This repository has been archived by the owner on Aug 3, 2023. It is now read-only.
forked from SUSE/stratos
/
auth.go
101 lines (87 loc) · 2.95 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package main
import (
"errors"
"fmt"
"net/http"
log "github.com/sirupsen/logrus"
"github.com/labstack/echo/v4"
"github.com/epinio/ui-backend/src/jetstream/repository/interfaces"
)
// LoginHookFunc - function that can be hooked into a successful user login
type LoginHookFunc func(c echo.Context) error
//LogoutResponse is sent upon user logout.
//It contains a flag to indicate whether or not the user was signed in with SSO
type LogoutResponse struct {
IsSSO bool `json:"isSSO"`
}
//InitStratosAuthService is used to instantiate an Auth service when setting up the portalProxy
func (p *portalProxy) InitStratosAuthService(t interfaces.AuthEndpointType) error {
var auth interfaces.StratosAuth
switch t {
case interfaces.Local:
auth = &localAuth{
databaseConnectionPool: p.DatabaseConnectionPool,
localUserScope: p.Config.ConsoleConfig.LocalUserScope,
p: p,
}
case interfaces.Epinio:
auth = &epinioAuth{
databaseConnectionPool: p.DatabaseConnectionPool,
p: p,
}
case interfaces.Remote:
auth = &uaaAuth{
databaseConnectionPool: p.DatabaseConnectionPool,
p: p,
}
case interfaces.AuthNone:
auth = &noAuth{
databaseConnectionPool: p.DatabaseConnectionPool,
p: p,
}
default:
err := fmt.Errorf("Invalid auth endpoint type: %v", t)
return err
}
p.StratosAuthService = auth
return nil
}
//GetAuthService gets the auth service from portalProxy via the Auth interface
func (p *portalProxy) GetStratosAuthService() interfaces.StratosAuth {
return p.StratosAuthService
}
//login is used for both endpoint and direct UAA login
func (p *portalProxy) login(c echo.Context, skipSSLValidation bool, client string, clientSecret string, endpoint string) (uaaRes *interfaces.UAAResponse, u *interfaces.JWTUserTokenInfo, err error) {
log.Debug("login")
if c.Request().Method == http.MethodGet {
code := c.QueryParam("code")
state := c.QueryParam("state")
// If this is login for a CNSI, then the redirect URL is slightly different
cnsiGUID := c.QueryParam("guid")
uaaRes, err = p.getUAATokenWithAuthorizationCode(skipSSLValidation, code, client, clientSecret, endpoint, state, cnsiGUID)
} else {
params := new(interfaces.LoginToCNSIParams)
bindErr := interfaces.BindOnce(params, c)
if bindErr != nil {
return nil, nil, bindErr
}
if len(params.Username) == 0 || len(params.Password) == 0 {
return uaaRes, u, errors.New("Needs username and password")
}
uaaRes, err = p.getUAATokenWithCreds(skipSSLValidation, params.Username, params.Password, client, clientSecret, endpoint)
}
if err != nil {
return uaaRes, u, err
}
u, err = p.GetUserTokenInfo(uaaRes.AccessToken)
if err != nil {
return uaaRes, u, err
}
return uaaRes, u, nil
}
func (p *portalProxy) consoleLogin(c echo.Context) error {
return p.StratosAuthService.Login(c)
}
func (p *portalProxy) consoleLogout(c echo.Context) error {
return p.StratosAuthService.Logout(c)
}