91 lines
2.3 KiB
Go
91 lines
2.3 KiB
Go
package external
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/cortezaproject/corteza-server/auth/saml"
|
|
"github.com/cortezaproject/corteza-server/system/types"
|
|
"github.com/crewjam/saml/samlsp"
|
|
"github.com/markbates/goth/gothic"
|
|
)
|
|
|
|
type (
|
|
ExternalAuthHandler interface {
|
|
BeginUserAuth(http.ResponseWriter, *http.Request)
|
|
CompleteUserAuth(http.ResponseWriter, *http.Request) (u *types.ExternalAuthUser, err error)
|
|
}
|
|
|
|
externalSamlAuthHandler struct {
|
|
service *saml.SamlSPService
|
|
}
|
|
|
|
externalDefaultAuthHandler struct{}
|
|
)
|
|
|
|
func (eh *externalDefaultAuthHandler) BeginUserAuth(w http.ResponseWriter, r *http.Request) {
|
|
gothic.BeginAuthHandler(w, r)
|
|
}
|
|
|
|
func (eh *externalDefaultAuthHandler) CompleteUserAuth(w http.ResponseWriter, r *http.Request) (u *types.ExternalAuthUser, err error) {
|
|
gu, err := gothic.CompleteUserAuth(w, r)
|
|
u = &types.ExternalAuthUser{gu}
|
|
|
|
return
|
|
}
|
|
|
|
func (eh *externalSamlAuthHandler) BeginUserAuth(w http.ResponseWriter, r *http.Request) {
|
|
_, err := eh.service.Handler().Session.GetSession(r)
|
|
|
|
if err == samlsp.ErrNoSession {
|
|
eh.service.Handler().HandleStartAuthFlow(w, r)
|
|
}
|
|
}
|
|
|
|
func (eh *externalSamlAuthHandler) CompleteUserAuth(w http.ResponseWriter, r *http.Request) (u *types.ExternalAuthUser, err error) {
|
|
var (
|
|
session samlsp.Session
|
|
)
|
|
|
|
if session, err = eh.service.Handler().Session.GetSession(r); err != nil {
|
|
return
|
|
}
|
|
|
|
if session != nil {
|
|
sess := session.(samlsp.JWTSessionClaims)
|
|
|
|
if sess.StandardClaims.Valid() != nil {
|
|
return nil, sess.StandardClaims.Valid()
|
|
}
|
|
|
|
u = &types.ExternalAuthUser{}
|
|
u.Provider = "saml"
|
|
|
|
// get identifier for use with Corteza (email)
|
|
u.Email = eh.service.GuessIdentifier(sess.Attributes)
|
|
|
|
// try to get email from jwt claims
|
|
if u.Email == "" {
|
|
u.Email = sess.StandardClaims.Subject
|
|
u.Name = sess.StandardClaims.Subject
|
|
u.NickName = sess.StandardClaims.Subject
|
|
} else {
|
|
u.Name = sess.Attributes.Get(eh.service.IDPUserMeta.Name)
|
|
u.NickName = sess.Attributes.Get(eh.service.IDPUserMeta.Handle)
|
|
}
|
|
|
|
u.UserID = sess.Attributes.Get("SessionIndex")
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
func NewSamlExternalHandler(s *saml.SamlSPService) *externalSamlAuthHandler {
|
|
return &externalSamlAuthHandler{
|
|
service: s,
|
|
}
|
|
}
|
|
|
|
func NewDefaultExternalHandler() *externalDefaultAuthHandler {
|
|
return &externalDefaultAuthHandler{}
|
|
}
|