Refactor to common parameters for different vendor methods

handlers/common/common.go

@@ -1,15 +1,41 @@
 package common
 
 import (
+	"context"
 	"encoding/json"
 	"github.com/vouch/vouch-proxy/pkg/cfg"
 	"github.com/vouch/vouch-proxy/pkg/structs"
+	"golang.org/x/oauth2"
+	"net/http"
 )
 
 var (
 	log = cfg.Cfg.Logger
 )
 
+func PrepareTokensAndClient(r *http.Request, ptokens *structs.PTokens, setpid bool) (error, *http.Client, *oauth2.Token) {
+	providerToken, err := cfg.OAuthClient.Exchange(context.TODO(), r.URL.Query().Get("code"))
+	if err != nil {
+		return err, nil, nil
+	}
+	ptokens.PAccessToken = providerToken.AccessToken
+
+	if setpid {
+		if providerToken.Extra("id_token") != nil {
+			// Certain providers (eg. gitea) don't provide an id_token
+			// and it's not neccessary for the authentication phase
+			ptokens.PIdToken = providerToken.Extra("id_token").(string)
+		} else {
+			log.Debugf("id_token missing - may not be supported by this provider")
+		}
+	}
+
+	log.Debugf("ptokens: %+v", ptokens)
+
+	client := cfg.OAuthClient.Client(context.TODO(), providerToken)
+	return err, client, providerToken
+}
+
 func MapClaims(claims []byte, customClaims *structs.CustomClaims) error {
 	// Create a struct that contains the claims that we want to store from the config.
 	var f interface{}

handlers/github/github.go

@@ -17,8 +17,12 @@ var (
 
 // github
 // https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/about-authorization-options-for-oauth-apps/
-func GetUserInfoFromGitHub(client *http.Client, user *structs.User, customClaims *structs.CustomClaims, ptoken *oauth2.Token) (rerr error) {
-
+func GetUserInfoFromGitHub(r *http.Request, user *structs.User, customClaims *structs.CustomClaims, ptokens *structs.PTokens) (rerr error) {
+	err, client, ptoken := common.PrepareTokensAndClient(r, ptokens, true)
+	if err != nil {
+		// http.Error(w, err.Error(), http.StatusBadRequest)
+		return err
+	}
 	log.Errorf("ptoken.AccessToken: %s", ptoken.AccessToken)
 	userinfo, err := client.Get(cfg.GenOAuth.UserInfoURL + ptoken.AccessToken)
 	if err != nil {

handlers/google/google.go

@@ -13,7 +13,11 @@ var (
 	log = cfg.Cfg.Logger
 )
 
-func GetUserInfoFromGoogle(client *http.Client, user *structs.User, customClaims *structs.CustomClaims) (rerr error) {
+func GetUserInfoFromGoogle(r *http.Request, user *structs.User, customClaims *structs.CustomClaims, ptokens *structs.PTokens) (rerr error) {
+	err, client, _ := common.PrepareTokensAndClient(r, ptokens, true)
+	if err != nil {
+		return err
+	}
 	userinfo, err := client.Get(cfg.GenOAuth.UserInfoURL)
 	if err != nil {
 		return err

handlers/handlers.go

@@ -1,7 +1,6 @@
 package handlers
 
 import (
-	"context"
 	"fmt"
 	"github.com/vouch/vouch-proxy/handlers/adfs"
 	"github.com/vouch/vouch-proxy/handlers/github"
@@ -534,42 +533,23 @@ func getUserInfo(r *http.Request, user *structs.User, customClaims *structs.Cust
 
 	// indieauth sends the "me" setting in json back to the callback, so just pluck it from the callback
 	if cfg.GenOAuth.Provider == cfg.Providers.IndieAuth {
-		return indieauth.GetUserInfoFromIndieAuth(r, user, customClaims)
+		return indieauth.GetUserInfoFromIndieAuth(r, user, customClaims, ptokens)
 	} else if cfg.GenOAuth.Provider == cfg.Providers.ADFS {
 		return adfs.GetUserInfoFromADFS(r, user, customClaims, ptokens)
 	}
-	providerToken, err := cfg.OAuthClient.Exchange(context.TODO(), r.URL.Query().Get("code"))
-	if err != nil {
-		return err
-	}
 	if cfg.GenOAuth.Provider == cfg.Providers.HomeAssistant {
-		ptokens.PAccessToken = providerToken.Extra("access_token").(string)
-		return homeassistant.GetUserInfoFromHomeAssistant(r, user, customClaims)
+		return homeassistant.GetUserInfoFromHomeAssistant(r, user, customClaims, ptokens)
 	}
-	ptokens.PAccessToken = providerToken.AccessToken
 	if cfg.GenOAuth.Provider == cfg.Providers.OpenStax {
-		client := cfg.OAuthClient.Client(context.TODO(), providerToken)
-		return openstax.GetUserInfoFromOpenStax(client, user, customClaims, providerToken)
-	}
-
-	if providerToken.Extra("id_token") != nil {
-		// Certain providers (eg. gitea) don't provide an id_token
-		// and it's not neccessary for the authentication phase
-		ptokens.PIdToken = providerToken.Extra("id_token").(string)
-	} else {
-		log.Debugf("id_token missing - may not be supported by this provider")
+		return openstax.GetUserInfoFromOpenStax(r, user, customClaims, ptokens)
 	}
 
