3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-03 03:12:50 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: fix expiring user info endpoint (#2976)

Browse source 
* authenticate: fix expiring user info endpoint

* add test
This commit is contained in:
Caleb Doxsey 2022-01-27 16:10:47 -07:00 committed by GitHub
parent fbdbe9c86f
commit 2f328e7de0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 122 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

57
authenticate/url.go Normal file
View file

@ -0,0 +1,57 @@
package authenticate
import (
"net/http"
"net/url"
"github.com/pomerium/pomerium/internal/urlutil"
"github.com/pomerium/pomerium/pkg/webauthnutil"
)
func (a *Authenticate) getRedirectURI(r *http.Request) (string, bool) {
if v := r.FormValue(urlutil.QueryRedirectURI); v != "" {
return v, true
}
if c, err := r.Cookie(urlutil.QueryRedirectURI); err == nil {
return c.Value, true
}
return "", false
}
func (a *Authenticate) getSignOutURL(r *http.Request) (*url.URL, error) {
uri, err := a.options.Load().GetAuthenticateURL()
if err != nil {
return nil, err
}
uri = uri.ResolveReference(&url.URL{
Path: "/.pomerium/sign_out",
})
if redirectURI, ok := a.getRedirectURI(r); ok {
uri.RawQuery = (&url.Values{
urlutil.QueryRedirectURI: {redirectURI},
}).Encode()
}
return urlutil.NewSignedURL(a.state.Load().sharedKey, uri).Sign(), nil
}
func (a *Authenticate) getWebAuthnURL(values url.Values) (*url.URL, error) {
uri, err := a.options.Load().GetAuthenticateURL()
if err != nil {
return nil, err
}
uri = uri.ResolveReference(&url.URL{
Path: "/.pomerium/webauthn",
RawQuery: buildURLValues(values, url.Values{
urlutil.QueryDeviceType: {webauthnutil.DefaultDeviceType},
urlutil.QueryEnrollmentToken: nil,
urlutil.QueryRedirectURI: {uri.ResolveReference(&url.URL{
Path: "/.pomerium/device-enrolled",
}).String()},
}).Encode(),
})
return urlutil.NewSignedURL(a.state.Load().sharedKey, uri).Sign(), nil
}