mirror of
https://github.com/bolkedebruin/rdpgw.git
synced 2025-08-30 04:02:55 +02:00
Merge branch 'multiple_oidc'
This commit is contained in:
Bolke de Bruin
commit
acd98367db
2 changed files with 68 additions and 2 deletions
|
|
@ -15,7 +15,6 @@ import (
|
||||||
const (
|
const (
|
||||||
CacheExpiration = time.Minute * 2
|
CacheExpiration = time.Minute * 2
|
||||||
CleanupInterval = time.Minute * 5
|
CleanupInterval = time.Minute * 5
|
||||||
oidcKeyUserName = "preferred_username"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type OIDC struct {
|
type OIDC struct {
|
||||||
|
|
@ -81,7 +80,13 @@ func (h *OIDC) HandleCallback(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
id := identity.FromRequestCtx(r)
|
id := identity.FromRequestCtx(r)
|
||||||
id.SetUserName(data[oidcKeyUserName].(string))
|
|
||||||
|
userName := findUsernameInClaims(data)
|
||||||
|
if userName == "" {
|
||||||
|
http.Error(w, "no oidc claim for username found", http.StatusInternalServerError)
|
||||||
|
}
|
||||||
|
|
||||||
|
id.SetUserName(userName)
|
||||||
id.SetAuthenticated(true)
|
id.SetAuthenticated(true)
|
||||||
id.SetAuthTime(time.Now())
|
id.SetAuthTime(time.Now())
|
||||||
id.SetAttribute(identity.AttrAccessToken, oauth2Token.AccessToken)
|
id.SetAttribute(identity.AttrAccessToken, oauth2Token.AccessToken)
|
||||||
|
|
@ -93,6 +98,18 @@ func (h *OIDC) HandleCallback(w http.ResponseWriter, r *http.Request) {
|
||||||
http.Redirect(w, r, url, http.StatusFound)
|
http.Redirect(w, r, url, http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func findUsernameInClaims(data map[string]interface{}) string {
|
||||||
|
candidates := []string{"preferred_username", "unique_name", "upn"}
|
||||||
|
for _, claim := range candidates {
|
||||||
|
userName, found := data[claim].(string)
|
||||||
|
if found {
|
||||||
|
return userName
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
func (h *OIDC) Authenticated(next http.Handler) http.Handler {
|
func (h *OIDC) Authenticated(next http.Handler) http.Handler {
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
id := identity.FromRequestCtx(r)
|
id := identity.FromRequestCtx(r)
|
||||||
|
|
|
||||||
49
cmd/rdpgw/web/oidc_test.go
Normal file
49
cmd/rdpgw/web/oidc_test.go
Normal file
|
|
@ -0,0 +1,49 @@
|
||||||
|
package web
|
||||||
|
|
||||||
|
import "testing"
|
||||||
|
|
||||||
|
func TestFindUserNameInClaims(t *testing.T) {
|
||||||
|
cases := []struct {
|
||||||
|
data map[string]interface{}
|
||||||
|
ret string
|
||||||
|
name string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
data: map[string]interface{}{
|
||||||
|
"preferred_username": "exists",
|
||||||
|
},
|
||||||
|
ret: "exists",
|
||||||
|
name: "preferred_username",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
data: map[string]interface{}{
|
||||||
|
"upn": "exists",
|
||||||
|
},
|
||||||
|
ret: "exists",
|
||||||
|
name: "upn",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
data: map[string]interface{}{
|
||||||
|
"unique_name": "exists",
|
||||||
|
},
|
||||||
|
ret: "exists",
|
||||||
|
name: "unique_name",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
data: map[string]interface{}{
|
||||||
|
"fail": "exists",
|
||||||
|
},
|
||||||
|
ret: "",
|
||||||
|
name: "fail",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tc := range cases {
|
||||||
|
t.Run(tc.name, func(t *testing.T) {
|
||||||
|
s := findUsernameInClaims(tc.data)
|
||||||
|
if s != tc.ret {
|
||||||
|
t.Fatalf("expected return: %v, got: %v", tc.ret, s)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue