3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticateflow: move logAuthenticateEvent (#4821)

Browse source 
Move the Stateless.logAuthenticateEvent() method into the main
stateless.go file.

(This was in events.go temporarily so that Git would track the file
history as a rename from authenticate/events.go.)
This commit is contained in:
Kenneth Jenkins 2023-12-06 17:14:20 -08:00 committed by GitHub
parent b7896b3153
commit 9db828ffd4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

49
internal/authenticateflow/events.go
View file

@ -2,14 +2,6 @@ package authenticateflow
import ( import (
"context" "context"
"net/http"
"net/url"
"github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/internal/log"
"github.com/pomerium/pomerium/internal/urlutil"
identitypb "github.com/pomerium/pomerium/pkg/grpc/identity"
"github.com/pomerium/pomerium/pkg/hpke"
) )
// AuthEventKind is the type of an authentication event // AuthEventKind is the type of an authentication event
@ -44,44 +36,3 @@ type AuthEvent struct {
// AuthEventFn is a function that handles an authentication event // AuthEventFn is a function that handles an authentication event
type AuthEventFn func(context.Context, AuthEvent) type AuthEventFn func(context.Context, AuthEvent)
// TODO: move into stateless.go; this is here for now just so that Git will
// track the file history as a rename from authenticate/events.go.
func (s *Stateless) logAuthenticateEvent(r *http.Request, profile *identitypb.Profile) {
if s.authEventFn == nil {
return
}
ctx := r.Context()
pub, params, err := hpke.DecryptURLValues(s.hpkePrivateKey, r.Form)
if err != nil {
log.Warn(ctx).Err(err).Msg("log authenticate event: failed to decrypt request params")
}
evt := AuthEvent{
IP: httputil.GetClientIP(r),
Version: params.Get(urlutil.QueryVersion),
RequestUUID: params.Get(urlutil.QueryRequestUUID),
PubKey: pub.String(),
}
if uid := getUserClaim(profile, "sub"); uid != nil {
evt.UID = uid
}
if email := getUserClaim(profile, "email"); email != nil {
evt.Email = email
}
if evt.UID != nil {
evt.Event = AuthEventSignInComplete
} else {
evt.Event = AuthEventSignInRequest
}
if redirectURL, err := url.Parse(params.Get(urlutil.QueryRedirectURI)); err == nil {
domain := redirectURL.Hostname()
evt.Domain = &domain
}
s.authEventFn(ctx, evt)
}

39
internal/authenticateflow/stateless.go
View file

@ -284,6 +284,45 @@ func (s *Stateless) LogAuthenticateEvent(r *http.Request) {
s.logAuthenticateEvent(r, nil) s.logAuthenticateEvent(r, nil)
} }
func (s *Stateless) logAuthenticateEvent(r *http.Request, profile *identitypb.Profile) {
if s.authEventFn == nil {
return
}
ctx := r.Context()
pub, params, err := hpke.DecryptURLValues(s.hpkePrivateKey, r.Form)
if err != nil {
log.Warn(ctx).Err(err).Msg("log authenticate event: failed to decrypt request params")
}
evt := AuthEvent{
IP: httputil.GetClientIP(r),
Version: params.Get(urlutil.QueryVersion),
RequestUUID: params.Get(urlutil.QueryRequestUUID),
PubKey: pub.String(),
}
if uid := getUserClaim(profile, "sub"); uid != nil {
evt.UID = uid
}
if email := getUserClaim(profile, "email"); email != nil {
evt.Email = email
}
if evt.UID != nil {
evt.Event = AuthEventSignInComplete
} else {
evt.Event = AuthEventSignInRequest
}
if redirectURL, err := url.Parse(params.Get(urlutil.QueryRedirectURI)); err == nil {
domain := redirectURL.Hostname()
evt.Domain = &domain
}
s.authEventFn(ctx, evt)
}
func getUserClaim(profile *identitypb.Profile, field string) *string { func getUserClaim(profile *identitypb.Profile, field string) *string {
if profile == nil { if profile == nil {
return nil return nil