-
-
Notifications
You must be signed in to change notification settings - Fork 51
/
handle_external_login.go
129 lines (119 loc) · 4.13 KB
/
handle_external_login.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
// Copyright 2022 Paul Greenberg greenpau@outlook.com
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package authn
import (
"context"
"github.com/greenpau/go-authcrunch/pkg/authn/enums/operator"
"github.com/greenpau/go-authcrunch/pkg/requests"
"go.uber.org/zap"
"net/http"
"strings"
)
func (p *Portal) handleHTTPExternalLogin(ctx context.Context, w http.ResponseWriter, r *http.Request, rr *requests.Request, authMethod string) error {
p.disableClientCache(w)
p.injectRedirectURL(ctx, w, r, rr)
if strings.Contains(r.URL.Path, "-js-callback") {
// Intercept callback with Javascript.
return p.handleJavascriptCallbackIntercept(ctx, w, r)
}
authRealm, err := getEndpoint(r.URL.Path, "/"+authMethod+"/")
if err != nil {
return p.handleHTTPError(ctx, w, r, rr, http.StatusBadRequest)
}
authRealm = strings.Split(authRealm, "/")[0]
rr.Upstream.Method = authMethod
rr.Upstream.Realm = authRealm
rr.Flags.Enabled = true
p.logger.Debug(
"External login requested",
zap.String("session_id", rr.Upstream.SessionID),
zap.String("request_id", rr.ID),
zap.String("base_url", rr.Upstream.BaseURL),
zap.String("base_path", rr.Upstream.BasePath),
zap.String("auth_method", rr.Upstream.Method),
zap.String("auth_realm", rr.Upstream.Realm),
zap.Any("request_path", r.URL.Path),
)
backend := p.getBackendByRealm(authRealm)
if backend == nil {
p.logger.Warn(
"Authentication failed",
zap.String("session_id", rr.Upstream.SessionID),
zap.String("request_id", rr.ID),
zap.String("error", "backend not found"),
)
return p.handleHTTPError(ctx, w, r, rr, http.StatusBadRequest)
}
err = backend.Request(operator.Authenticate, rr)
if err != nil {
p.logger.Warn(
"Authentication failed",
zap.String("session_id", rr.Upstream.SessionID),
zap.String("request_id", rr.ID),
zap.Error(err),
)
return p.handleHTTPError(ctx, w, r, rr, http.StatusUnauthorized)
}
switch rr.Response.Code {
case http.StatusBadRequest:
return p.handleHTTPError(ctx, w, r, rr, http.StatusBadRequest)
case http.StatusOK:
p.logger.Info(
"Successful login",
zap.String("session_id", rr.Upstream.SessionID),
zap.String("request_id", rr.ID),
zap.String("auth_method", rr.Upstream.Method),
zap.String("auth_realm", rr.Upstream.Realm),
zap.Any("user", rr.Response.Payload),
)
case http.StatusFound:
p.logger.Debug(
"Redirect to authorization server",
zap.String("session_id", rr.Upstream.SessionID),
zap.String("request_id", rr.ID),
zap.Any("url", rr.Response.RedirectURL),
)
http.Redirect(w, r, rr.Response.RedirectURL, http.StatusFound)
return nil
default:
return p.handleHTTPError(ctx, w, r, rr, http.StatusNotImplemented)
}
// User authenticated successfully.
if err := p.authorizeLoginRequest(ctx, w, r, rr); err != nil {
return p.handleHTTPErrorWithLog(ctx, w, r, rr, rr.Response.Code, err.Error())
}
w.WriteHeader(rr.Response.Code)
return nil
}
func (p *Portal) handleJavascriptCallbackIntercept(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
p.disableClientCache(w)
w.WriteHeader(200)
w.Write([]byte(`<html>
<body>
<p>Redirecting to authentication endpoint.</p>
<script>
let redirectURL = window.location.href;
const i = redirectURL.indexOf("#");
if (i < 0) {
redirectURL = redirectURL.replace('authorization-code-js-callback', 'authorization-code-callback');
window.location = redirectURL;
} else {
ridirectURI = redirectURL.slice(0, i).replace('authorization-code-js-callback', 'authorization-code-callback');
window.location = redirectURI + "?" + redirectURL.slice(i+1);
}
</script>
</body>
</html>`))
return nil
}