djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extract private helper in auth_handler.go

This commit is contained in:
Ryan Richard 2021-08-16 15:17:30 -07:00
parent 52cb0bbc07
commit 91c8a3ebed
1 changed files with 28 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
internal/oidc/auth/auth_handler.go
View File

@ -109,22 +109,11 @@ func handleAuthRequestForLDAPUpstream(
return nil return nil
} }
openIDSession := downstreamsession.MakeDownstreamSession( subject := downstreamSubjectFromUpstreamLDAP(ldapUpstream, authenticateResponse)
downstreamSubjectFromUpstreamLDAP(ldapUpstream, authenticateResponse), username = authenticateResponse.User.GetName()
authenticateResponse.User.GetName(), groups := authenticateResponse.User.GetGroups()
authenticateResponse.User.GetGroups(),
)
authorizeResponder, err := oauthHelper.NewAuthorizeResponse(r.Context(), authorizeRequester, openIDSession) return makeDownstreamSessionAndReturnAuthcodeRedirect(r, w, oauthHelper, authorizeRequester, subject, username, groups)
if err != nil {
plog.Info("authorize response error", oidc.FositeErrorForLog(err)...)
oauthHelper.WriteAuthorizeError(w, authorizeRequester, err)
return nil
}
oauthHelper.WriteAuthorizeResponse(w, authorizeRequester, authorizeResponder)
return nil
} }
func handleAuthRequestForOIDCUpstreamPasswordGrant( func handleAuthRequestForOIDCUpstreamPasswordGrant(
@ -179,18 +168,7 @@ func handleAuthRequestForOIDCUpstreamPasswordGrant(
return err return err
} }
openIDSession := downstreamsession.MakeDownstreamSession(subject, username, groups) return makeDownstreamSessionAndReturnAuthcodeRedirect(r, w, oauthHelper, authorizeRequester, subject, username, groups)
authorizeResponder, err := oauthHelper.NewAuthorizeResponse(r.Context(), authorizeRequester, openIDSession)
if err != nil {
plog.Info("authorize response error", oidc.FositeErrorForLog(err)...)
oauthHelper.WriteAuthorizeError(w, authorizeRequester, err)
return nil
}
oauthHelper.WriteAuthorizeResponse(w, authorizeRequester, authorizeResponder)
return nil
} }
func handleAuthRequestForOIDCUpstreamAuthcodeGrant( func handleAuthRequestForOIDCUpstreamAuthcodeGrant(
@ -289,6 +267,29 @@ func handleAuthRequestForOIDCUpstreamAuthcodeGrant(
return nil return nil
} }
func makeDownstreamSessionAndReturnAuthcodeRedirect(
r *http.Request,
w http.ResponseWriter,
oauthHelper fosite.OAuth2Provider,
authorizeRequester fosite.AuthorizeRequester,
subject string,
username string,
groups []string,
) error {
openIDSession := downstreamsession.MakeDownstreamSession(subject, username, groups)
authorizeResponder, err := oauthHelper.NewAuthorizeResponse(r.Context(), authorizeRequester, openIDSession)
if err != nil {
plog.Info("authorize response error", oidc.FositeErrorForLog(err)...)
oauthHelper.WriteAuthorizeError(w, authorizeRequester, err)
return nil
}
oauthHelper.WriteAuthorizeResponse(w, authorizeRequester, authorizeResponder)
return nil
}
func requireNonEmptyUsernameAndPasswordHeaders(r *http.Request, w http.ResponseWriter, oauthHelper fosite.OAuth2Provider, authorizeRequester fosite.AuthorizeRequester) (string, string, bool) { func requireNonEmptyUsernameAndPasswordHeaders(r *http.Request, w http.ResponseWriter, oauthHelper fosite.OAuth2Provider, authorizeRequester fosite.AuthorizeRequester) (string, string, bool) {
username := r.Header.Get(CustomUsernameHeaderName) username := r.Header.Get(CustomUsernameHeaderName)
password := r.Header.Get(CustomPasswordHeaderName) password := r.Header.Get(CustomPasswordHeaderName)