oauth2: Use html templates in fallback endpoints (ory#1202)

Signed-off-by: aeneasr <[email protected]>
m7715 · Dec 6, 2018 · 9b5bbd4 · 9b5bbd4
1 parent 7f50b94
commit 9b5bbd4
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 90 deletions.
diff --git a/go.mod b/go.mod
@@ -42,7 +42,7 @@ require (
 	github.com/urfave/negroni v1.0.0
 	github.com/ziutek/mymysql v1.5.4 // indirect
 	go.uber.org/atomic v1.3.2 // indirect
-	golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4
+	golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
 	golang.org/x/net v0.0.0-20181029044818-c44066c5c816 // indirect
 	golang.org/x/oauth2 v0.0.0-20181003184128-c57b0facaced
 	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect

diff --git a/go.sum b/go.sum
@@ -266,6 +266,8 @@ golang.org/x/crypto v0.0.0-20180830192347-182538f80094/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4 h1:Vk3wNqEZwyGyei9yq5ekj7frek2u7HUfffJ1/opblzc=
 golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180611182652-db08ff08e862 h1:JZi6BqOZ+iSgmLWe6llhGrNnEnK+YB/MRkStwnEfbqM=
 golang.org/x/net v0.0.0-20180611182652-db08ff08e862/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

diff --git a/main_test.go.bak b/main_test.go.bak
diff --git a/oauth2/handler_fallback_endpoints.go b/oauth2/handler_fallback_endpoints.go
@@ -21,7 +21,7 @@
 package oauth2
 
 import (
-	"fmt"
+	"html/template"
 	"net/http"
 
 	"github.com/julienschmidt/httprouter"
@@ -31,7 +31,7 @@ func (h *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request,
 	h.L.Warnln("It looks like no consent/login URL was set. All OAuth2 flows except client credentials will fail.")
 	h.L.Warnln("A client requested the default login & consent URL, environment variable OAUTH2_CONSENT_URL or OAUTH2_LOGIN_URL or both are probably not set.")
 
-	w.Write([]byte(`
+	t, err := template.New("consent").Parse(`
 <html>
 <head>
 	<title>Misconfigured consent/login URL</title>
@@ -47,13 +47,22 @@ func (h *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request,
 </p>
 </body>
 </html>
-`))
+`)
+	if err != nil {
+		h.H.WriteError(w, r, err)
+		return
+	}
+
+	if err := t.Execute(w, nil); err != nil {
+		h.H.WriteError(w, r, err)
+		return
+	}
 }
 
 func (h *Handler) DefaultErrorHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 	h.L.Warnln("A client requested the default error URL, environment variable OAUTH2_ERROR_URL is probably not set.")
 
-	fmt.Fprintf(w, `
+	t, err := template.New("consent").Parse(`
 <html>
 <head>
 	<title>An OAuth 2.0 Error Occurred</title>
@@ -63,10 +72,10 @@ func (h *Handler) DefaultErrorHandler(w http.ResponseWriter, r *http.Request, _
 	The OAuth2 request resulted in an error.
 </h1>
 <ul>
-	<li>Error: %s</li>
-	<li>Description: %s</li>
-	<li>Hint: %s</li>
-	<li>Debug: %s</li>
+	<li>Error: {{ .Name }}</li>
+	<li>Description: {{ .Description }}</li>
+	<li>Hint: {{ .Hint }}</li>
+	<li>Debug: {{ .Debug }}</li>
 </ul>
 <p>
 	You are seeing this default error page because the administrator has not set a dedicated error URL (environment variable <code>OAUTH2_ERROR_URL</code> is not set). 
@@ -75,13 +84,31 @@ func (h *Handler) DefaultErrorHandler(w http.ResponseWriter, r *http.Request, _
 </p>
 </body>
 </html>
-`, r.URL.Query().Get("error"), r.URL.Query().Get("error_description"), r.URL.Query().Get("error_hint"), r.URL.Query().Get("error_debug"))
+`)
+	if err != nil {
+		h.H.WriteError(w, r, err)
+		return
+	}
+
+	if err := t.Execute(w, struct {
+		Name        string
+		Description string
+		Hint        string
+		Debug       string
+	}{
+		Name:        r.URL.Query().Get("error"),
+		Description: r.URL.Query().Get("error_description"),
+		Hint:        r.URL.Query().Get("error_hint"),
+		Debug:       r.URL.Query().Get("error_debug"),
+	}); err != nil {
+		h.H.WriteError(w, r, err)
+		return
+	}
 }
 
 func (h *Handler) DefaultLogoutHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 	h.L.Warnln("A client requested the default logout URL, environment variable OAUTH2_LOGOUT_REDIRECT_URL is probably not set.")
-
-	fmt.Fprintf(w, `
+	t, err := template.New("consent").Parse(`
 <html>
 <head>
 	<title>You logged out successfully</title>
@@ -98,4 +125,13 @@ func (h *Handler) DefaultLogoutHandler(w http.ResponseWriter, r *http.Request, _
 </body>
 </html>
 `)
+	if err != nil {
+		h.H.WriteError(w, r, err)
+		return
+	}
+
+	if err := t.Execute(w, nil); err != nil {
+		h.H.WriteError(w, r, err)
+		return
+	}
 }