Skip to content

Commit

Permalink
temp
Browse files Browse the repository at this point in the history
  • Loading branch information
@gavinfish
gavinfish committed Oct 11, 2019
1 parent 4d3995e commit 90d34b5
Showing 1 changed file with 29 additions and 16 deletions.
45 changes: 29 additions & 16 deletions src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,8 +187,8 @@ public HttpResponse doCommenceLogin(StaplerRequest request, @Header("Referer") f
}

public HttpResponse doFinishLogin(StaplerRequest request) throws InvalidJwtException, MalformedClaimException {
final Long beginTime = (Long) request.getSession().getAttribute(TIMESTAMP_ATTRIBUTE);
try {
final Long beginTime = (Long) request.getSession().getAttribute(TIMESTAMP_ATTRIBUTE);
final String expectedNonce = (String) request.getSession().getAttribute(NONCE_ATTRIBUTE);
if (beginTime != null) {
long endTime = System.currentTimeMillis();
Expand All @@ -202,20 +202,21 @@ public HttpResponse doFinishLogin(StaplerRequest request) throws InvalidJwtExcep
}
// validate the nonce to avoid CSRF
final AzureAdUser userDetails = validateAndParseIdToken(expectedNonce, idToken);
final AzureAuthenticationToken auth = new AzureAuthenticationToken(userDetails);

// Enforce updating current identity
SecurityContextHolder.getContext().setAuthentication(auth);
User u = User.current();
if (u != null) {
String description = generateDescription(auth);
u.setDescription(description);
u.setFullName(auth.getAzureAdUser().getName());
}
SecurityListener.fireAuthenticated(userDetails);

refreshAuthentication(userDetails);

AzureAdPlugin.sendLoginEvent(
AppInsightsUtils.hash(userDetails.getObjectID()),
AppInsightsUtils.hash(this.getTenant()));

Runnable runnable = () -> {
final Collection<ActiveDirectoryGroup> groups = AzureCachePool.get(getAzureClient())
.getBelongingGroupsByOid(userDetails.getObjectID());
userDetails.setAuthorities(groups);
refreshAuthentication(userDetails);
};

new Thread(runnable).start();
} catch (Exception ex) {
AzureAdPlugin.sendLoginFailEvent(this.getTenant(), ex.getMessage());
throw ex;
Expand All @@ -227,24 +228,36 @@ public HttpResponse doFinishLogin(StaplerRequest request) throws InvalidJwtExcep

// redirect to referer
String referer = (String) request.getSession().getAttribute(REFERER_ATTRIBUTE);

if (referer != null) {
return HttpResponses.redirectTo(referer);
} else {
return HttpResponses.redirectToContextRoot();
}
}

void refreshAuthentication(AzureAdUser userDetails) {
final AzureAuthenticationToken auth = new AzureAuthenticationToken(userDetails);

// Enforce updating current identity
SecurityContextHolder.getContext().setAuthentication(auth);
User u = User.current();
if (u != null) {
String description = generateDescription(auth);
u.setDescription(description);
u.setFullName(auth.getAzureAdUser().getName());
}
SecurityListener.fireAuthenticated(userDetails);
}

AzureAdUser validateAndParseIdToken(String expectedNonce, String idToken)
throws InvalidJwtException, MalformedClaimException {
throws InvalidJwtException, MalformedClaimException {
JwtClaims claims = getJwtConsumer().processToClaims(idToken);
final String responseNonce = (String) claims.getClaimValue("nonce");
if (StringUtils.isAnyEmpty(expectedNonce, responseNonce) || !expectedNonce.equals(responseNonce)) {
throw new IllegalStateException("Invalid nonce in the response");
}
final AzureAdUser userDetails = AzureAdUser.createFromJwt(claims);
final Collection<ActiveDirectoryGroup> groups = AzureCachePool.get(getAzureClient())
.getBelongingGroupsByOid(userDetails.getObjectID());
userDetails.setAuthorities(groups);
return userDetails;
}

Expand Down

0 comments on commit 90d34b5

Please sign in to comment.