Prepare moving auth plugins to own modules

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-12-20 12:51:17 +00:00 · 2019-04-21 16:58:06 +02:00 · 2019-04-21 16:58:06 +02:00 · 841f6458cd
commit 841f6458cd
parent 9b4ea27827
5 changed files with 34 additions and 29 deletions
--- a/auth_ldap.go
+++ b/auth_ldap.go
@ -132,7 +132,7 @@ func (a authLDAP) DetectUser(res http.ResponseWriter, r *http.Request) (string,
 		}

 		// We had a cookie, lets renew it
-		sess.Options = mainCfg.GetSessionOpts()
+		sess.Options = mainCfg.Cookie.GetSessionOpts()
 		if err := sess.Save(r, res); err != nil {
 			return "", nil, err
 		}
@ -164,7 +164,7 @@ func (a authLDAP) Login(res http.ResponseWriter, r *http.Request) (string, []plu
 	}

 	sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
-	sess.Options = mainCfg.GetSessionOpts()
+	sess.Options = mainCfg.Cookie.GetSessionOpts()
 	sess.Values["user"] = userDN
 	sess.Values["alias"] = alias
 	return userDN, nil, sess.Save(r, res)
@ -194,7 +194,7 @@ func (a authLDAP) LoginFields() (fields []plugins.LoginField) {
 // needs to destroy any persistent stored cookies
 func (a authLDAP) Logout(res http.ResponseWriter, r *http.Request) (err error) {
 	sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
-	sess.Options = mainCfg.GetSessionOpts()
+	sess.Options = mainCfg.Cookie.GetSessionOpts()
 	sess.Options.MaxAge = -1 // Instant delete
 	return sess.Save(r, res)
 }
--- a/auth_simple.go
+++ b/auth_simple.go
@ -88,7 +88,7 @@ func (a authSimple) DetectUser(res http.ResponseWriter, r *http.Request) (string
 		}

 		// We had a cookie, lets renew it
-		sess.Options = mainCfg.GetSessionOpts()
+		sess.Options = mainCfg.Cookie.GetSessionOpts()
 		if err := sess.Save(r, res); err != nil {
 			return "", nil, err
 		}
@ -123,7 +123,7 @@ func (a authSimple) Login(res http.ResponseWriter, r *http.Request) (string, []p
 		}

 		sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
-		sess.Options = mainCfg.GetSessionOpts()
+		sess.Options = mainCfg.Cookie.GetSessionOpts()
 		sess.Values["user"] = u
 		return u, a.MFA[u], sess.Save(r, res)
 	}
@ -155,7 +155,7 @@ func (a authSimple) LoginFields() (fields []plugins.LoginField) {
 // needs to destroy any persistent stored cookies
 func (a authSimple) Logout(res http.ResponseWriter, r *http.Request) (err error) {
 	sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
-	sess.Options = mainCfg.GetSessionOpts()
+	sess.Options = mainCfg.Cookie.GetSessionOpts()
 	sess.Options.MaxAge = -1 // Instant delete
 	return sess.Save(r, res)
 }
--- a/auth_yubikey.go
+++ b/auth_yubikey.go
@ -69,7 +69,7 @@ func (a authYubikey) DetectUser(res http.ResponseWriter, r *http.Request) (strin
 	}

 	// We had a cookie, lets renew it
-	sess.Options = mainCfg.GetSessionOpts()
+	sess.Options = mainCfg.Cookie.GetSessionOpts()
 	if err := sess.Save(r, res); err != nil {
 		return "", nil, err
 	}
@ -115,7 +115,7 @@ func (a authYubikey) Login(res http.ResponseWriter, r *http.Request) (string, []
 	}

 	sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
-	sess.Options = mainCfg.GetSessionOpts()
+	sess.Options = mainCfg.Cookie.GetSessionOpts()
 	sess.Values["user"] = user
 	return user, nil, sess.Save(r, res)
 }
@ -138,7 +138,7 @@ func (a authYubikey) LoginFields() (fields []plugins.LoginField) {
 // needs to destroy any persistent stored cookies
 func (a authYubikey) Logout(res http.ResponseWriter, r *http.Request) (err error) {
 	sess, _ := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) // #nosec G104 - On error empty session is returned
-	sess.Options = mainCfg.GetSessionOpts()
+	sess.Options = mainCfg.Cookie.GetSessionOpts()
 	sess.Options.MaxAge = -1 // Instant delete
 	return sess.Save(r, res)
 }
--- a/main.go
+++ b/main.go
@ -22,16 +22,10 @@ import (
 )

 type mainConfig struct {
-	ACL      acl         `yaml:"acl"`
-	AuditLog auditLogger `yaml:"audit_log"`
-	Cookie   struct {
-		Domain  string `yaml:"domain"`
-		AuthKey string `yaml:"authentication_key"`
-		Expire  int    `yaml:"expire"`
-		Prefix  string `yaml:"prefix"`
-		Secure  bool   `yaml:"secure"`
-	}
-	Listen struct {
+	ACL      acl                  `yaml:"acl"`
+	AuditLog auditLogger          `yaml:"audit_log"`
+	Cookie   plugins.CookieConfig `yaml:"cookie"`
+	Listen   struct {
 		Addr string `yaml:"addr"`
 		Port int    `yaml:"port"`
 	} `yaml:"listen"`
@ -47,16 +41,6 @@ type mainConfig struct {
 	} `yaml:"plugins"`
 }

-func (m *mainConfig) GetSessionOpts() *sessions.Options {
-	return &sessions.Options{
-		Path:     "/",
-		Domain:   m.Cookie.Domain,
-		MaxAge:   m.Cookie.Expire,
-		Secure:   m.Cookie.Secure,
-		HttpOnly: true,
-	}
-}
-
 var (
 	cfg = struct {
 		ConfigFile     string `flag:"config,c" default:"config.yaml" env:"CONFIG" description:"Location of the configuration file"`
--- a/plugins/cookie.go
+++ b/plugins/cookie.go
@ -0,0 +1,21 @@
+package plugins
+
+import "github.com/gorilla/sessions"
+
+type CookieConfig struct {
+	Domain  string `yaml:"domain"`
+	AuthKey string `yaml:"authentication_key"`
+	Expire  int    `yaml:"expire"`
+	Prefix  string `yaml:"prefix"`
+	Secure  bool   `yaml:"secure"`
+}
+
+func (c CookieConfig) GetSessionOpts() *sessions.Options {
+	return &sessions.Options{
+		Path:     "/",
+		Domain:   c.Domain,
+		MaxAge:   c.Expire,
+		Secure:   c.Secure,
+		HttpOnly: true,
+	}
+}