Polestar: Enhance consent handling during authentication process #17252
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -90,10 +90,19 @@ func (v *Identity) login() (*oauth2.Token, error) { | |
| var code string | ||
| if _, err = v.Post(uri, request.FormContent, strings.NewReader(params.Encode())); err == nil { | ||
| code, err = param() | ||
| if err == nil && code == "" { | ||
| err = fmt.Errorf("authorization code is empty") | ||
| } | ||
| } | ||
|
|
||
| // If the authorization code is empty, this indicates that user consent must be handled | ||
| // before the code can be obtained. The `confirmConsentAndGetCode` method is called as a | ||
| // workaround to guide the user through the consent process and retrieve the authorization code. | ||
| if code == "" { | ||
| code, err = v.confirmConsentAndGetCode(uri, resume, param) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| } | ||
|
|
||
| var res struct { | ||
|
|
@@ -137,3 +146,47 @@ func (v *Identity) RefreshToken(token *oauth2.Token) (*oauth2.Token, error) { | |
|
|
||
| return v.login() | ||
| } | ||
|
|
||
| func (v *Identity) confirmConsentAndGetCode(uri, resume string, param request.InterceptResult) (string, error) { | ||
|
|
||
| fmt.Printf("Attempting to retrieve authorization code again after user consent confirmation") | ||
|
|
||
| // Attempt to extract the "uid" parameter | ||
| v.Client.CheckRedirect, param = request.InterceptRedirect("uid", true) | ||
| defer func() { v.Client.CheckRedirect = nil }() | ||
|
|
||
| // Extract the user ID (UID) from the redirect parameters | ||
| var uid string | ||
| if uid, err := param(); err != nil || uid == "" { | ||
|
There was a problem hiding this comment. In my tests, there is no UID in the params, still trying to figure out why. There was a problem hiding this comment. We are never reading a "uid" so it also cannot be extracted. I guess there is still something missing to make that work There was a problem hiding this comment. Does that actually work for you @rostbeule ? For me it never retrieves the There is a rather simple Python script that works perfectly fine for me: Here you can see that the I am still trying to figure out the difference to this working example but again struggle with Go 😉 There was a problem hiding this comment. I can reassure you there. These are actually my first experiences with Go. Honestly, I tested it in C# and tried to transfer it to Go. But I was upfront about that 😅 Will have a look into that There was a problem hiding this comment. This uid is NOT the one from the line above. Due to := you‘re „shadowing“ it. Use = instead! There was a problem hiding this comment. Wow, I didn't expect that! Thanks for the tip. Learned something new :) There was a problem hiding this comment. It is not enough to solve the problem of not reading the The code proposal by @scyomantion works for me though. Are you making the changes accordingly @rostbeule? |
||
| return "", fmt.Errorf("Failed to extract user ID: %w", err) | ||
| } | ||
|
|
||
| // Confirm user consent by submitting the consent form, which rejects cookies | ||
| data := url.Values{ | ||
| "pf.submit": []string{"false"}, | ||
| "subject": []string{uid}, | ||
| } | ||
|
|
||
| // Make a POST request to confirm the user consent | ||
| if _, err := v.Post(fmt.Sprintf("%s/as/%s/resume/as/authorization.ping", OAuthURI, resume), request.FormContent, strings.NewReader(data.Encode())); err != nil { | ||
| return "", fmt.Errorf("Error confirming user consent to reject cookies during the authentication process: %w", err) | ||
| } | ||
|
|
||
| // Retrieve the authorization code after consent has been confirmed | ||
| v.Client.CheckRedirect, param = request.InterceptRedirect("code", true) | ||
| defer func() { v.Client.CheckRedirect = nil }() | ||
|
|
||
| // Make a GET request to fetch the code | ||
| if _, err := v.Get(uri); err != nil { | ||
| return "", fmt.Errorf("Error retrieving the authorization code after consent confirmation: %w", err) | ||
| } | ||
|
|
||
| // Extract the authorization code from the response | ||
| code, err := param() | ||
| if err != nil || code == "" { | ||
| return "", fmt.Errorf("Failed to extract authorization code: %w", err) | ||
| } | ||
|
|
||
| // Return the retrieved code | ||
| return code, nil | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We will never reach this as in line 96 we will return due to the error of not having the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Damn it – I missed the early return!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm