Add SKIP_PROVIDER_BUTTON env

2025-05-30 01:17:21 +02:00 · 2019-01-15 20:20:00 -08:00 · 2019-01-15 20:20:00 -08:00 · 356aa33970
commit 356aa33970
parent 44527662fd
2 changed files with 42 additions and 18 deletions
--- a/authenticate/authenticate.go
+++ b/authenticate/authenticate.go
@ -53,6 +53,7 @@ type Options struct {
 	Provider           string   `envconfig:"IDP_PROVIDER"`      //Provider name e.g. "oidc","okta","google",etc
 	ProviderURL        string   `envconfig:"IDP_PROVIDER_URL"`
 	Scopes             []string `envconfig:"IDP_SCOPE" default:"openid,email,profile"`
+	SkipProviderButton bool     `envconfig:"SKIP_PROVIDER_BUTTON"`
 }

 // OptionsFromEnvConfig builds the authentication service's configuration
@ -122,6 +123,8 @@ type Authenticate struct {
 	sessionStore sessions.SessionStore
 	cipher       cryptutil.Cipher

+	skipProviderButton bool
+
 	provider providers.Provider
 }

@ -169,6 +172,7 @@ func New(opts *Options, optionFuncs ...func(*Authenticate) error) (*Authenticate
 		csrfStore:          cookieStore,
 		sessionStore:       cookieStore,
 		cipher:             cipher,
+		skipProviderButton: opts.SkipProviderButton,
 	}
 	// p.ServeMux = p.Handler()
 	p.provider, err = newProvider(opts)
--- a/authenticate/handlers.go
+++ b/authenticate/handlers.go
@ -191,11 +191,19 @@ func (p *Authenticate) SignIn(rw http.ResponseWriter, req *http.Request) {
 		p.ProxyOAuthRedirect(rw, req, session)
 	case http.ErrNoCookie:
 		log.Error().Err(err).Msg("authenticate.SignIn : err no cookie")
+		if p.skipProviderButton {
+			p.skipButtonOAuthStart(rw, req)
+		} else {
 			p.SignInPage(rw, req)
+		}
 	case sessions.ErrLifetimeExpired, sessions.ErrInvalidSession:
 		log.Error().Err(err).Msg("authenticate.SignIn : invalid cookie cookie")
 		p.sessionStore.ClearSession(rw, req)
+		if p.skipProviderButton {
+			p.skipButtonOAuthStart(rw, req)
+		} else {
 			p.SignInPage(rw, req)
+		}
 	default:
 		log.Error().Err(err).Msg("authenticate.SignIn : unknown error cookie")
 		httputil.ErrorResponse(rw, req, err.Error(), httputil.CodeForError(err))
@ -338,12 +346,24 @@ func (p *Authenticate) SignOutPage(rw http.ResponseWriter, req *http.Request, me
 // OAuthStart starts the authentication process by redirecting to the provider. It provides a
 // `redirectURI`, allowing the provider to redirect back to the sso proxy after authentication.
 func (p *Authenticate) OAuthStart(rw http.ResponseWriter, req *http.Request) {
+	authRedirectURL, err := url.Parse(req.URL.Query().Get("redirect_uri"))
+	if err == nil {
+		httputil.ErrorResponse(rw, req, "Invalid redirect parameter", http.StatusBadRequest)
+		return
+	}
+	p.helperOAuthStart(rw, req, authRedirectURL)
+}
+
+func (p *Authenticate) skipButtonOAuthStart(rw http.ResponseWriter, req *http.Request) {
+	p.helperOAuthStart(rw, req, p.RedirectURL.ResolveReference(req.URL))
+}
+
+func (p *Authenticate) helperOAuthStart(rw http.ResponseWriter, req *http.Request, authRedirectURL *url.URL) {

 	nonce := fmt.Sprintf("%x", cryptutil.GenerateKey())
 	p.csrfStore.SetCSRF(rw, req, nonce)

-	authRedirectURL, err := url.Parse(req.URL.Query().Get("redirect_uri"))
-	if err != nil || !validRedirectURI(authRedirectURL.String(), p.ProxyRootDomains) {
+	if !validRedirectURI(authRedirectURL.String(), p.ProxyRootDomains) {
 		httputil.ErrorResponse(rw, req, "Invalid redirect parameter", http.StatusBadRequest)
 		return
 	}