Skip to content

Commit a05f5ce

Browse files
lakhansamanilakhansamani
committed
fix apple login nil pointer exception
1 parent b7627a3 commit a05f5ce

File tree

1 file changed

+45
-52
lines changed

1 file changed

+45
-52
lines changed

server/handlers/oauth_callback.go

Lines changed: 45 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -285,48 +285,46 @@ func OAuthCallbackHandler() gin.HandlerFunc {
285285
}
286286

287287
func processGoogleUserInfo(ctx context.Context, code string) (*models.User, error) {
288-
var user *models.User
289288
oauth2Token, err := oauth.OAuthProviders.GoogleConfig.Exchange(ctx, code)
290289
if err != nil {
291290
log.Debug("Failed to exchange code for token: ", err)
292-
return user, fmt.Errorf("invalid google exchange code: %s", err.Error())
291+
return nil, fmt.Errorf("invalid google exchange code: %s", err.Error())
293292
}
294293
verifier := oauth.OIDCProviders.GoogleOIDC.Verifier(&oidc.Config{ClientID: oauth.OAuthProviders.GoogleConfig.ClientID})
295294

296295
// Extract the ID Token from OAuth2 token.
297296
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
298297
if !ok {
299298
log.Debug("Failed to extract ID Token from OAuth2 token")
300-
return user, fmt.Errorf("unable to extract id_token")
299+
return nil, fmt.Errorf("unable to extract id_token")
301300
}
302301

303302
// Parse and verify ID Token payload.
304303
idToken, err := verifier.Verify(ctx, rawIDToken)
305304
if err != nil {
306305
log.Debug("Failed to verify ID Token: ", err)
307-
return user, fmt.Errorf("unable to verify id_token: %s", err.Error())
306+
return nil, fmt.Errorf("unable to verify id_token: %s", err.Error())
308307
}
309-
308+
user := &models.User{}
310309
if err := idToken.Claims(&user); err != nil {
311310
log.Debug("Failed to parse ID Token claims: ", err)
312-
return user, fmt.Errorf("unable to extract claims")
311+
return nil, fmt.Errorf("unable to extract claims")
313312
}
314313

315314
return user, nil
316315
}
317316

318317
func processGithubUserInfo(ctx context.Context, code string) (*models.User, error) {
319-
var user *models.User
320318
oauth2Token, err := oauth.OAuthProviders.GithubConfig.Exchange(ctx, code)
321319
if err != nil {
322320
log.Debug("Failed to exchange code for token: ", err)
323-
return user, fmt.Errorf("invalid github exchange code: %s", err.Error())
321+
return nil, fmt.Errorf("invalid github exchange code: %s", err.Error())
324322
}
325323
client := http.Client{}
326324
req, err := http.NewRequest("GET", constants.GithubUserInfoURL, nil)
327325
if err != nil {
328326
log.Debug("Failed to create github user info request: ", err)
329-
return user, fmt.Errorf("error creating github user info request: %s", err.Error())
327+
return nil, fmt.Errorf("error creating github user info request: %s", err.Error())
330328
}
331329
req.Header.Set(
332330
"Authorization", fmt.Sprintf("token %s", oauth2Token.AccessToken),
@@ -335,18 +333,18 @@ func processGithubUserInfo(ctx context.Context, code string) (*models.User, erro
335333
response, err := client.Do(req)
336334
if err != nil {
337335
log.Debug("Failed to request github user info: ", err)
338-
return user, err
336+
return nil, err
339337
}
340338

341339
defer response.Body.Close()
342340
body, err := io.ReadAll(response.Body)
343341
if err != nil {
344342
log.Debug("Failed to read github user info response body: ", err)
345-
return user, fmt.Errorf("failed to read github response body: %s", err.Error())
343+
return nil, fmt.Errorf("failed to read github response body: %s", err.Error())
346344
}
347345
if response.StatusCode >= 400 {
348346
log.Debug("Failed to request github user info: ", string(body))
349-
return user, fmt.Errorf("failed to request github user info: %s", string(body))
347+
return nil, fmt.Errorf("failed to request github user info: %s", string(body))
350348
}
351349

