3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 08:50:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

sessions: add impersonate_session_id, remove legacy impersonation (#2407)

Browse source 
* sessions: add impersonate_session_id, remove legacy impersonation

* show impersonated user details

* fix headers

* address feedback

* only check impersonate id on non-nil pbSession

* Revert "only check impersonate id on non-nil pbSession"

This reverts commit a6f7ca5abd.
This commit is contained in:
Caleb Doxsey 2021-07-30 08:42:36 -06:00 committed by GitHub
parent 2b6813dc95
commit 1a95036b8c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 116 additions and 216 deletions
Download patch file Download diff file Expand all files Collapse all files

9
authenticate/handlers.go
View file

@ -451,12 +451,18 @@ func (a *Authenticate) userInfo(w http.ResponseWriter, r *http.Request) error {
s.ID = uuid.New().String()
}
isImpersonated := false
pbSession, err := session.Get(ctx, state.dataBrokerClient, s.ID)
if pbSession.GetImpersonateSessionId() != "" {
pbSession, err = session.Get(ctx, state.dataBrokerClient, pbSession.GetImpersonateSessionId())
isImpersonated = true
}
if err != nil {
pbSession = &session.Session{
Id: s.ID,
}
}
pbUser, err := user.Get(ctx, state.dataBrokerClient, pbSession.GetUserId())
if err != nil {
pbUser = &user.User{
@ -488,8 +494,9 @@ func (a *Authenticate) userInfo(w http.ResponseWriter, r *http.Request) error {
}
input := map[string]interface{}{
"IsImpersonated": isImpersonated,
"State": s, // local session state (cookie, header, etc)
"Session": pbSession, // current access, refresh, id token, & impersonation state
"Session": pbSession, // current access, refresh, id token
"User": pbUser, // user details inferred from oidc id_token
"DirectoryUser": pbDirectoryUser, // user details inferred from idp directory
"DirectoryGroups": groups, // user's groups inferred from idp directory