3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

azure: use OID for user id in session (#985)

Browse source
This commit is contained in:
Caleb Doxsey 2020-06-23 12:02:17 -06:00 committed by GitHub
parent 17ba595ced
commit 0d277cf662
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
authenticate/handlers.go
View file

@ -20,7 +20,6 @@ import (
"google.golang.org/protobuf/types/known/timestamppb" "google.golang.org/protobuf/types/known/timestamppb"
"github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/cryptutil"
"github.com/pomerium/pomerium/internal/grpc/databroker"
"github.com/pomerium/pomerium/internal/grpc/directory" "github.com/pomerium/pomerium/internal/grpc/directory"
"github.com/pomerium/pomerium/internal/grpc/session" "github.com/pomerium/pomerium/internal/grpc/session"
"github.com/pomerium/pomerium/internal/grpc/user" "github.com/pomerium/pomerium/internal/grpc/user"
@ -535,7 +534,7 @@ func (a *Authenticate) saveSessionToDataBroker(ctx context.Context, sessionState
s := &session.Session{ s := &session.Session{
Id: sessionState.ID, Id: sessionState.ID,
UserId: databroker.GetUserID(a.providerName, sessionState.Subject), UserId: sessionState.UserID(a.providerName),
ExpiresAt: sessionExpiry, ExpiresAt: sessionExpiry,
IdToken: &session.IDToken{ IdToken: &session.IDToken{
Issuer: sessionState.Issuer, Issuer: sessionState.Issuer,

2
go.sum
View file

@ -741,8 +741,6 @@ google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfG
google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20200612171551-7676ae05be11 h1:II66Di7x1uAfKBfe3OchemS7pUg9ahSr7qAP3bD0+Mo=
google.golang.org/genproto v0.0.0-20200612171551-7676ae05be11/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb h1:PUcq6RTy8Gp9xukBme8m2+2Z8pQCmJ7TbPpQd6xNDvk= google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb h1:PUcq6RTy8Gp9xukBme8m2+2Z8pQCmJ7TbPpQd6xNDvk=
google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=

13
internal/sessions/state.go
View file

@ -7,6 +7,8 @@ import (
"time" "time"
"gopkg.in/square/go-jose.v2/jwt" "gopkg.in/square/go-jose.v2/jwt"
"github.com/pomerium/pomerium/internal/grpc/databroker"
) )
// ErrMissingID is the error for a session state that has no ID set. // ErrMissingID is the error for a session state that has no ID set.
@ -27,6 +29,9 @@ type State struct {
ID string `json:"jti,omitempty"` ID string `json:"jti,omitempty"`
Version string `json:"ver,omitempty"` Version string `json:"ver,omitempty"`
// Azure returns OID which should be used instead of subject.
OID string `json:"oid,omitempty"`
// Impersonate-able fields // Impersonate-able fields
ImpersonateEmail string `json:"impersonate_email,omitempty"` ImpersonateEmail string `json:"impersonate_email,omitempty"`
ImpersonateGroups []string `json:"impersonate_groups,omitempty"` ImpersonateGroups []string `json:"impersonate_groups,omitempty"`
@ -57,6 +62,14 @@ func (s *State) Impersonating() bool {
return s.ImpersonateEmail != "" || len(s.ImpersonateGroups) != 0 return s.ImpersonateEmail != "" || len(s.ImpersonateGroups) != 0
} }
// UserID returns the corresponding user ID for a session.
func (s *State) UserID(provider string) string {
if s.OID != "" {
return databroker.GetUserID(provider, s.OID)
}
return databroker.GetUserID(provider, s.Subject)
}
// SetImpersonation sets impersonation user and groups. // SetImpersonation sets impersonation user and groups.
func (s *State) SetImpersonation(email, groups string) { func (s *State) SetImpersonation(email, groups string) {
s.ImpersonateEmail = email s.ImpersonateEmail = email