-
Notifications
You must be signed in to change notification settings - Fork 20
/
impl.go
69 lines (63 loc) · 1.67 KB
/
impl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package okta
import (
"bytes"
"encoding/json"
"fmt"
"github.com/Symantec/Dominator/lib/log"
"net/http"
)
const (
authPath = "/api/v1/authn"
authEndpointFormat = "https://%s.okta.com" + authPath
)
type loginDataType struct {
Password string `json:"password,omitempty"`
Username string `json:"username,omitempty"`
}
type responseType struct {
Status string `json:"status,omitempty"`
}
func newPublicAuthenticator(oktaDomain string, logger log.Logger) (
*PasswordAuthenticator, error) {
return &PasswordAuthenticator{
authnURL: fmt.Sprintf(authEndpointFormat, oktaDomain),
logger: logger,
}, nil
}
func (pa *PasswordAuthenticator) passwordAuthenticate(username string,
password []byte) (bool, error) {
loginData := loginDataType{Password: string(password), Username: username}
body := &bytes.Buffer{}
encoder := json.NewEncoder(body)
encoder.SetIndent("", " ") // Make life easier for debugging.
if err := encoder.Encode(loginData); err != nil {
return false, err
}
req, err := http.NewRequest("POST", pa.authnURL, body)
if err != nil {
return false, err
}
req.Header.Add("Accept", "application/json")
req.Header.Add("Content-Type", "application/json")
resp, err := http.DefaultClient.Do(req)
if err != nil {
return false, err
}
if resp.StatusCode == http.StatusUnauthorized {
return false, nil
}
if resp.StatusCode != http.StatusOK {
return false, fmt.Errorf("bad status: %s", resp.Status)
}
decoder := json.NewDecoder(resp.Body)
var response responseType
if err := decoder.Decode(&response); err != nil {
return false, err
}
switch response.Status {
case "SUCCESS", "MFA_REQUIRED":
return true, nil
default:
return false, nil
}
}