352350
userRawData := make(map[string]string)
@@ -375,7 +373,7 @@ func processGithubUserInfo(ctx context.Context, code string) (*models.User, erro
375373
req, err := http.NewRequest(http.MethodGet, constants.GithubUserEmails, nil)
376374
if err != nil {
377375
log.Debug("Failed to create github emails request: ", err)
378-
return user, fmt.Errorf("error creating github user info request: %s", err.Error())
376+
return nil, fmt.Errorf("error creating github user info request: %s", err.Error())
379377
}
380378
req.Header.Set(
381379
"Authorization", fmt.Sprintf("token %s", oauth2Token.AccessToken),
@@ -384,24 +382,25 @@ func processGithubUserInfo(ctx context.Context, code string) (*models.User, erro
384382
response, err := client.Do(req)
385383
if err != nil {
386384
log.Debug("Failed to request github user email: ", err)
387-
return user, err
385+
return nil, err
388386
}
389387

390388
defer response.Body.Close()
391389
body, err := io.ReadAll(response.Body)
392390
if err != nil {
393391
log.Debug("Failed to read github user email response body: ", err)
394-
return user, fmt.Errorf("failed to read github response body: %s", err.Error())
392+
return nil, fmt.Errorf("failed to read github response body: %s", err.Error())
395393
}
396394
if response.StatusCode >= 400 {
397395
log.Debug("Failed to request github user email: ", string(body))
398-
return user, fmt.Errorf("failed to request github user info: %s", string(body))
396+
return nil, fmt.Errorf("failed to request github user info: %s", string(body))
399397
}
400398

401399
emailData := []GithubUserEmails{}
402400
err = json.Unmarshal(body, &emailData)
403401
if err != nil {
404402
log.Debug("Failed to parse github user email: ", err)
403+
return nil, fmt.Errorf("failed to parse github user email: %s", err.Error())
405404
}
406405

407406
for _, userEmail := range emailData {
@@ -412,7 +411,7 @@ func processGithubUserInfo(ctx context.Context, code string) (*models.User, erro
412411
}
413412
}
414413

415-
user = &models.User{
414+
user := &models.User{
416415
GivenName: &firstName,
417416
FamilyName: &lastName,
418417
Picture: &picture,
@@ -423,34 +422,33 @@ func processGithubUserInfo(ctx context.Context, code string) (*models.User, erro
423422
}
424423

425424
func processFacebookUserInfo(ctx context.Context, code string) (*models.User, error) {
426-
var user *models.User
427425
oauth2Token, err := oauth.OAuthProviders.FacebookConfig.Exchange(ctx, code)
428426
if err != nil {
429427
log.Debug("Invalid facebook exchange code: ", err)
430-
return user, fmt.Errorf("invalid facebook exchange code: %s", err.Error())
428+
return nil, fmt.Errorf("invalid facebook exchange code: %s", err.Error())
431429
}
432430
client := http.Client{}
433431
req, err := http.NewRequest("GET", constants.FacebookUserInfoURL+oauth2Token.AccessToken, nil)
434432
if err != nil {
435433
log.Debug("Error creating facebook user info request: ", err)
436-
return user, fmt.Errorf("error creating facebook user info request: %s", err.Error())
434+
return nil, fmt.Errorf("error creating facebook user info request: %s", err.Error())
437435
}
438436

439437
response, err := client.Do(req)
440438
if err != nil {
441439
log.Debug("Failed to process facebook user: ", err)
442-
return user, err
440+
return nil, err
443441
}
444442

