mirror of
https://github.com/Luzifer/nginx-sso.git
synced 2024-12-20 12:51:17 +00:00
Prepare moving auth plugins to own modules
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
9b4ea27827
commit
841f6458cd
5 changed files with 34 additions and 29 deletions
|
@ -132,7 +132,7 @@ func (a authLDAP) DetectUser(res http.ResponseWriter, r *http.Request) (string,
|
|||
}
|
||||
|
||||
// We had a cookie, lets renew it
|
||||
sess.Options = mainCfg.GetSessionOpts()
|
||||
sess.Options = mainCfg.Cookie.GetSessionOpts()
|
||||
if err := sess.Save(r, res); err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
@ -164,7 +164,7 @@ func (a authLDAP) Login(res http.ResponseWriter, r *http.Request) (string, []plu
|
|||
}
|
||||
|
||||
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
|
||||
sess.Options = mainCfg.GetSessionOpts()
|
||||
sess.Options = mainCfg.Cookie.GetSessionOpts()
|
||||
sess.Values["user"] = userDN
|
||||
sess.Values["alias"] = alias
|
||||
return userDN, nil, sess.Save(r, res)
|
||||
|
@ -194,7 +194,7 @@ func (a authLDAP) LoginFields() (fields []plugins.LoginField) {
|
|||
// needs to destroy any persistent stored cookies
|
||||
func (a authLDAP) Logout(res http.ResponseWriter, r *http.Request) (err error) {
|
||||
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
|
||||
sess.Options = mainCfg.GetSessionOpts()
|
||||
sess.Options = mainCfg.Cookie.GetSessionOpts()
|
||||
sess.Options.MaxAge = -1 // Instant delete
|
||||
return sess.Save(r, res)
|
||||
}
|
||||
|
|
|
@ -88,7 +88,7 @@ func (a authSimple) DetectUser(res http.ResponseWriter, r *http.Request) (string
|
|||
}
|
||||
|
||||
// We had a cookie, lets renew it
|
||||
sess.Options = mainCfg.GetSessionOpts()
|
||||
sess.Options = mainCfg.Cookie.GetSessionOpts()
|
||||
if err := sess.Save(r, res); err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
@ -123,7 +123,7 @@ func (a authSimple) Login(res http.ResponseWriter, r *http.Request) (string, []p
|
|||
}
|
||||
|
||||
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
|
||||
sess.Options = mainCfg.GetSessionOpts()
|
||||
sess.Options = mainCfg.Cookie.GetSessionOpts()
|
||||
sess.Values["user"] = u
|
||||
return u, a.MFA[u], sess.Save(r, res)
|
||||
}
|
||||
|
@ -155,7 +155,7 @@ func (a authSimple) LoginFields() (fields []plugins.LoginField) {
|
|||
// needs to destroy any persistent stored cookies
|
||||
func (a authSimple) Logout(res http.ResponseWriter, r *http.Request) (err error) {
|
||||
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
|
||||
sess.Options = mainCfg.GetSessionOpts()
|
||||
sess.Options = mainCfg.Cookie.GetSessionOpts()
|
||||
sess.Options.MaxAge = -1 // Instant delete
|
||||
return sess.Save(r, res)
|
||||
}
|
||||
|
|
|
@ -69,7 +69,7 @@ func (a authYubikey) DetectUser(res http.ResponseWriter, r *http.Request) (strin
|
|||
}
|
||||
|
||||
// We had a cookie, lets renew it
|
||||
sess.Options = mainCfg.GetSessionOpts()
|
||||
sess.Options = mainCfg.Cookie.GetSessionOpts()
|
||||
if err := sess.Save(r, res); err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
@ -115,7 +115,7 @@ func (a authYubikey) Login(res http.ResponseWriter, r *http.Request) (string, []
|
|||
}
|
||||
|
||||
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
|
||||
sess.Options = mainCfg.GetSessionOpts()
|
||||
sess.Options = mainCfg.Cookie.GetSessionOpts()
|
||||
sess.Values["user"] = user
|
||||
return user, nil, sess.Save(r, res)
|
||||
}
|
||||
|
@ -138,7 +138,7 @@ func (a authYubikey) LoginFields() (fields []plugins.LoginField) {
|
|||
// needs to destroy any persistent stored cookies
|
||||
func (a authYubikey) Logout(res http.ResponseWriter, r *http.Request) (err error) {
|
||||
sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
|
||||
sess.Options = mainCfg.GetSessionOpts()
|
||||
sess.Options = mainCfg.Cookie.GetSessionOpts()
|
||||
sess.Options.MaxAge = -1 // Instant delete
|
||||
return sess.Save(r, res)
|
||||
}
|
||||
|
|
18
main.go
18
main.go
|
@ -24,13 +24,7 @@ import (
|
|||
type mainConfig struct {
|
||||
ACL acl `yaml:"acl"`
|
||||
AuditLog auditLogger `yaml:"audit_log"`
|
||||
Cookie struct {
|
||||
Domain string `yaml:"domain"`
|
||||
AuthKey string `yaml:"authentication_key"`
|
||||
Expire int `yaml:"expire"`
|
||||
Prefix string `yaml:"prefix"`
|
||||
Secure bool `yaml:"secure"`
|
||||
}
|
||||
Cookie plugins.CookieConfig `yaml:"cookie"`
|
||||
Listen struct {
|
||||
Addr string `yaml:"addr"`
|
||||
Port int `yaml:"port"`
|
||||
|
@ -47,16 +41,6 @@ type mainConfig struct {
|
|||
} `yaml:"plugins"`
|
||||
}
|
||||
|
||||
func (m *mainConfig) GetSessionOpts() *sessions.Options {
|
||||
return &sessions.Options{
|
||||
Path: "/",
|
||||
Domain: m.Cookie.Domain,
|
||||
MaxAge: m.Cookie.Expire,
|
||||
Secure: m.Cookie.Secure,
|
||||
HttpOnly: true,
|
||||
}
|
||||
}
|
||||
|
||||
var (
|
||||
cfg = struct {
|
||||
ConfigFile string `flag:"config,c" default:"config.yaml" env:"CONFIG" description:"Location of the configuration file"`
|
||||
|
|
21
plugins/cookie.go
Normal file
21
plugins/cookie.go
Normal file
|
@ -0,0 +1,21 @@
|
|||
package plugins
|
||||
|
||||
import "github.com/gorilla/sessions"
|
||||
|
||||
type CookieConfig struct {
|
||||
Domain string `yaml:"domain"`
|
||||
AuthKey string `yaml:"authentication_key"`
|
||||
Expire int `yaml:"expire"`
|
||||
Prefix string `yaml:"prefix"`
|
||||
Secure bool `yaml:"secure"`
|
||||
}
|
||||
|
||||
func (c CookieConfig) GetSessionOpts() *sessions.Options {
|
||||
return &sessions.Options{
|
||||
Path: "/",
|
||||
Domain: c.Domain,
|
||||
MaxAge: c.Expire,
|
||||
Secure: c.Secure,
|
||||
HttpOnly: true,
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue