Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
G
go-sso
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Operate
Environments
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
id
go-sso
Commits
d0ca4be4
Commit
d0ca4be4
authored
6 years ago
by
ale
Browse files
Options
Downloads
Patches
Plain Diff
Make the U2F AppID configurable
parent
522bc582
No related branches found
No related tags found
No related merge requests found
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
server/config.go
+1
-0
1 addition, 0 deletions
server/config.go
server/http.go
+1
-1
1 addition, 1 deletion
server/http.go
server/login.go
+7
-2
7 additions, 2 deletions
server/login.go
with
9 additions
and
3 deletions
server/config.go
+
1
−
0
View file @
d0ca4be4
...
@@ -33,6 +33,7 @@ type Config struct {
...
@@ -33,6 +33,7 @@ type Config struct {
SessionSecrets
[]
string
`yaml:"session_secrets"`
SessionSecrets
[]
string
`yaml:"session_secrets"`
CSRFSecret
string
`yaml:"csrf_secret"`
CSRFSecret
string
`yaml:"csrf_secret"`
AuthService
string
`yaml:"auth_service"`
AuthService
string
`yaml:"auth_service"`
U2FAppID
string
`yaml:"u2f_app_id"`
DeviceManager
*
device
.
Config
`yaml:"device_manager"`
DeviceManager
*
device
.
Config
`yaml:"device_manager"`
KeyStore
*
clientutil
.
BackendConfig
`yaml:"keystore"`
KeyStore
*
clientutil
.
BackendConfig
`yaml:"keystore"`
...
...
This diff is collapsed.
Click to expand it.
server/http.go
+
1
−
1
View file @
d0ca4be4
...
@@ -137,7 +137,7 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi
...
@@ -137,7 +137,7 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi
if
err
!=
nil
{
if
err
!=
nil
{
return
nil
,
err
return
nil
,
err
}
}
s
.
loginHandler
=
newLoginHandler
(
s
.
loginCallback
,
devMgr
,
authClient
,
config
.
AuthService
,
s
.
tpl
,
sessionSecrets
...
)
s
.
loginHandler
=
newLoginHandler
(
s
.
loginCallback
,
devMgr
,
authClient
,
config
.
AuthService
,
config
.
U2FAppID
,
s
.
tpl
,
sessionSecrets
...
)
return
s
,
nil
return
s
,
nil
}
}
...
...
This diff is collapsed.
Click to expand it.
server/login.go
+
7
−
2
View file @
d0ca4be4
...
@@ -72,6 +72,7 @@ type loginCallbackFunc func(http.ResponseWriter, *http.Request, string, string,
...
@@ -72,6 +72,7 @@ type loginCallbackFunc func(http.ResponseWriter, *http.Request, string, string,
type
loginHandler
struct
{
type
loginHandler
struct
{
authClient
authclient
.
Client
authClient
authclient
.
Client
authService
string
authService
string
u2fAppID
string
devMgr
*
device
.
Manager
devMgr
*
device
.
Manager
loginCallback
loginCallbackFunc
loginCallback
loginCallbackFunc
loginSessionStore
sessions
.
Store
loginSessionStore
sessions
.
Store
...
@@ -80,7 +81,7 @@ type loginHandler struct {
...
@@ -80,7 +81,7 @@ type loginHandler struct {
// NewLoginHandler will wrap an http.Handler with the login workflow,
// NewLoginHandler will wrap an http.Handler with the login workflow,
// invoking it only on successful login.
// invoking it only on successful login.
func
newLoginHandler
(
okHandler
loginCallbackFunc
,
devMgr
*
device
.
Manager
,
authClient
authclient
.
Client
,
authService
string
,
tpl
*
template
.
Template
,
keyPairs
...
[]
byte
)
*
loginHandler
{
func
newLoginHandler
(
okHandler
loginCallbackFunc
,
devMgr
*
device
.
Manager
,
authClient
authclient
.
Client
,
authService
,
u2fAppID
string
,
tpl
*
template
.
Template
,
keyPairs
...
[]
byte
)
*
loginHandler
{
store
:=
sessions
.
NewCookieStore
(
keyPairs
...
)
store
:=
sessions
.
NewCookieStore
(
keyPairs
...
)
store
.
Options
=
&
sessions
.
Options
{
store
.
Options
=
&
sessions
.
Options
{
HttpOnly
:
true
,
HttpOnly
:
true
,
...
@@ -273,6 +274,10 @@ func (l *loginHandler) handleU2F(w http.ResponseWriter, req *http.Request, sessi
...
@@ -273,6 +274,10 @@ func (l *loginHandler) handleU2F(w http.ResponseWriter, req *http.Request, sessi
// Make the auth request to the authentication server.
// Make the auth request to the authentication server.
func
(
l
*
loginHandler
)
makeAuthRequest
(
w
http
.
ResponseWriter
,
req
*
http
.
Request
,
username
,
password
,
otp
string
,
u2fResponse
*
u2f
.
SignResponse
)
(
*
auth
.
Response
,
error
)
{
func
(
l
*
loginHandler
)
makeAuthRequest
(
w
http
.
ResponseWriter
,
req
*
http
.
Request
,
username
,
password
,
otp
string
,
u2fResponse
*
u2f
.
SignResponse
)
(
*
auth
.
Response
,
error
)
{
appID
:=
l
.
u2fAppID
if
appID
==
""
{
appID
=
u2fAppIDFromRequest
(
req
)
}
ar
:=
auth
.
Request
{
ar
:=
auth
.
Request
{
Service
:
l
.
authService
,
Service
:
l
.
authService
,
Username
:
username
,
Username
:
username
,
...
@@ -280,7 +285,7 @@ func (l *loginHandler) makeAuthRequest(w http.ResponseWriter, req *http.Request,
...
@@ -280,7 +285,7 @@ func (l *loginHandler) makeAuthRequest(w http.ResponseWriter, req *http.Request,
OTP
:
otp
,
OTP
:
otp
,
DeviceInfo
:
l
.
devMgr
.
GetDeviceInfoFromRequest
(
w
,
req
),
DeviceInfo
:
l
.
devMgr
.
GetDeviceInfoFromRequest
(
w
,
req
),
U2FResponse
:
u2fResponse
,
U2FResponse
:
u2fResponse
,
U2FAppID
:
u2fAppIDFromRequest
(
req
)
,
U2FAppID
:
appID
,
}
}
return
l
.
authClient
.
Authenticate
(
req
.
Context
(),
&
ar
)
return
l
.
authClient
.
Authenticate
(
req
.
Context
(),
&
ar
)
}
}
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