445443
defer response.Body.Close()
446444
body, err := io.ReadAll(response.Body)
447445
if err != nil {
448446
log.Debug("Failed to read facebook response: ", err)
449-
return user, fmt.Errorf("failed to read facebook response body: %s", err.Error())
447+
return nil, fmt.Errorf("failed to read facebook response body: %s", err.Error())
450448
}
451449
if response.StatusCode >= 400 {
452450
log.Debug("Failed to request facebook user info: ", string(body))
453-
return user, fmt.Errorf("failed to request facebook user info: %s", string(body))
451+
return nil, fmt.Errorf("failed to request facebook user info: %s", string(body))
454452
}
455453
userRawData := make(map[string]interface{})
456454
json.Unmarshal(body, &userRawData)
@@ -463,7 +461,7 @@ func processFacebookUserInfo(ctx context.Context, code string) (*models.User, er
463461
lastName := fmt.Sprintf("%v", userRawData["last_name"])
464462
picture := fmt.Sprintf("%v", picDataObject["url"])
465463

466-
user = &models.User{
464+
user := &models.User{
467465
GivenName: &firstName,
468466
FamilyName: &lastName,
469467
Picture: &picture,
@@ -474,18 +472,17 @@ func processFacebookUserInfo(ctx context.Context, code string) (*models.User, er
474472
}
475473

476474
func processLinkedInUserInfo(ctx context.Context, code string) (*models.User, error) {
477-
var user *models.User
478475
oauth2Token, err := oauth.OAuthProviders.LinkedInConfig.Exchange(ctx, code)
479476
if err != nil {
480477
log.Debug("Failed to exchange code for token: ", err)
481-
return user, fmt.Errorf("invalid linkedin exchange code: %s", err.Error())
478+
return nil, fmt.Errorf("invalid linkedin exchange code: %s", err.Error())
482479
}
483480

484481
client := http.Client{}
485482
req, err := http.NewRequest("GET", constants.LinkedInUserInfoURL, nil)
486483
if err != nil {
487484
log.Debug("Failed to create linkedin user info request: ", err)
488-
return user, fmt.Errorf("error creating linkedin user info request: %s", err.Error())
485+
return nil, fmt.Errorf("error creating linkedin user info request: %s", err.Error())
489486
}
490487
req.Header = http.Header{
491488
"Authorization": []string{fmt.Sprintf("Bearer %s", oauth2Token.AccessToken)},
@@ -494,19 +491,19 @@ func processLinkedInUserInfo(ctx context.Context, code string) (*models.User, er
494491
response, err := client.Do(req)
495492
if err != nil {
496493
log.Debug("Failed to request linkedin user info: ", err)
497-
return user, err
494+
return nil, err
498495
}
499496

500497
defer response.Body.Close()
501498
body, err := io.ReadAll(response.Body)
502499
if err != nil {
503500
log.Debug("Failed to read linkedin user info response body: ", err)
504-
return user, fmt.Errorf("failed to read linkedin response body: %s", err.Error())
501+
return nil, fmt.Errorf("failed to read linkedin response body: %s", err.Error())
505502
}
506503

507504
if response.StatusCode >= 400 {
508505
log.Debug("Failed to request linkedin user info: ", string(body))
509-
return user, fmt.Errorf("failed to request linkedin user info: %s", string(body))
506+
return nil, fmt.Errorf("failed to request linkedin user info: %s", string(body))
510507
}
511508

512509
userRawData := make(map[string]interface{})
@@ -515,7 +512,7 @@ func processLinkedInUserInfo(ctx context.Context, code string) (*models.User, er
515512
req, err = http.NewRequest("GET", constants.LinkedInEmailURL, nil)
516513
if err != nil {
517514
log.Debug("Failed to create linkedin email info request: ", err)
518-
return user, fmt.Errorf("error creating linkedin user info request: %s", err.Error())
515+
return nil, fmt.Errorf("error creating linkedin user info request: %s", err.Error())
519516
}
520517
req.Header = http.Header{
521518
"Authorization": []string{fmt.Sprintf("Bearer %s", oauth2Token.AccessToken)},
@@ -524,18 +521,18 @@ func processLinkedInUserInfo(ctx context.Context, code string) (*models.User, er
524521
response, err = client.Do(req)
525522
if err != nil {
526523
log.Debug("Failed to request linkedin email info: ", err)
527-
return user, err
524+
return nil, err
528525
}
529526

