fix missing profile support on consent screen creation; change rotation to pointer

13def653 · Gabriel Zachmann · 24083edc · 13def653 · 13def653 · 13def653
Verified Commit 13def653 authored 2 years ago by Gabriel Zachmann
--- a/internal/endpoints/consent/consent.go
+++ b/internal/endpoints/consent/consent.go
@@ -81,7 +81,7 @@ func getAuthInfoFromConsentCodeStr(rlog log.Ext1FieldLogger, code string) (

 // HandleCreateConsent returns a consent page for the posted parameters
 func HandleCreateConsent(ctx *fiber.Ctx) error {
-	req := pkg.ConsentRequest{}
+	req := pkg2.NewMytokenRequest()
 	if err := json.Unmarshal(ctx.Body(), &req); err != nil {
 		return model.ErrorToBadRequestErrorResponse(err).Send(ctx)
 	}
@@ -93,22 +93,16 @@ func HandleCreateConsent(ctx *fiber.Ctx) error {
 	}
 	rlog := logger.GetRequestLogger(ctx)
 	mt, _ := auth.RequireValidMytoken(rlog, nil, &req.Mytoken, ctx)
-	r, _ := restrictions.Tighten(rlog, mt.Restrictions, req.Restrictions)
-	c := api.TightenCapabilities(mt.Capabilities, req.Capabilities)
+	r, _ := restrictions.Tighten(rlog, mt.Restrictions, req.Restrictions.Restrictions)
+	c := api.TightenCapabilities(mt.Capabilities, req.Capabilities.Capabilities)
 	info := &pkg2.OIDCFlowRequest{
 		GeneralMytokenRequest: profiled.GeneralMytokenRequest{
-			GeneralMytokenRequest: api.GeneralMytokenRequest{
-				Issuer:          req.Issuer,
-				Name:            req.TokenName,
-				ApplicationName: req.ApplicationName,
-			},
-			Capabilities: profiled.Capabilities{Capabilities: c},
-			Restrictions: profiled.Restrictions{Restrictions: r},
+			GeneralMytokenRequest: req.GeneralMytokenRequest.GeneralMytokenRequest,
+			Capabilities:          profiled.Capabilities{Capabilities: c},
+			Restrictions:          profiled.Restrictions{Restrictions: r},
 		},
 	}
-	if req.Rotation != nil {
-		info.Rotation.Rotation = *req.Rotation
-	}
+	info.Rotation = req.Rotation
 	return handleConsent(ctx, info, false)
 }


--- a/internal/endpoints/token/mytoken/mytokenEndpoint.go
+++ b/internal/endpoints/token/mytoken/mytokenEndpoint.go
@@ -23,7 +23,7 @@ func HandleMytokenEndpoint(ctx *fiber.Ctx) error {
 	if err != nil {
 		return model.ErrorToBadRequestErrorResponse(err).Send(ctx)
 	}
-	rlog.WithField("grant_type", grantType).Trace("Received mytoken request")
+	rlog.WithField("grant_type", grantType.String()).Trace("Received mytoken request")
 	switch grantType {
 	case model.GrantTypeMytoken:
 		return mytoken.HandleMytokenFromMytoken(ctx).Send(ctx)
@@ -47,7 +47,7 @@ func HandleMytokenEndpoint(ctx *fiber.Ctx) error {

 func handleOIDCFlow(ctx *fiber.Ctx) error {
 	req := response.NewOIDCFlowRequest()
-	if err := json.Unmarshal(ctx.Body(), &req); err != nil {
+	if err := json.Unmarshal(ctx.Body(), req); err != nil {
 		return model.ErrorToBadRequestErrorResponse(err).Send(ctx)
 	}
 	_, ok := config.Get().ProviderByIssuer[req.Issuer]

--- a/internal/model/profiled/request.go
+++ b/internal/model/profiled/request.go
@@ -14,7 +14,7 @@ type GeneralMytokenRequest struct {
 	api.GeneralMytokenRequest
 	Restrictions Restrictions       `json:"restrictions,omitempty"`
 	Capabilities Capabilities       `json:"capabilities,omitempty"`
-	Rotation     Rotation           `json:"rotation,omitempty"`
+	Rotation     *Rotation          `json:"rotation,omitempty"`
 	GrantType    model.GrantType    `json:"grant_type"`
 	ResponseType model.ResponseType `json:"response_type"`
 }
@@ -41,7 +41,9 @@ func (r *GeneralMytokenRequest) UnmarshalJSON(bytes []byte) error {
 	r.Restrictions.Restrictions = restrictions.NewRestrictionsFromAPI(p.Restrictions)
 	r.Capabilities.Capabilities = p.Capabilities
 	if p.Rotation != nil {
-		r.Rotation.Rotation = *p.Rotation
+		r.Rotation = &Rotation{
+			Rotation: *p.Rotation,
+		}
 	}
 	if len(r.Capabilities.Capabilities) == 0 {
 		r.Capabilities.Capabilities = api.DefaultCapabilities

--- a/internal/mytoken/mytokenHandler.go
+++ b/internal/mytoken/mytokenHandler.go
@@ -254,9 +254,13 @@ func createMytokenEntry(
 			Response: model.BadRequestError("mytoken to be issued cannot have any of the requested capabilities"),
 		}
 	}
+	var rot *api.Rotation
+	if req.Rotation != nil {
+		rot = &req.Rotation.Rotation
+	}
 	ste := mytokenrepo.NewMytokenEntry(
 		mytoken.NewMytoken(
-			parent.OIDCSubject, parent.OIDCIssuer, req.GeneralMytokenRequest.Name, r, c, &req.Rotation.Rotation,
+			parent.OIDCSubject, parent.OIDCIssuer, req.GeneralMytokenRequest.Name, r, c, rot,
 			parent.AuthTime,
 		),
 		req.GeneralMytokenRequest.Name, networkData,

--- a/internal/oidc/authcode/authcode.go
+++ b/internal/oidc/authcode/authcode.go
@@ -325,6 +325,10 @@ func createMytokenEntry(
 	rlog log.Ext1FieldLogger, tx *sqlx.Tx, authFlowInfo *authcodeinforepo.AuthFlowInfoOut, token *oauth2.Token,
 	oidcSub string, networkData api.ClientMetaData,
 ) (*mytokenrepo.MytokenEntry, error) {
+	var rot *api.Rotation
+	if authFlowInfo.Rotation != nil {
+		rot = &authFlowInfo.Rotation.Rotation
+	}
 	mte := mytokenrepo.NewMytokenEntry(
 		mytoken.NewMytoken(
 			oidcSub,
@@ -332,7 +336,7 @@ func createMytokenEntry(
 			authFlowInfo.Name,
 			authFlowInfo.Restrictions.Restrictions,
 			authFlowInfo.Capabilities.Capabilities,
-			&authFlowInfo.Rotation.Rotation,
+			rot,
 			unixtime.Now(),
 		),
 		authFlowInfo.Name, networkData,