Add more logging + support for PROVISION_SETTINGS_AUTH_EXTERNAL_*
This commit is contained in:
Denis Arh
@@ -135,3 +135,51 @@ func oidcAutoDiscovery(ctx context.Context, cmd *cobra.Command, c *cli.Config) (
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func authAddExternals(ctx context.Context, cmd *cobra.Command, c *cli.Config) (err error) {
|
||||
var (
|
||||
kinds = []string{
|
||||
"github",
|
||||
"facebook",
|
||||
"gplus",
|
||||
"linkedin",
|
||||
"oidc",
|
||||
}
|
||||
|
||||
env, p, name string
|
||||
|
||||
pp []string
|
||||
|
||||
eap service.AuthSettingsExternalAuthProvider
|
||||
)
|
||||
|
||||
for _, kind := range kinds {
|
||||
env = "PROVISION_SETTINGS_AUTH_EXTERNAL_" + strings.ToUpper(kind)
|
||||
|
||||
p = strings.TrimSpace(options.EnvString("", env, ""))
|
||||
if len(p) == 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
eap = service.AuthSettingsExternalAuthProvider{Enabled: true}
|
||||
|
||||
if kind == "oidc" {
|
||||
pp = strings.SplitN(p, " ", 4)
|
||||
|
||||
// Spread name, issuer-url, key and secret from provision string for OIDC provider
|
||||
name, eap.IssuerUrl, eap.Key, eap.Secret = pp[0], pp[1], pp[2], pp[3]
|
||||
|
||||
name = external.OIDC_PROVIDER_PREFIX + name
|
||||
} else {
|
||||
pp = strings.SplitN(p, " ", 2)
|
||||
|
||||
// Spread key and secret from provision string
|
||||
eap.Key, eap.Secret = pp[0], pp[1]
|
||||
name = kind
|
||||
}
|
||||
|
||||
_ = external.AddProvider(name, &eap, false)
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
45
system/internal/auth/external/register.go
vendored
45
system/internal/auth/external/register.go
vendored
@@ -2,16 +2,52 @@ package external
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"github.com/crusttech/go-oidc"
|
||||
"go.uber.org/zap"
|
||||
|
||||
"github.com/cortezaproject/corteza-server/internal/settings"
|
||||
"github.com/cortezaproject/corteza-server/system/internal/service"
|
||||
)
|
||||
|
||||
func AddProvider(name string, eap *service.AuthSettingsExternalAuthProvider, force bool) error {
|
||||
var (
|
||||
as = service.DefaultAuthSettings
|
||||
log = log().With(
|
||||
zap.Bool("force", force),
|
||||
zap.String("name", name),
|
||||
zap.String("key", eap.Key),
|
||||
)
|
||||
)
|
||||
|
||||
if eap.IssuerUrl != "" {
|
||||
log = log.With(zap.String("issuer-url", eap.IssuerUrl))
|
||||
}
|
||||
|
||||
log.Info("adding external auth provider")
|
||||
|
||||
if !force {
|
||||
if e, exists := as.ExternalProviders[name]; exists && e.Key == eap.Key && e.Secret == eap.Secret {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
if vv, err := eap.MakeValueSet(name); err != nil {
|
||||
log.Error("could not prepare settings", zap.Error(err))
|
||||
return err
|
||||
} else if err = service.DefaultIntSettings.BulkSet(vv); err != nil {
|
||||
log.Error("could not store settings", zap.Error(err))
|
||||
return err
|
||||
}
|
||||
|
||||
log.Info("external provider added")
|
||||
return nil
|
||||
}
|
||||
|
||||
// @todo remove dependency on github.com/crusttech/go-oidc (and github.com/coreos/go-oidc)
|
||||
// and move client registration to corteza codebase
|
||||
func DiscoverOidcProvider(ctx context.Context, eas service.AuthSettings, name, url string) (eap *service.AuthSettingsExternalAuthProvider, err error) {
|
||||
@@ -19,6 +55,12 @@ func DiscoverOidcProvider(ctx context.Context, eas service.AuthSettings, name, u
|
||||
provider *oidc.Provider
|
||||
client *oidc.Client
|
||||
redirectUrl = fmt.Sprintf(eas.ExternalRedirectUrl, OIDC_PROVIDER_PREFIX+name)
|
||||
|
||||
log = log().With(
|
||||
zap.String("redirect-url", redirectUrl),
|
||||
zap.String("name", name),
|
||||
zap.String("url", url),
|
||||
)
|
||||
)
|
||||
|
||||
if provider, err = oidc.NewProvider(ctx, url); err != nil {
|
||||
@@ -32,6 +74,7 @@ func DiscoverOidcProvider(ctx context.Context, eas service.AuthSettings, name, u
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
log.Error("could not register oidc provider", zap.Error(err))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -42,6 +85,8 @@ func DiscoverOidcProvider(ctx context.Context, eas service.AuthSettings, name, u
|
||||
IssuerUrl: url,
|
||||
}
|
||||
|
||||
log.Info("oidc provider registered", zap.String("key", client.ID))
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -55,7 +55,14 @@ func Configure() *cli.Config {
|
||||
if c.ProvisionOpt.AutoSetup {
|
||||
cli.HandleError(accessControlSetup(ctx, cmd, c))
|
||||
cli.HandleError(makeDefaultApplications(ctx, cmd, c))
|
||||
|
||||
cli.HandleError(discoverSettings(ctx, cmd, c))
|
||||
|
||||
// Reload auto-configured settings
|
||||
// adding externals and oidc auto discovery depends on redirect-url setting
|
||||
service.DefaultAuthSettings, _ = service.DefaultSettings.LoadAuthSettings()
|
||||
|
||||
cli.HandleError(authAddExternals(ctx, cmd, c))
|
||||
cli.HandleError(oidcAutoDiscovery(ctx, cmd, c))
|
||||
|
||||
// Reload auto-configured settings
|
||||
|
||||
Reference in New Issue
Block a user