++++++--------- 2 files changed, 53 insertions(+), 30 deletions(-) diff --git a/pkg/graphhelper/graphhelper.go b/pkg/graphhelper/graphhelper.go index 3b36c63..421c48f 100644 --- a/pkg/graphhelper/graphhelper.go +++ b/pkg/graphhelper/graphhelper.go @@ -2,22 +2,21 @@ package graphhelper import ( "context" - "fmt" - "os" "strings" "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" auth "github.com/microsoft/kiota-authentication-azure-go" msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go" - // "github.com/microsoftgraph/msgraph-sdk-go/models" - // "github.com/microsoftgraph/msgraph-sdk-go/users" + "github.com/microsoftgraph/msgraph-sdk-go/models" + "github.com/microsoftgraph/msgraph-sdk-go/users" ) type GraphHelper struct { - deviceCodeCredential *azidentity.DeviceCodeCredential - userClient *msgraphsdk.GraphServiceClient - graphUserScopes []string + // deviceCodeCredential *azidentity.DeviceCodeCredential + InteractiveBrowserCredential *azidentity.InteractiveBrowserCredential + userClient *msgraphsdk.GraphServiceClient + graphUserScopes []string } func NewGraphHelper() *GraphHelper { @@ -26,25 +25,30 @@ func NewGraphHelper() *GraphHelper { } func (g *GraphHelper) InitializeGraphForUserAuth() error { - clientId := os.Getenv("CLIENT_ID") - tenantId := os.Getenv("TENANT_ID") - scopes := os.Getenv("GRAPH_USER_SCOPES") + // clientId := os.Getenv("CLIENT_ID") + clientId := "dccb4b93-3f75-4775-a94a-da39216d7daf" + // tenantId := os.Getenv("TENANT_ID") + tenantId := "ceeae22e-f163-4ac9-b7c2-45972d3aed4f" + // scopes := os.Getenv("GRAPH_USER_SCOPES") + scopes := "user.read" g.graphUserScopes = strings.Split(scopes, ",") // Create the device code credential - credential, err := azidentity.NewDeviceCodeCredential(&azidentity.DeviceCodeCredentialOptions{ + // credential, err := azidentity.NewDeviceCodeCredential(&azidentity.DeviceCodeCredentialOptions{ + credential, err := azidentity.NewInteractiveBrowserCredential(&azidentity.InteractiveBrowserCredentialOptions{ ClientID: clientId, TenantID: tenantId, - UserPrompt: func(ctx context.Context, message azidentity.DeviceCodeMessage) error { - fmt.Println(message.Message) - return nil - }, + // UserPrompt: func(ctx context.Context, message azidentity.DeviceCodeMessage) error { + // fmt.Println(message.Message) + // return nil + // }, + RedirectURL: "https://alias.spamasaurus.com/", }) if err != nil { return err } - g.deviceCodeCredential = credential + g.InteractiveBrowserCredential = credential // Create an auth provider using the credential authProvider, err := auth.NewAzureIdentityAuthenticationProviderWithScopes(credential, g.graphUserScopes) @@ -66,7 +70,7 @@ func (g *GraphHelper) InitializeGraphForUserAuth() error { } func (g *GraphHelper) GetUserToken() (*string, error) { - token, err := g.deviceCodeCredential.GetToken(context.Background(), policy.TokenRequestOptions{ + token, err := g.InteractiveBrowserCredential.GetToken(context.Background(), policy.TokenRequestOptions{ Scopes: g.graphUserScopes, }) if err != nil { @@ -75,3 +79,15 @@ func (g *GraphHelper) GetUserToken() (*string, error) { return &token.Token, nil } + +func (g *GraphHelper) GetUser() (models.Userable, error) { + query := users.UserItemRequestBuilderGetQueryParameters{ + // Only request specific properties + Select: []string{"displayName", "mail", "userPrincipalName"}, + } + + return g.userClient.Me().Get(context.Background(), + &users.UserItemRequestBuilderGetRequestConfiguration{ + QueryParameters: &query, + }) +} diff --git a/pkg/spamasaurusrex/main.go b/pkg/spamasaurusrex/main.go index 3875fb5..fe36b76 100644 --- a/pkg/spamasaurusrex/main.go +++ b/pkg/spamasaurusrex/main.go @@ -15,25 +15,35 @@ import ( ) func handler(w http.ResponseWriter, r *http.Request) { - query := r.URL.Query() - name := query.Get("name") - graphHelper := graphhelper.NewGraphHelper() - initializeGraph(graphHelper) - greetUser(graphHelper) - if name == "" { - name = "Guest" + user, err := graphHelper.GetUser() + if err != nil { + log.Panicf("Error getting user: %v\n", err) } - log.Printf("Received request for %s\n", name) - w.Write([]byte(fmt.Sprintf("Hello, %s\n", name))) + + fmt.Printf("Hello, %s!\n", *user.GetDisplayName()) + w.Write([]byte(fmt.Sprintf("Hello, %s\n", *user.GetDisplayName()))) + + // query := r.URL.Query() + // name := query.Get("name") + // w.Write([]byte(fmt.Sprintf("Hello, %s\n", name))) } func healthHandler(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) } +func loginHandler(w http.ResponseWriter, r *http.Request) { + clientId := "dccb4b93-3f75-4775-a94a-da39216d7daf" + tenantId := "ceeae22e-f163-4ac9-b7c2-45972d3aed4f" + redirectURI := "https://alias.spamasaurus.com/" + + http.Redirect(w, r, + "https://login.microsoftonline.com/"+tenantId+"/oauth2/v2.0/authorize?client_id="+clientId+"&response_type=code&redirect_uri="+redirectURI+"&scope=openid profile offline_access", http.StatusMovedPermanently) +} + func readinessHandler(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) } @@ -44,6 +54,7 @@ func main() { r.HandleFunc("/", handler) r.HandleFunc("/health", healthHandler) + r.HandleFunc("/login", loginHandler) r.HandleFunc("/readiness", readinessHandler) srv := &http.Server{ @@ -88,10 +99,6 @@ func initializeGraph(graphHelper *graphhelper.GraphHelper) { } } -func greetUser(graphHelper *graphhelper.GraphHelper) { - // TODO -} - func displayAccessToken(graphHelper *graphhelper.GraphHelper) { token, err := graphHelper.GetUserToken() if err != nil {