-	log.Debugf("ptokens: %+v", ptokens)
-
-	// make the "third leg" request back to provider to exchange the token for the userinfo
-	client := cfg.OAuthClient.Client(context.TODO(), providerToken)
 	if cfg.GenOAuth.Provider == cfg.Providers.Google {
-		return google.GetUserInfoFromGoogle(client, user, customClaims)
+		return google.GetUserInfoFromGoogle(r, user, customClaims, ptokens)
 	} else if cfg.GenOAuth.Provider == cfg.Providers.GitHub {
-		return github.GetUserInfoFromGitHub(client, user, customClaims, providerToken)
+		return github.GetUserInfoFromGitHub(r, user, customClaims, ptokens)
 	} else if cfg.GenOAuth.Provider == cfg.Providers.OIDC {
-		return openid.GetUserInfoFromOpenID(client, user, customClaims, providerToken)
+		return openid.GetUserInfoFromOpenID(r, user, customClaims, ptokens)
 	}
 	log.Error("we don't know how to look up the user info")
 	return nil

handlers/homeassistant/homeassistant.go

@@ -1,12 +1,18 @@
 package homeassistant
 
 import (
+	"github.com/vouch/vouch-proxy/handlers/common"
 	"github.com/vouch/vouch-proxy/pkg/structs"
 	"net/http"
 )
 
 // More info: https://developers.home-assistant.io/docs/en/auth_api.html
-func GetUserInfoFromHomeAssistant(r *http.Request, user *structs.User, customClaims *structs.CustomClaims) (rerr error) {
+func GetUserInfoFromHomeAssistant(r *http.Request, user *structs.User, customClaims *structs.CustomClaims, ptokens *structs.PTokens) (rerr error) {
+	err, _, providerToken := common.PrepareTokensAndClient(r, ptokens, false)
+	if err != nil {
+		return err
+	}
+	ptokens.PAccessToken = providerToken.Extra("access_token").(string)
 	// Home assistant does not provide an API to query username, so we statically set it to "homeassistant"
 	user.Username = "homeassistant"
 	return nil

handlers/indieauth/indieauth.go

@@ -15,7 +15,7 @@ var (
 	log = cfg.Cfg.Logger
 )
 
-func GetUserInfoFromIndieAuth(r *http.Request, user *structs.User, customClaims *structs.CustomClaims) (rerr error) {
+func GetUserInfoFromIndieAuth(r *http.Request, user *structs.User, customClaims *structs.CustomClaims, ptokens *structs.PTokens) (rerr error) {
 
 	code := r.URL.Query().Get("code")
 	log.Errorf("ptoken.AccessToken: %s", code)

handlers/openid/openid.go

@@ -5,7 +5,6 @@ import (
 	"github.com/vouch/vouch-proxy/handlers/common"
 	"github.com/vouch/vouch-proxy/pkg/cfg"
 	"github.com/vouch/vouch-proxy/pkg/structs"
-	"golang.org/x/oauth2"
 	"io/ioutil"
 	"net/http"
 )
@@ -14,7 +13,11 @@ var (
 	log = cfg.Cfg.Logger
 )
 
-func GetUserInfoFromOpenID(client *http.Client, user *structs.User, customClaims *structs.CustomClaims, ptoken *oauth2.Token) (rerr error) {
+func GetUserInfoFromOpenID(r *http.Request, user *structs.User, customClaims *structs.CustomClaims, ptokens *structs.PTokens) (rerr error) {
+	err, client, _ := common.PrepareTokensAndClient(r, ptokens, true)
+	if err != nil {
+		return err
+	}
 	userinfo, err := client.Get(cfg.GenOAuth.UserInfoURL)
 	if err != nil {
 		return err

handlers/openstax/openstax.go

@@ -5,7 +5,6 @@ import (
 	"github.com/vouch/vouch-proxy/handlers/common"
 	"github.com/vouch/vouch-proxy/pkg/cfg"
 	"github.com/vouch/vouch-proxy/pkg/structs"
-	"golang.org/x/oauth2"
 	"io/ioutil"
 	"net/http"
 )
@@ -14,7 +13,11 @@ var (
 	log = cfg.Cfg.Logger
 )
 
-func GetUserInfoFromOpenStax(client *http.Client, user *structs.User, customClaims *structs.CustomClaims, ptoken *oauth2.Token) (rerr error) {
+func GetUserInfoFromOpenStax(r *http.Request, user *structs.User, customClaims *structs.CustomClaims, ptokens *structs.PTokens) (rerr error) {
+	err, client, _ := common.PrepareTokensAndClient(r, ptokens, false)
+	if err != nil {
+		return err
+	}
 	userinfo, err := client.Get(cfg.GenOAuth.UserInfoURL)
 	if err != nil {
 		return err