-
Notifications
You must be signed in to change notification settings - Fork 0
/
logout.go
126 lines (110 loc) · 3.41 KB
/
logout.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package provider
import (
"fmt"
"net/http"
"github.com/zitadel/logging"
"github.com/tzrd/saml/pkg/provider/checker"
"github.com/tzrd/saml/pkg/provider/serviceprovider"
"github.com/tzrd/saml/pkg/provider/xml"
"github.com/tzrd/saml/pkg/provider/xml/saml2p"
)
type LogoutRequestForm struct {
LogoutRequest string
Encoding string
RelayState string
}
func (p *IdentityProvider) logoutHandleFunc(w http.ResponseWriter, r *http.Request) {
checkerInstance := checker.Checker{}
var logoutRequestForm *LogoutRequestForm
var logoutRequest *saml2p.LogoutRequestType
var err error
var sp *serviceprovider.ServiceProvider
response := &LogoutResponse{
LogoutTemplate: p.logoutTemplate,
ErrorFunc: func(err error) {
http.Error(w, fmt.Errorf("failed to send response: %w", err).Error(), http.StatusInternalServerError)
},
Issuer: p.GetEntityID(r.Context()),
}
// parse from to get logout request
checkerInstance.WithLogicStep(
func() error {
logoutRequestForm, err = getLogoutRequestFromRequest(r)
if err != nil {
return err
}
response.RelayState = logoutRequestForm.RelayState
return nil
},
func() {
http.Error(w, fmt.Errorf("failed to parse form: %w", err).Error(), http.StatusInternalServerError)
},
)
//decode logout request to internal struct
checkerInstance.WithLogicStep(
func() error {
logoutRequest, err = xml.DecodeLogoutRequest(logoutRequestForm.Encoding, logoutRequestForm.LogoutRequest)
if err != nil {
return err
}
response.RelayState = logoutRequestForm.RelayState
response.RequestID = logoutRequest.Id
return nil
},
func() {
response.sendBackLogoutResponse(w, response.makeUnsupportedlLogoutResponse(fmt.Errorf("failed to decode request: %w", err).Error(), p.timeFormat))
},
)
//verify required data in request
checkerInstance.WithLogicStep(
checkIfRequestTimeIsStillValid(
func() string { return logoutRequest.IssueInstant },
func() string { return logoutRequest.NotOnOrAfter },
p.timeFormat,
),
func() {
response.sendBackLogoutResponse(w, response.makeDeniedLogoutResponse(fmt.Errorf("failed to validate request: %w", err).Error(), p.timeFormat))
},
)
// get persisted service provider from issuer out of the request
checkerInstance.WithLogicStep(
func() error {
sp, err = p.GetServiceProvider(r.Context(), logoutRequest.Issuer.Text)
return err
},
func() {
response.sendBackLogoutResponse(w, response.makeDeniedLogoutResponse(fmt.Errorf("failed to find registered serviceprovider: %w", err).Error(), p.timeFormat))
},
)
// get logoutURL from provided service provider metadata
checkerInstance.WithValueStep(
func() {
if sp.Metadata.SPSSODescriptor.SingleLogoutService != nil {
for _, url := range sp.Metadata.SPSSODescriptor.SingleLogoutService {
response.LogoutURL = url.Location
break
}
}
},
)
//check and log errors if necessary
if checkerInstance.CheckFailed() {
return
}
response.sendBackLogoutResponse(
w,
response.makeSuccessfulLogoutResponse(p.timeFormat),
)
logging.Info(fmt.Sprintf("logout request for user %s", logoutRequest.NameID.Text))
}
func getLogoutRequestFromRequest(r *http.Request) (*LogoutRequestForm, error) {
if err := r.ParseForm(); err != nil {
return nil, err
}
request := &LogoutRequestForm{
LogoutRequest: r.Form.Get("SAMLRequest"),
Encoding: r.Form.Get("SAMLEncoding"),
RelayState: r.Form.Get("RelayState"),
}
return request, nil
}