mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-29 18:36:30 +02:00
c01d0e045d
Add a new Stateful type implementing the stateful authentication flow from Pomerium v0.20 and earlier. This consists mainly of logic from authenticate/handlers.go prior to commits57217afand539fd51. One significant change is to set the default IdP ID when an IdP ID is not provided in the request URL (e.g. when signing in directly at the authenticate service domain). Otherwise, if session state is stored with an empty IdP ID, it won't be valid for any route.
41 lines
1.2 KiB
Go
41 lines
1.2 KiB
Go
package authenticateflow
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/pomerium/pomerium/config"
|
|
"github.com/pomerium/pomerium/internal/middleware"
|
|
"github.com/pomerium/pomerium/internal/urlutil"
|
|
)
|
|
|
|
type signatureVerifier struct {
|
|
options *config.Options
|
|
sharedKey []byte
|
|
}
|
|
|
|
// VerifySignature checks that the provided request has a valid signature.
|
|
func (v signatureVerifier) VerifySignature(r *http.Request) error {
|
|
return middleware.ValidateRequestURL(r, v.sharedKey)
|
|
}
|
|
|
|
// VerifyAuthenticateSignature checks that the provided request has a valid
|
|
// signature (for the authenticate service).
|
|
func (v signatureVerifier) VerifyAuthenticateSignature(r *http.Request) error {
|
|
return middleware.ValidateRequestURL(GetExternalAuthenticateRequest(r, v.options), v.sharedKey)
|
|
}
|
|
|
|
// GetExternalAuthenticateRequest canonicalizes an authenticate request URL
|
|
// based on the provided configuration options.
|
|
func GetExternalAuthenticateRequest(r *http.Request, options *config.Options) *http.Request {
|
|
externalURL, err := options.GetAuthenticateURL()
|
|
if err != nil {
|
|
return r
|
|
}
|
|
|
|
internalURL, err := options.GetInternalAuthenticateURL()
|
|
if err != nil {
|
|
return r
|
|
}
|
|
|
|
return urlutil.GetExternalRequest(internalURL, externalURL, r)
|
|
}
|