package main import ( "fmt" "net/http" "sync" log "github.com/sirupsen/logrus" "github.com/Luzifer/nginx-sso/plugins" ) var ( authenticatorRegistry = []plugins.Authenticator{} authenticatorRegistryMutex sync.RWMutex activeAuthenticators = []plugins.Authenticator{} ) func registerAuthenticator(a plugins.Authenticator) { authenticatorRegistryMutex.Lock() defer authenticatorRegistryMutex.Unlock() authenticatorRegistry = append(authenticatorRegistry, a) } func initializeAuthenticators(yamlSource []byte) error { authenticatorRegistryMutex.Lock() defer authenticatorRegistryMutex.Unlock() tmp := []plugins.Authenticator{} for _, a := range authenticatorRegistry { err := a.Configure(yamlSource) switch err { case nil: tmp = append(tmp, a) log.WithFields(log.Fields{"authenticator": a.AuthenticatorID()}).Debug("Activated authenticator") case plugins.ErrProviderUnconfigured: log.WithFields(log.Fields{"authenticator": a.AuthenticatorID()}).Debug("Authenticator unconfigured") // This is okay. default: return fmt.Errorf("Authenticator configuration caused an error: %s", err) } } if len(tmp) == 0 { return fmt.Errorf("No authenticator configurations supplied") } activeAuthenticators = tmp return nil } func detectUser(res http.ResponseWriter, r *http.Request) (string, []string, error) { authenticatorRegistryMutex.RLock() defer authenticatorRegistryMutex.RUnlock() for _, a := range activeAuthenticators { user, groups, err := a.DetectUser(res, r) switch err { case nil: return user, groups, err case plugins.ErrNoValidUserFound: // This is okay. default: return "", nil, err } } return "", nil, plugins.ErrNoValidUserFound } func loginUser(res http.ResponseWriter, r *http.Request) (string, []plugins.MFAConfig, error) { authenticatorRegistryMutex.RLock() defer authenticatorRegistryMutex.RUnlock() for _, a := range activeAuthenticators { user, mfaCfgs, err := a.Login(res, r) switch err { case nil: return user, mfaCfgs, nil case plugins.ErrNoValidUserFound: // This is okay. default: return "", nil, err } } return "", nil, plugins.ErrNoValidUserFound } func logoutUser(res http.ResponseWriter, r *http.Request) error { authenticatorRegistryMutex.RLock() defer authenticatorRegistryMutex.RUnlock() for _, a := range activeAuthenticators { if err := a.Logout(res, r); err != nil { return err } } return nil } func getFrontendAuthenticators() map[string][]plugins.LoginField { authenticatorRegistryMutex.RLock() defer authenticatorRegistryMutex.RUnlock() output := map[string][]plugins.LoginField{} for _, a := range activeAuthenticators { if len(a.LoginFields()) == 0 { continue } output[a.AuthenticatorID()] = a.LoginFields() if a.SupportsMFA() && !mainCfg.Login.HideMFAField { output[a.AuthenticatorID()] = append(output[a.AuthenticatorID()], mfaLoginField) } } return output }