mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-29 02:16:28 +02:00
57217af7dd
* urlutil: add time validation functions * authenticate: implement hpke-based login flow * fix import cycle * fix tests * log error * fix callback url * add idp param * fix test * fix test
79 lines
2.1 KiB
Go
79 lines
2.1 KiB
Go
package proxy
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"time"
|
|
|
|
"golang.org/x/oauth2"
|
|
"google.golang.org/protobuf/types/known/structpb"
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
|
|
|
"github.com/pomerium/pomerium/internal/identity"
|
|
"github.com/pomerium/pomerium/internal/identity/manager"
|
|
"github.com/pomerium/pomerium/internal/sessions"
|
|
identitypb "github.com/pomerium/pomerium/pkg/grpc/identity"
|
|
"github.com/pomerium/pomerium/pkg/grpc/session"
|
|
"github.com/pomerium/pomerium/pkg/grpc/user"
|
|
)
|
|
|
|
func newSessionStateFromProfile(p *identitypb.Profile) *sessions.State {
|
|
claims := p.GetClaims().AsMap()
|
|
|
|
ss := sessions.NewState(p.GetProviderId())
|
|
|
|
// set the subject
|
|
if v, ok := claims["sub"]; ok {
|
|
ss.Subject = fmt.Sprint(v)
|
|
} else if v, ok := claims["user"]; ok {
|
|
ss.Subject = fmt.Sprint(v)
|
|
}
|
|
|
|
// set the oid
|
|
if v, ok := claims["oid"]; ok {
|
|
ss.OID = fmt.Sprint(v)
|
|
}
|
|
|
|
return ss
|
|
}
|
|
|
|
func populateSessionFromProfile(s *session.Session, p *identitypb.Profile, ss *sessions.State, cookieExpire time.Duration) {
|
|
claims := p.GetClaims().AsMap()
|
|
oauthToken := new(oauth2.Token)
|
|
_ = json.Unmarshal(p.GetOauthToken(), oauthToken)
|
|
|
|
s.UserId = ss.UserID()
|
|
s.IssuedAt = timestamppb.Now()
|
|
s.AccessedAt = timestamppb.Now()
|
|
s.ExpiresAt = timestamppb.New(time.Now().Add(cookieExpire))
|
|
s.IdToken = &session.IDToken{
|
|
Issuer: ss.Issuer,
|
|
Subject: ss.Subject,
|
|
ExpiresAt: timestamppb.New(time.Now().Add(cookieExpire)),
|
|
IssuedAt: timestamppb.Now(),
|
|
Raw: string(p.GetIdToken()),
|
|
}
|
|
s.OauthToken = manager.ToOAuthToken(oauthToken)
|
|
if s.Claims == nil {
|
|
s.Claims = make(map[string]*structpb.ListValue)
|
|
}
|
|
for k, vs := range identity.Claims(claims).Flatten().ToPB() {
|
|
s.Claims[k] = vs
|
|
}
|
|
}
|
|
|
|
func populateUserFromProfile(u *user.User, p *identitypb.Profile, ss *sessions.State) {
|
|
claims := p.GetClaims().AsMap()
|
|
if v, ok := claims["name"]; ok {
|
|
u.Name = fmt.Sprint(v)
|
|
}
|
|
if v, ok := claims["email"]; ok {
|
|
u.Email = fmt.Sprint(v)
|
|
}
|
|
if u.Claims == nil {
|
|
u.Claims = make(map[string]*structpb.ListValue)
|
|
}
|
|
for k, vs := range identity.Claims(claims).Flatten().ToPB() {
|
|
u.Claims[k] = vs
|
|
}
|
|
}
|