luzifer/nginx-sso
1
0
Fork 0
mirror of https://github.com/Luzifer/nginx-sso.git synced 2024-12-20 12:51:17 +00:00
Code Issues Releases Wiki Activity

Prepare moving auth plugins to own modules

Browse source 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2019-04-21 16:58:06 +02:00
parent 9b4ea27827
commit 841f6458cd
Signed by: luzifer
GPG key ID: DC2729FDD34BE99E
5 changed files with 34 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
auth_ldap.go
View file

@ -132,7 +132,7 @@ func (a authLDAP) DetectUser(res http.ResponseWriter, r *http.Request) (string,
} }
// We had a cookie, lets renew it // We had a cookie, lets renew it
sess.Options = mainCfg.GetSessionOpts() sess.Options = mainCfg.Cookie.GetSessionOpts()
if err := sess.Save(r, res); err != nil { if err := sess.Save(r, res); err != nil {
return "", nil, err return "", nil, err
} }
@ -164,7 +164,7 @@ func (a authLDAP) Login(res http.ResponseWriter, r *http.Request) (string, []plu
} }
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
sess.Options = mainCfg.GetSessionOpts() sess.Options = mainCfg.Cookie.GetSessionOpts()
sess.Values["user"] = userDN sess.Values["user"] = userDN
sess.Values["alias"] = alias sess.Values["alias"] = alias
return userDN, nil, sess.Save(r, res) return userDN, nil, sess.Save(r, res)
@ -194,7 +194,7 @@ func (a authLDAP) LoginFields() (fields []plugins.LoginField) {
// needs to destroy any persistent stored cookies // needs to destroy any persistent stored cookies
func (a authLDAP) Logout(res http.ResponseWriter, r *http.Request) (err error) { func (a authLDAP) Logout(res http.ResponseWriter, r *http.Request) (err error) {
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
sess.Options = mainCfg.GetSessionOpts() sess.Options = mainCfg.Cookie.GetSessionOpts()
sess.Options.MaxAge = -1 // Instant delete sess.Options.MaxAge = -1 // Instant delete
return sess.Save(r, res) return sess.Save(r, res)
} }

6
auth_simple.go
View file

@ -88,7 +88,7 @@ func (a authSimple) DetectUser(res http.ResponseWriter, r *http.Request) (string
} }
// We had a cookie, lets renew it // We had a cookie, lets renew it
sess.Options = mainCfg.GetSessionOpts() sess.Options = mainCfg.Cookie.GetSessionOpts()
if err := sess.Save(r, res); err != nil { if err := sess.Save(r, res); err != nil {
return "", nil, err return "", nil, err
} }
@ -123,7 +123,7 @@ func (a authSimple) Login(res http.ResponseWriter, r *http.Request) (string, []p
} }
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
sess.Options = mainCfg.GetSessionOpts() sess.Options = mainCfg.Cookie.GetSessionOpts()
sess.Values["user"] = u sess.Values["user"] = u
return u, a.MFA[u], sess.Save(r, res) return u, a.MFA[u], sess.Save(r, res)
} }
@ -155,7 +155,7 @@ func (a authSimple) LoginFields() (fields []plugins.LoginField) {
// needs to destroy any persistent stored cookies // needs to destroy any persistent stored cookies
func (a authSimple) Logout(res http.ResponseWriter, r *http.Request) (err error) { func (a authSimple) Logout(res http.ResponseWriter, r *http.Request) (err error) {
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
sess.Options = mainCfg.GetSessionOpts() sess.Options = mainCfg.Cookie.GetSessionOpts()
sess.Options.MaxAge = -1 // Instant delete sess.Options.MaxAge = -1 // Instant delete
return sess.Save(r, res) return sess.Save(r, res)
} }

6
auth_yubikey.go
View file

@ -69,7 +69,7 @@ func (a authYubikey) DetectUser(res http.ResponseWriter, r *http.Request) (strin
} }
// We had a cookie, lets renew it // We had a cookie, lets renew it
sess.Options = mainCfg.GetSessionOpts() sess.Options = mainCfg.Cookie.GetSessionOpts()
if err := sess.Save(r, res); err != nil { if err := sess.Save(r, res); err != nil {
return "", nil, err return "", nil, err
} }
@ -115,7 +115,7 @@ func (a authYubikey) Login(res http.ResponseWriter, r *http.Request) (string, []
} }
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
sess.Options = mainCfg.GetSessionOpts() sess.Options = mainCfg.Cookie.GetSessionOpts()
sess.Values["user"] = user sess.Values["user"] = user
return user, nil, sess.Save(r, res) return user, nil, sess.Save(r, res)
} }
@ -138,7 +138,7 @@ func (a authYubikey) LoginFields() (fields []plugins.LoginField) {
// needs to destroy any persistent stored cookies // needs to destroy any persistent stored cookies
func (a authYubikey) Logout(res http.ResponseWriter, r *http.Request) (err error) { func (a authYubikey) Logout(res http.ResponseWriter, r *http.Request) (err error) {
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
sess.Options = mainCfg.GetSessionOpts() sess.Options = mainCfg.Cookie.GetSessionOpts()
sess.Options.MaxAge = -1 // Instant delete sess.Options.MaxAge = -1 // Instant delete
return sess.Save(r, res) return sess.Save(r, res)
} }

24
main.go
View file

@ -22,16 +22,10 @@ import (
) )
type mainConfig struct { type mainConfig struct {
ACL acl `yaml:"acl"` ACL acl `yaml:"acl"`
AuditLog auditLogger `yaml:"audit_log"` AuditLog auditLogger `yaml:"audit_log"`
Cookie struct { Cookie plugins.CookieConfig `yaml:"cookie"`
Domain string `yaml:"domain"` Listen struct {
AuthKey string `yaml:"authentication_key"`
Expire int `yaml:"expire"`
Prefix string `yaml:"prefix"`
Secure bool `yaml:"secure"`
}
Listen struct {
Addr string `yaml:"addr"` Addr string `yaml:"addr"`
Port int `yaml:"port"` Port int `yaml:"port"`
} `yaml:"listen"` } `yaml:"listen"`
@ -47,16 +41,6 @@ type mainConfig struct {
} `yaml:"plugins"` } `yaml:"plugins"`
} }
func (m *mainConfig) GetSessionOpts() *sessions.Options {
return &sessions.Options{
Path: "/",
Domain: m.Cookie.Domain,
MaxAge: m.Cookie.Expire,
Secure: m.Cookie.Secure,
HttpOnly: true,
}
}
var ( var (
cfg = struct { cfg = struct {
ConfigFile string `flag:"config,c" default:"config.yaml" env:"CONFIG" description:"Location of the configuration file"` ConfigFile string `flag:"config,c" default:"config.yaml" env:"CONFIG" description:"Location of the configuration file"`

21
plugins/cookie.go Normal file
View file

@ -0,0 +1,21 @@
package plugins
import "github.com/gorilla/sessions"
type CookieConfig struct {
Domain string `yaml:"domain"`
AuthKey string `yaml:"authentication_key"`
Expire int `yaml:"expire"`
Prefix string `yaml:"prefix"`
Secure bool `yaml:"secure"`
}
func (c CookieConfig) GetSessionOpts() *sessions.Options {
return &sessions.Options{
Path: "/",
Domain: c.Domain,
MaxAge: c.Expire,
Secure: c.Secure,
HttpOnly: true,
}
}