3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-02 02:42:57 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: add device-enrolled page (#2892)

Browse source 
* authenticate: add device-enrolled page

* remove device credential id from page
This commit is contained in:
Caleb Doxsey 2022-01-06 10:01:12 -07:00 committed by GitHub
parent 6ed3fa20bc
commit 9330f6b0ac
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 61 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
authenticate/authenticate.go
View file

@ -137,7 +137,7 @@ func (a *Authenticate) getWebAuthnURL(values url.Values) (*url.URL, error) {
urlutil.QueryDeviceType: {webauthnutil.DefaultDeviceType}, urlutil.QueryDeviceType: {webauthnutil.DefaultDeviceType},
urlutil.QueryEnrollmentToken: nil, urlutil.QueryEnrollmentToken: nil,
urlutil.QueryRedirectURI: {uri.ResolveReference(&url.URL{ urlutil.QueryRedirectURI: {uri.ResolveReference(&url.URL{
Path: "/.pomerium/", Path: "/.pomerium/device-enrolled",
}).String()}, }).String()},
}).Encode(), }).Encode(),
}) })

2
authenticate/handlers.go
View file

@ -18,6 +18,7 @@ import (
"golang.org/x/oauth2" "golang.org/x/oauth2"
"google.golang.org/protobuf/types/known/timestamppb" "google.golang.org/protobuf/types/known/timestamppb"
"github.com/pomerium/pomerium/authenticate/handlers"
"github.com/pomerium/pomerium/authenticate/handlers/webauthn" "github.com/pomerium/pomerium/authenticate/handlers/webauthn"
"github.com/pomerium/pomerium/internal/httputil" "github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/internal/identity" "github.com/pomerium/pomerium/internal/identity"
@ -98,6 +99,7 @@ func (a *Authenticate) mountDashboard(r *mux.Router) {
sr.Path("/sign_in").Handler(a.requireValidSignature(a.SignIn)) sr.Path("/sign_in").Handler(a.requireValidSignature(a.SignIn))
sr.Path("/sign_out").Handler(a.requireValidSignature(a.SignOut)) sr.Path("/sign_out").Handler(a.requireValidSignature(a.SignOut))
sr.Path("/webauthn").Handler(webauthn.New(a.getWebauthnState)) sr.Path("/webauthn").Handler(webauthn.New(a.getWebauthnState))
sr.Path("/device-enrolled").Handler(handlers.DeviceEnrolled())
} }
func (a *Authenticate) mountWellKnown(r *mux.Router) { func (a *Authenticate) mountWellKnown(r *mux.Router) {

18
authenticate/handlers/device-enrolled.go Normal file
View file

@ -0,0 +1,18 @@
package handlers
import (
"html/template"
"net/http"
"github.com/pomerium/pomerium/internal/frontend"
"github.com/pomerium/pomerium/internal/httputil"
)
// DeviceEnrolled displays an HTML page informing the user that they've successfully enrolled a device.
func DeviceEnrolled() http.Handler {
tpl := template.Must(frontend.NewTemplates())
type TemplateData struct{}
return httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
return tpl.ExecuteTemplate(w, "device-enrolled.html", TemplateData{})
})
}

2
authenticate/handlers/handlers.go Normal file
View file

@ -0,0 +1,2 @@
// Package handlers contains various web handlers for the authenticate service.
package handlers

3
authenticate/handlers/webauthn/webauthn.go
View file

@ -302,6 +302,7 @@ func (h *Handler) handleRegister(w http.ResponseWriter, r *http.Request, state *
Id: webauthnutil.GetDeviceCredentialID(serverCredential.ID), Id: webauthnutil.GetDeviceCredentialID(serverCredential.ID),
}, },
}) })
return h.saveSessionAndRedirect(w, r, state, redirectURIParam) return h.saveSessionAndRedirect(w, r, state, redirectURIParam)
} }
@ -432,7 +433,7 @@ func (h *Handler) saveSessionAndRedirect(w http.ResponseWriter, r *http.Request,
encodedJWT := base64.URLEncoding.EncodeToString(encryptedJWT) encodedJWT := base64.URLEncoding.EncodeToString(encryptedJWT)
// redirect to the proxy callback URL with the session // redirect to the proxy callback URL with the session
callbackURL, err := urlutil.GetCallbackURL(r, encodedJWT) callbackURL, err := urlutil.GetCallbackURLForRedirectURI(r, encodedJWT, rawRedirectURI)
if err != nil { if err != nil {
return err return err
} }

30
internal/frontend/assets/html/device-enrolled.go.html Normal file
View file

@ -0,0 +1,30 @@
{{define "device-enrolled.html"}}<!DOCTYPE html>
<html lang="en" charset="utf-8">
<head>
<title>Device Successfully Enrolled</title>
{{template "header.html"}}
</head>
<body>
<div class="inner">
<div class="header clearfix">
<div class="heading"></div>
</div>
<div class="content">
<div class="white box">
<div class="largestatus">
<div class="title-wrapper">
<span class="title">Device Successfully Enrolled</span>
<label class="status-time">
<span>
Device was successfully enrolled.
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
{{end}}

7
internal/urlutil/proxy.go
View file

@ -11,7 +11,12 @@ var ErrMissingRedirectURI = errors.New("missing " + QueryRedirectURI)
// GetCallbackURL gets the proxy's callback URL from a request and a base64url encoded + encrypted session state JWT. // GetCallbackURL gets the proxy's callback URL from a request and a base64url encoded + encrypted session state JWT.
func GetCallbackURL(r *http.Request, encodedSessionJWT string) (*url.URL, error) { func GetCallbackURL(r *http.Request, encodedSessionJWT string) (*url.URL, error) {
rawRedirectURI := r.FormValue(QueryRedirectURI) return GetCallbackURLForRedirectURI(r, encodedSessionJWT, r.FormValue(QueryRedirectURI))
}
// GetCallbackURLForRedirectURI gets the proxy's callback URL from a request and a base64url encoded + encrypted session
// state JWT.
func GetCallbackURLForRedirectURI(r *http.Request, encodedSessionJWT, rawRedirectURI string) (*url.URL, error) {
if rawRedirectURI == "" { if rawRedirectURI == "" {
return nil, ErrMissingRedirectURI return nil, ErrMissingRedirectURI
} }