Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
G
go-sso
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
6
Issues
6
List
Boards
Labels
Service Desk
Milestones
Merge Requests
2
Merge Requests
2
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
id
go-sso
Commits
d0ca4be4
Commit
d0ca4be4
authored
Nov 03, 2018
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make the U2F AppID configurable
parent
522bc582
Pipeline
#1474
passed with stages
in 1 minute and 47 seconds
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
9 additions
and
3 deletions
+9
-3
server/config.go
server/config.go
+1
-0
server/http.go
server/http.go
+1
-1
server/login.go
server/login.go
+7
-2
No files found.
server/config.go
View file @
d0ca4be4
...
...
@@ -33,6 +33,7 @@ type Config struct {
SessionSecrets
[]
string
`yaml:"session_secrets"`
CSRFSecret
string
`yaml:"csrf_secret"`
AuthService
string
`yaml:"auth_service"`
U2FAppID
string
`yaml:"u2f_app_id"`
DeviceManager
*
device
.
Config
`yaml:"device_manager"`
KeyStore
*
clientutil
.
BackendConfig
`yaml:"keystore"`
...
...
server/http.go
View file @
d0ca4be4
...
...
@@ -137,7 +137,7 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi
if
err
!=
nil
{
return
nil
,
err
}
s
.
loginHandler
=
newLoginHandler
(
s
.
loginCallback
,
devMgr
,
authClient
,
config
.
AuthService
,
s
.
tpl
,
sessionSecrets
...
)
s
.
loginHandler
=
newLoginHandler
(
s
.
loginCallback
,
devMgr
,
authClient
,
config
.
AuthService
,
config
.
U2FAppID
,
s
.
tpl
,
sessionSecrets
...
)
return
s
,
nil
}
...
...
server/login.go
View file @
d0ca4be4
...
...
@@ -72,6 +72,7 @@ type loginCallbackFunc func(http.ResponseWriter, *http.Request, string, string,
type
loginHandler
struct
{
authClient
authclient
.
Client
authService
string
u2fAppID
string
devMgr
*
device
.
Manager
loginCallback
loginCallbackFunc
loginSessionStore
sessions
.
Store
...
...
@@ -80,7 +81,7 @@ type loginHandler struct {
// NewLoginHandler will wrap an http.Handler with the login workflow,
// invoking it only on successful login.
func
newLoginHandler
(
okHandler
loginCallbackFunc
,
devMgr
*
device
.
Manager
,
authClient
authclient
.
Client
,
authService
string
,
tpl
*
template
.
Template
,
keyPairs
...
[]
byte
)
*
loginHandler
{
func
newLoginHandler
(
okHandler
loginCallbackFunc
,
devMgr
*
device
.
Manager
,
authClient
authclient
.
Client
,
authService
,
u2fAppID
string
,
tpl
*
template
.
Template
,
keyPairs
...
[]
byte
)
*
loginHandler
{
store
:=
sessions
.
NewCookieStore
(
keyPairs
...
)
store
.
Options
=
&
sessions
.
Options
{
HttpOnly
:
true
,
...
...
@@ -273,6 +274,10 @@ func (l *loginHandler) handleU2F(w http.ResponseWriter, req *http.Request, sessi
// Make the auth request to the authentication server.
func
(
l
*
loginHandler
)
makeAuthRequest
(
w
http
.
ResponseWriter
,
req
*
http
.
Request
,
username
,
password
,
otp
string
,
u2fResponse
*
u2f
.
SignResponse
)
(
*
auth
.
Response
,
error
)
{
appID
:=
l
.
u2fAppID
if
appID
==
""
{
appID
=
u2fAppIDFromRequest
(
req
)
}
ar
:=
auth
.
Request
{
Service
:
l
.
authService
,
Username
:
username
,
...
...
@@ -280,7 +285,7 @@ func (l *loginHandler) makeAuthRequest(w http.ResponseWriter, req *http.Request,
OTP
:
otp
,
DeviceInfo
:
l
.
devMgr
.
GetDeviceInfoFromRequest
(
w
,
req
),
U2FResponse
:
u2fResponse
,
U2FAppID
:
u2fAppIDFromRequest
(
req
)
,
U2FAppID
:
appID
,
}
return
l
.
authClient
.
Authenticate
(
req
.
Context
(),
&
ar
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment