Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: URI path for initiate-bind. #496

Merged
merged 2 commits into from
Oct 23, 2018
Merged

Fix: URI path for initiate-bind. #496

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
be6d847
Fix: URI path for initiate-bind.
fisx Oct 22, 2018
f0ec459
hi ci (also, some unnecessary linting).
fisx Oct 23, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 5 additions & 0 deletions deploy/services-demo/conf/nginz/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,6 +329,11 @@ http {
proxy_pass http://spar;
}

location /sso-initiate-bind {
include common_response_with_zauth.conf;
proxy_pass http://spar;
}

location /identity-providers {
include common_response_with_zauth.conf;
proxy_pass http://spar;
Expand Down
7 changes: 5 additions & 2 deletions services/spar/src/Spar/API.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,15 +67,18 @@ app ctx = SAML.setHttpCachePolicy
$ serve (Proxy @API) (hoistServer (Proxy @API) (SAML.nt @SparError @Spar ctx) (api $ sparCtxOpts ctx) :: Server API)

api :: Opts -> ServerT API Spar
api opts = apiSSO opts :<|> apiIDP :<|> apiINTERNAL
api opts
= apiSSO opts
:<|> authreq (maxttlAuthreqDiffTime opts) DoInitiateBind
:<|> apiIDP
:<|> apiINTERNAL

apiSSO :: Opts -> ServerT APISSO Spar
apiSSO opts
= pure (toSwagger (Proxy @OutsideWorldAPI))
:<|> SAML.meta appName sparSPIssuer sparResponseURI
:<|> authreqPrecheck
:<|> authreq (maxttlAuthreqDiffTime opts) DoInitiateLogin
:<|> authreq (maxttlAuthreqDiffTime opts) DoInitiateBind
:<|> authresp

apiIDP :: ServerT APIIDP Spar
Expand Down
8 changes: 4 additions & 4 deletions services/spar/src/Spar/API/Types.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ import "swagger2" Data.Swagger hiding (Header(..))

type API
= "sso" :> APISSO
:<|> "sso-initiate-bind" :> APIAuthReq -- (see comment on 'APIAuthReq')
:<|> "identity-providers" :> APIIDP
:<|> "i" :> APIINTERNAL
-- NB. If you add endpoints here, also update Test.Spar.APISpec
Expand All @@ -50,7 +51,6 @@ type APISSO
:<|> APIMeta
:<|> "initiate-login" :> APIAuthReqPrecheck
:<|> "initiate-login" :> APIAuthReq
:<|> "initiate-bind" :> APIAuthReq -- (see comment on 'APIAuthReq')
:<|> APIAuthResp

type CheckOK = Verb 'HEAD 200
Expand Down Expand Up @@ -79,9 +79,9 @@ type APIAuthReq
data DoInitiate = DoInitiateLogin | DoInitiateBind
deriving (Eq, Show, Bounded, Enum)

doInitiatePath :: DoInitiate -> ST
doInitiatePath DoInitiateLogin = "initiate-login"
doInitiatePath DoInitiateBind = "initiate-bind"
doInitiatePath :: DoInitiate -> [ST]
doInitiatePath DoInitiateLogin = ["sso", "initiate-login"]
doInitiatePath DoInitiateBind = ["sso-initiate-bind"]

type WithBindCookie = Headers '[Servant.Header "Set-Cookie" BindCookie]

Expand Down
8 changes: 4 additions & 4 deletions services/spar/test-integration/Test/Spar/APISpec.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ specBindingUsers = describe "binding existing users to sso identities" $ do
env <- ask
let idp = idPIdToST $ env ^. teIdP . idpId
void . call $ head ( (env ^. teSpar)
. path (cs $ "/sso/initiate-bind/" -/ idp)
. path (cs $ "/sso-initiate-bind/" -/ idp)
. header "Z-User" (toByteString' $ env ^. teUserId)
. expect2xx
)
Expand All @@ -223,7 +223,7 @@ specBindingUsers = describe "binding existing users to sso identities" $ do
let idp = idPIdToST $ env ^. teIdP . idpId
void . call $ head ( (env ^. teSpar)
. header "Z-User" (toByteString' uid)
. path (cs $ "/sso/initiate-bind/" -/ idp)
. path (cs $ "/sso-initiate-bind/" -/ idp)
. expect2xx
)

Expand All @@ -242,12 +242,12 @@ specBindingUsers = describe "binding existing users to sso identities" $ do
uid <- createUser
get ( (env ^. teSpar)
. header "Z-User" (toByteString' uid)
. path (cs $ "/sso/initiate-bind/" -/ idp)
. path (cs $ "/sso-initiate-bind/" -/ idp)
. expect2xx
)
`shouldRespondWith` (\resp -> checkRespBody resp && hasSetBindCookieHeader resp)

describe "GET /sso/initiate-bind/:idp" $ do
describe "GET /sso-initiate-bind/:idp" $ do
context "known IdP, running session with non-sso user" $ do
it "responds with 200 and a bind cookie" $ do
checkInitiateLogin (fmap fst . call . createRandomPhoneUser =<< asks (^. teBrig))
Expand Down
2 changes: 1 addition & 1 deletion services/spar/test-integration/Util.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -478,7 +478,7 @@ negotiateAuthnRequest' (doInitiatePath -> doInit) midp modreq = do
<- call $ get
( modreq
. (env ^. teSpar)
. paths ["sso", cs doInit, cs . idPIdToST $ idp ^. SAML.idpId]
. paths (cs <$> (doInit <> [idPIdToST $ idp ^. SAML.idpId]))
. expect2xx
)
(_, authnreq) <- either error pure . parseAuthnReqResp $ cs <$> responseBody resp
Expand Down