mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-30 02:46:30 +02:00
66 lines
1.4 KiB
Go
66 lines
1.4 KiB
Go
package criteria
|
|
|
|
import (
|
|
"github.com/open-policy-agent/opa/ast"
|
|
|
|
"github.com/pomerium/pomerium/pkg/policy/generator"
|
|
"github.com/pomerium/pomerium/pkg/policy/parser"
|
|
"github.com/pomerium/pomerium/pkg/policy/rules"
|
|
)
|
|
|
|
var emailBody = ast.Body{
|
|
ast.MustParseExpr(`
|
|
session := get_session(input.session.id)
|
|
`),
|
|
ast.MustParseExpr(`
|
|
user := get_user(session)
|
|
`),
|
|
ast.MustParseExpr(`
|
|
directory_user := get_directory_user(session)
|
|
`),
|
|
ast.MustParseExpr(`
|
|
email := get_user_email(session, user, directory_user)
|
|
`),
|
|
}
|
|
|
|
type emailCriterion struct {
|
|
g *Generator
|
|
}
|
|
|
|
func (emailCriterion) DataType() generator.CriterionDataType {
|
|
return CriterionDataTypeStringMatcher
|
|
}
|
|
|
|
func (emailCriterion) Name() string {
|
|
return "email"
|
|
}
|
|
|
|
func (c emailCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {
|
|
var body ast.Body
|
|
body = append(body, emailBody...)
|
|
|
|
err := matchString(&body, ast.VarTerm("email"), data)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
rule := NewCriterionSessionRule(c.g, c.Name(),
|
|
ReasonEmailOK, ReasonEmailUnauthorized,
|
|
body)
|
|
|
|
return rule, []*ast.Rule{
|
|
rules.GetSession(),
|
|
rules.GetUser(),
|
|
rules.GetUserEmail(),
|
|
rules.GetDirectoryUser(),
|
|
}, nil
|
|
}
|
|
|
|
// Email returns a Criterion on a user's email address.
|
|
func Email(generator *Generator) Criterion {
|
|
return emailCriterion{g: generator}
|
|
}
|
|
|
|
func init() {
|
|
Register(Email)
|
|
}
|