3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-24 22:47:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticateflow: move stateless flow logic (#4820)

Browse source 
Consolidate all logic specific to the stateless authenticate flow into a
a new Stateless type in a new package internal/authenticateflow. This is
in preparation for adding a new Stateful type implementing the older
stateful authenticate flow (from Pomerium v0.20 and previous).

This change is intended as a pure refactoring of existing logic, with no
changes in functionality.
This commit is contained in:
Kenneth Jenkins 2023-12-06 16:55:57 -08:00 committed by GitHub
parent 3b2bdd059a
commit b7896b3153
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 823 additions and 461 deletions
Download patch file Download diff file Expand all files Collapse all files

21
authenticate/middleware.go
View file

@ -4,7 +4,6 @@ import (
"net/http"
"github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/internal/middleware"
"github.com/pomerium/pomerium/internal/urlutil"
)
@ -13,7 +12,7 @@ import (
func (a *Authenticate) requireValidSignatureOnRedirect(next httputil.HandlerFunc) http.Handler {
return httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
if r.FormValue(urlutil.QueryRedirectURI) != "" || r.FormValue(urlutil.QueryHmacSignature) != "" {
err := middleware.ValidateRequestURL(a.getExternalRequest(r), a.state.Load().sharedKey)
err := a.state.Load().flow.VerifyAuthenticateSignature(r)
if err != nil {
return httputil.NewError(http.StatusBadRequest, err)
}
@ -25,26 +24,10 @@ func (a *Authenticate) requireValidSignatureOnRedirect(next httputil.HandlerFunc
// requireValidSignature validates the pomerium_signature.
func (a *Authenticate) requireValidSignature(next httputil.HandlerFunc) http.Handler {
return httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
err := middleware.ValidateRequestURL(a.getExternalRequest(r), a.state.Load().sharedKey)
err := a.state.Load().flow.VerifyAuthenticateSignature(r)
if err != nil {
return err
}
return next(w, r)
})
}
func (a *Authenticate) getExternalRequest(r *http.Request) *http.Request {
options := a.options.Load()
externalURL, err := options.GetAuthenticateURL()
if err != nil {
return r
}
internalURL, err := options.GetInternalAuthenticateURL()
if err != nil {
return r
}
return urlutil.GetExternalRequest(internalURL, externalURL, r)
}