From cfe68a5329892a5a44b7280b7b86ccf067fd9126 Mon Sep 17 00:00:00 2001
From: DROGOU Laurent <ldrogou@gmail.com>
Date: Wed, 27 Jan 2021 13:48:11 +0100
Subject: [PATCH] =?UTF-8?q?ajout=20du=20champ=20state=20dans=20redirecturi?=
 =?UTF-8?q?=20pour=20r=C3=A9cup=C3=A9rer=20les=20params?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 routes.auth.go | 24 ++++++++++++++----------
 store/store.go | 24 ++++++++++++------------
 2 files changed, 26 insertions(+), 22 deletions(-)

diff --git a/routes.auth.go b/routes.auth.go
index a1c338c..98791ac 100644
--- a/routes.auth.go
+++ b/routes.auth.go
@@ -46,12 +46,12 @@ type Claims struct {
 func (s *server) handleIndex() http.HandlerFunc {
 	return func(rw http.ResponseWriter, r *http.Request) {
 
-		err := s.store.DeleteOauth()
+		err := s.store.DeleteOauth(1)
 		if err != nil {
 			fmt.Printf("erreur à la récupération des paramètres %v", err)
 		}
 
-		err = s.store.DeleteParam()
+		err = s.store.DeleteParam("state")
 		if err != nil {
 			fmt.Printf("erreur à la récupération des paramètres %v", err)
 		}
@@ -161,7 +161,7 @@ func (s *server) handleOAuth20() http.HandlerFunc {
 		rhttp := "https://" + d + "/entreprise-partenaire/authorize?client_id=" + ci +
 			"&scope=" + sc +
 			"&current_company=" + cc +
-			"&redirect_uri=http://localhost:8080/oauth/redirect" +
+			"&redirect_uri=http://localhost:8080/oauth/redirect%3Fstate=ererer" +
 			"&abort_uri=http://localhost:8080/index"
 		http.Redirect(rw, r, rhttp, http.StatusMovedPermanently)
 
@@ -172,12 +172,15 @@ func (s *server) handleOAuth20() http.HandlerFunc {
 func (s *server) handleRedirect() http.HandlerFunc {
 	return func(rw http.ResponseWriter, r *http.Request) {
 
-		codes, _ := r.URL.Query()["code"]
-		p, err := s.store.GetParam()
+		c := r.URL.Query().Get("code")
+		st := r.URL.Query().Get("state")
+
+		// ici jouter la récupération du param
+		p, err := s.store.GetParam(st)
 		if err != nil {
 			fmt.Printf("erreur à la recupération des param (err=%v)", err)
 		}
-		jsonStr := constJSONToken(codes[0], p)
+		jsonStr := constJSONToken(c, st, p)
 
 		apiURL := "https://api." + p.Domaine + "/auth/v1/oauth2.0/accessToken"
 		data := url.Values{}
@@ -228,8 +231,9 @@ func (s *server) handleRedirect() http.HandlerFunc {
 			fmt.Printf("erreur suivante %v", err)
 		}
 
+		monID := strconv.Itoa(int(o.ID))
 		// Puis redisrect vers page resultat
-		rj := "http://localhost:8080/jwt"
+		rj := "http://localhost:8080/jwt?model=" + monID
 		http.Redirect(rw, r, rj, http.StatusMovedPermanently)
 	}
 }
@@ -244,7 +248,7 @@ func (s *server) handleJSONWebToken() http.HandlerFunc {
 			fmt.Printf("erreur suivante %v", err)
 		}
 
-		oauth, _ := s.store.GetOauth()
+		oauth, _ := s.store.GetOauth(1)
 		tokenVal := oauth.AccessToken
 
 		fmt.Println("============")
@@ -281,12 +285,12 @@ func (s *server) handleJSONWebToken() http.HandlerFunc {
 	}
 }
 
-func constJSONToken(code string, param *model.Param) JSONToken {
+func constJSONToken(code, state string, param *model.Param) JSONToken {
 	return JSONToken{
 		ClientID:     param.ClientID,
 		ClientSecret: param.ClientSecret,
 		GrantType:    param.GrantType,
-		RedirectURI:  "http://localhost:8080/oauth/redirect",
+		RedirectURI:  "http://localhost:8080/oauth/redirect?state=" + state,
 		Code:         code,
 	}
 }
diff --git a/store/store.go b/store/store.go
index d5c1b6a..957395b 100644
--- a/store/store.go
+++ b/store/store.go
@@ -12,13 +12,13 @@ type Store interface {
 	Open() error
 	Close() error
 
-	GetOauth() (*model.Oauth, error)
+	GetOauth(id int64) (*model.Oauth, error)
 	CreateOauth(m *model.Oauth) error
-	DeleteOauth() error
+	DeleteOauth(id int64) error
 
-	GetParam() (*model.Param, error)
+	GetParam(state string) (*model.Param, error)
 	CreateParam(m *model.Param) error
-	DeleteParam() error
+	DeleteParam(state string) error
 }
 
 type DbStore struct {
@@ -64,9 +64,9 @@ func (store *DbStore) Close() error {
 	return store.db.Close()
 }
 
-func (store *DbStore) GetOauth() (*model.Oauth, error) {
+func (store *DbStore) GetOauth(id int64) (*model.Oauth, error) {
 	var oauth = &model.Oauth{}
-	err := store.db.Get(oauth, "SELECT * FROM oauth")
+	err := store.db.Get(oauth, "SELECT * FROM oauth where id=$1", id)
 	if err != nil {
 		return oauth, err
 	}
@@ -86,8 +86,8 @@ func (store *DbStore) CreateOauth(o *model.Oauth) error {
 
 }
 
-func (store *DbStore) DeleteOauth() error {
-	_, err := store.db.Exec("DELETE FROM oauth", nil)
+func (store *DbStore) DeleteOauth(id int64) error {
+	_, err := store.db.Exec("DELETE FROM oauth where id=?", id)
 	if err != nil {
 		return err
 	}
@@ -95,9 +95,9 @@ func (store *DbStore) DeleteOauth() error {
 	return err
 
 }
-func (store *DbStore) GetParam() (*model.Param, error) {
+func (store *DbStore) GetParam(state string) (*model.Param, error) {
 	var param = &model.Param{}
-	err := store.db.Get(param, "SELECT * FROM param")
+	err := store.db.Get(param, "SELECT * FROM param where state=$1", state)
 	if err != nil {
 		return param, err
 	}
@@ -116,8 +116,8 @@ func (store *DbStore) CreateParam(p *model.Param) error {
 
 }
 
-func (store *DbStore) DeleteParam() error {
-	_, err := store.db.Exec("DELETE FROM param", nil)
+func (store *DbStore) DeleteParam(state string) error {
+	_, err := store.db.Exec("DELETE FROM param where state=?", state)
 	if err != nil {
 		return err
 	}