forked from baron/baron-sso
fix: verify-only magic link approval flow
This commit is contained in:
Lectom C Han
@@ -774,6 +774,53 @@ func (h *AuthHandler) PollEnchantedLink(c *fiber.Ctx) error {
|
||||
})
|
||||
}
|
||||
|
||||
if data["status"] == "approved" {
|
||||
loginID := data["loginId"]
|
||||
if loginID == "" {
|
||||
loginID = data["login_id"]
|
||||
}
|
||||
if loginID == "" {
|
||||
slog.Warn("[Poll] Approved but missing loginId", "pendingRef", req.PendingRef)
|
||||
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid session reference"})
|
||||
}
|
||||
if h.IdpProvider == nil {
|
||||
return c.Status(fiber.StatusServiceUnavailable).JSON(fiber.Map{"error": "Identity provider unavailable"})
|
||||
}
|
||||
|
||||
authInfo, err := h.IdpProvider.IssueSession(loginID)
|
||||
if err != nil {
|
||||
if errors.Is(err, domain.ErrNotSupported) {
|
||||
return c.Status(fiber.StatusNotImplemented).JSON(fiber.Map{"error": "Login method not supported"})
|
||||
}
|
||||
slog.Error("[Poll] IDP session issue failed", "error", err)
|
||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to issue session"})
|
||||
}
|
||||
if authInfo == nil || authInfo.SessionToken == nil || authInfo.SessionToken.JWT == "" {
|
||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to issue session"})
|
||||
}
|
||||
|
||||
c.Locals("login_id", loginID)
|
||||
setSessionIDLocal(c, authInfo.SessionToken)
|
||||
sessionID := extractSessionIDFromToken(authInfo.SessionToken)
|
||||
|
||||
sessionData := map[string]string{
|
||||
"status": statusSuccess,
|
||||
"jwt": authInfo.SessionToken.JWT,
|
||||
}
|
||||
if sessionID != "" {
|
||||
sessionData["session_id"] = sessionID
|
||||
}
|
||||
sessionDataJSON, _ := json.Marshal(sessionData)
|
||||
h.RedisService.Set(prefixSession+req.PendingRef, string(sessionDataJSON), defaultExpiration)
|
||||
|
||||
h.writeLinkAuditLog(loginID, req.PendingRef, authInfo.SessionToken, c)
|
||||
|
||||
return c.JSON(fiber.Map{
|
||||
"sessionJwt": authInfo.SessionToken.JWT,
|
||||
"status": "ok",
|
||||
})
|
||||
}
|
||||
|
||||
return c.JSON(fiber.Map{
|
||||
"error": "authorization_pending",
|
||||
"interval": int(minPollInterval.Seconds()),
|
||||
@@ -804,6 +851,26 @@ func (h *AuthHandler) VerifyMagicLink(c *fiber.Ctx) error {
|
||||
|
||||
slog.Info("[Verify] Token valid", "loginID", loginID, "pendingRef", pendingRef)
|
||||
|
||||
if req.VerifyOnly {
|
||||
if pendingRef == "" || loginID == "" {
|
||||
slog.Warn("[Verify] Missing pendingRef/loginID for verify-only", "token", req.Token)
|
||||
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid session reference"})
|
||||
}
|
||||
|
||||
// 승인 전용: 세션 발급 없이 승인 상태만 기록
|
||||
sessionData, _ := json.Marshal(map[string]string{
|
||||
"status": "approved",
|
||||
"loginId": loginID,
|
||||
})
|
||||
h.RedisService.Set(prefixSession+pendingRef, string(sessionData), defaultExpiration)
|
||||
|
||||
return c.JSON(fiber.Map{
|
||||
"status": "approved",
|
||||
"pendingRef": pendingRef,
|
||||
"message": "Login approved",
|
||||
})
|
||||
}
|
||||
|
||||
if h.IdpProvider == nil {
|
||||
slog.Error("[Verify] IDP Provider is nil")
|
||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Authentication service not configured"})
|
||||
|
||||
Reference in New Issue
Block a user