530527
defer response.Body.Close()
531528
body, err = io.ReadAll(response.Body)
532529
if err != nil {
533530
log.Debug("Failed to read linkedin email info response body: ", err)
534-
return user, fmt.Errorf("failed to read linkedin email response body: %s", err.Error())
531+
return nil, fmt.Errorf("failed to read linkedin email response body: %s", err.Error())
535532
}
536533
if response.StatusCode >= 400 {
537534
log.Debug("Failed to request linkedin user info: ", string(body))
538-
return user, fmt.Errorf("failed to request linkedin user info: %s", string(body))
535+
return nil, fmt.Errorf("failed to request linkedin user info: %s", string(body))
539536
}
540537
emailRawData := make(map[string]interface{})
541538
json.Unmarshal(body, &emailRawData)
@@ -545,7 +542,7 @@ func processLinkedInUserInfo(ctx context.Context, code string) (*models.User, er
545542
profilePicture := userRawData["profilePicture"].(map[string]interface{})["displayImage~"].(map[string]interface{})["elements"].([]interface{})[0].(map[string]interface{})["identifiers"].([]interface{})[0].(map[string]interface{})["identifier"].(string)
546543
emailAddress := emailRawData["elements"].([]interface{})[0].(map[string]interface{})["handle~"].(map[string]interface{})["emailAddress"].(string)
547544

548-
user = &models.User{
545+
user := &models.User{
549546
GivenName: &firstName,
550547
FamilyName: &lastName,
551548
Picture: &profilePicture,
@@ -556,7 +553,7 @@ func processLinkedInUserInfo(ctx context.Context, code string) (*models.User, er
556553
}
557554

558555
func processAppleUserInfo(ctx context.Context, code string) (*models.User, error) {
559-
var user *models.User
556+
var user = &models.User{}
560557
oauth2Token, err := oauth.OAuthProviders.AppleConfig.Exchange(ctx, code)
561558
if err != nil {
562559
log.Debug("Failed to exchange code for token: ", err)
@@ -579,14 +576,12 @@ func processAppleUserInfo(ctx context.Context, code string) (*models.User, error
579576
}
580577

581578
claims := make(map[string]interface{})
582-
log.Debug("Decoded data :%s", string(decodedClaimsData))
583579
err = json.Unmarshal(decodedClaimsData, &claims)
584580
if err != nil {
585581
log.Debug("Failed to unmarshal claims data: ", err)
586582
return user, fmt.Errorf("failed to unmarshal claims data: %s", err.Error())
587583
}
588-
589-
if val, ok := claims["email"]; !ok {
584+
if val, ok := claims["email"]; !ok || val == nil {
590585
log.Debug("Failed to extract email from claims.")
591586
return user, fmt.Errorf("unable to extract email, please check the scopes enabled for your app. It needs `email`, `name` scopes")
592587
} else {
@@ -611,18 +606,17 @@ func processAppleUserInfo(ctx context.Context, code string) (*models.User, error
611606
}
612607

613608
func processTwitterUserInfo(ctx context.Context, code, verifier string) (*models.User, error) {
614-
var user *models.User
615609
oauth2Token, err := oauth.OAuthProviders.TwitterConfig.Exchange(ctx, code, oauth2.SetAuthURLParam("code_verifier", verifier))
616610
if err != nil {
617611
log.Debug("Failed to exchange code for token: ", err)
618-
return user, fmt.Errorf("invalid twitter exchange code: %s", err.Error())
612+
return nil, fmt.Errorf("invalid twitter exchange code: %s", err.Error())
619613
}
620614

621615
client := http.Client{}
622616
req, err := http.NewRequest("GET", constants.TwitterUserInfoURL, nil)
623617
if err != nil {
624618
log.Debug("Failed to create Twitter user info request: ", err)
625-
return user, fmt.Errorf("error creating Twitter user info request: %s", err.Error())
619+
return nil, fmt.Errorf("error creating Twitter user info request: %s", err.Error())
626620
}
627621
req.Header = http.Header{
628622
"Authorization": []string{fmt.Sprintf("Bearer %s", oauth2Token.AccessToken)},
@@ -631,19 +625,19 @@ func processTwitterUserInfo(ctx context.Context, code, verifier string) (*models
631625
response, err := client.Do(req)
632626
if err != nil {
633627
log.Debug("Failed to request Twitter user info: ", err)
634-
return user, err
628+
return nil, err
635629
}
636630

637631
defer response.Body.Close()
638632
body, err := io.ReadAll(response.Body)
639633
if err != nil {
640634
log.Debug("Failed to read Twitter user info response body: ", err)
641-
return user, fmt.Errorf("failed to read Twitter response body: %s", err.Error())
635+
return nil, fmt.Errorf("failed to read Twitter response body: %s", err.Error())
642636
}
643637

644638
if response.StatusCode >= 400 {
645639
log.Debug("Failed to request Twitter user info: ", string(body))
646-
return user, fmt.Errorf("failed to request Twitter user info: %s", string(body))
640+
return nil, fmt.Errorf("failed to request Twitter user info: %s", string(body))
647641
}
648642

649643
responseRawData := make(map[string]interface{})
@@ -667,7 +661,7 @@ func processTwitterUserInfo(ctx context.Context, code, verifier string) (*models
667661
nickname := userRawData["username"].(string)
668662
profilePicture := userRawData["profile_image_url"].(string)
669663

670-
user = &models.User{
664+
user := &models.User{
671665
GivenName: &firstName,
672666
FamilyName: &lastName,
673667
Picture: &profilePicture,
@@ -679,11 +673,10 @@ func processTwitterUserInfo(ctx context.Context, code, verifier string) (*models
679673

680674
// process microsoft user information
681675
func processMicrosoftUserInfo(ctx context.Context, code string) (*models.User, error) {
682-
var user *models.User
683676
oauth2Token, err := oauth.OAuthProviders.MicrosoftConfig.Exchange(ctx, code)
684677
if err != nil {
685678
log.Debug("Failed to exchange code for token: ", err)
686-
return user, fmt.Errorf("invalid microsoft exchange code: %s", err.Error())
679+
return nil, fmt.Errorf("invalid microsoft exchange code: %s", err.Error())
687680
}
688681
// we need to skip issuer check because for common tenant it will return internal issuer which does not match
689682
verifier := oauth.OIDCProviders.MicrosoftOIDC.Verifier(&oidc.Config{
@@ -694,18 +687,18 @@ func processMicrosoftUserInfo(ctx context.Context, code string) (*models.User, e
694687
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
695688
if !ok {
696689
log.Debug("Failed to extract ID Token from OAuth2 token")
697-
return user, fmt.Errorf("unable to extract id_token")
690+
return nil, fmt.Errorf("unable to extract id_token")
698691
}
699692
// Parse and verify ID Token payload.
700693
idToken, err := verifier.Verify(ctx, rawIDToken)
701694
if err != nil {
702695
log.Debug("Failed to verify ID Token: ", err)
703-
return user, fmt.Errorf("unable to verify id_token: %s", err.Error())
696+
return nil, fmt.Errorf("unable to verify id_token: %s", err.Error())
704697
}
705-
698+
user := &models.User{}
706699
if err := idToken.Claims(&user); err != nil {
707700
log.Debug("Failed to parse ID Token claims: ", err)
708-
return user, fmt.Errorf("unable to extract claims")
701+
return nil, fmt.Errorf("unable to extract claims")
709702
}
710703

711704
return user, nil

0 commit comments

Comments
 (0)