Cadoles/hydra-werther
10
0
Fork 0
Code Issues Pull Requests Projects Releases 4 Wiki Activity

Compare commits

base: Cadoles:1.2.1-2-4-g592749e
Branches Tags
Cadoles:develop Cadoles:master Cadoles:staging Cadoles:dist/ubuntu/bionic/develop Cadoles:dist/ubuntu/bionic/staging
Cadoles:2025.2.17-stable.1544.8ded23c Cadoles:2025.2.17-testing.1544.8ded23c Cadoles:2025.2.17-develop.1544.8ded23c Cadoles:2023.12.6-stable.1421.15a4717 Cadoles:2023.12.6-testing.1421.15a4717 Cadoles:2023.12.6-develop.1421.15a4717 Cadoles:2023.12.6-develop.1447.7edc889 Cadoles:2023.12.6-develop.1347.7edc889 Cadoles:2023.12.6-jenkinsrelease.1334.b9bc218 Cadoles:2023.12.6-develop.1202.d74f812 Cadoles:pkg/staging/ubuntu-bionic/1.2.1-2 Cadoles:pkg/dev/ubuntu-bionic/1.2.1-4 Cadoles:pkg/dev/ubuntu-bionic/1.2.1-3 Cadoles:pkg/staging/ubuntu-bionic/1.2.1-1 Cadoles:pkg/dev/ubuntu-bionic/1.2.1-2 Cadoles:pkg/dev/ubuntu-bionic/1.2.1-0 Cadoles:pkg/staging/ubuntu-bionic/1.2.1-0 Cadoles:pkg/deb/ubuntu-bionic/1.2.1-0 Cadoles:v1.2.1 Cadoles:v1.2.0 Cadoles:v1.1.1 Cadoles:v1.1.0 Cadoles:v1.0.1 Cadoles:v1.0.0 Cadoles:1.2.1-2-7-gd74f812 Cadoles:1.2.1-2-6-g885d18e Cadoles:1.2.1-2-4-g592749e Cadoles:1.2.1-2-2-g194c186 Cadoles:1.2.1-2-1-gb940aae
..
compare: Cadoles:1.2.1-2-7-gd74f812
Branches Tags
Cadoles:develop Cadoles:master Cadoles:staging Cadoles:dist/ubuntu/bionic/develop Cadoles:dist/ubuntu/bionic/staging
Cadoles:2025.2.17-stable.1544.8ded23c Cadoles:2025.2.17-testing.1544.8ded23c Cadoles:2025.2.17-develop.1544.8ded23c Cadoles:2023.12.6-stable.1421.15a4717 Cadoles:2023.12.6-testing.1421.15a4717 Cadoles:2023.12.6-develop.1421.15a4717 Cadoles:2023.12.6-develop.1447.7edc889 Cadoles:2023.12.6-develop.1347.7edc889 Cadoles:2023.12.6-jenkinsrelease.1334.b9bc218 Cadoles:2023.12.6-develop.1202.d74f812 Cadoles:pkg/staging/ubuntu-bionic/1.2.1-2 Cadoles:pkg/dev/ubuntu-bionic/1.2.1-4 Cadoles:pkg/dev/ubuntu-bionic/1.2.1-3 Cadoles:pkg/staging/ubuntu-bionic/1.2.1-1 Cadoles:pkg/dev/ubuntu-bionic/1.2.1-2 Cadoles:pkg/dev/ubuntu-bionic/1.2.1-0 Cadoles:pkg/staging/ubuntu-bionic/1.2.1-0 Cadoles:pkg/deb/ubuntu-bionic/1.2.1-0 Cadoles:v1.2.1 Cadoles:v1.2.0 Cadoles:v1.1.1 Cadoles:v1.1.0 Cadoles:v1.0.1 Cadoles:v1.0.0 Cadoles:1.2.1-2-7-gd74f812 Cadoles:1.2.1-2-6-g885d18e Cadoles:1.2.1-2-4-g592749e Cadoles:1.2.1-2-2-g194c186 Cadoles:1.2.1-2-1-gb940aae

3 Commits
1.2.1-2-4- ... 1.2.1-2-7-

Author SHA1 Message Date
William Petit
d74f81224d chore: update templates metadata
All checks were successful
Cadoles/hydra-werther/pipeline/head This commit looks good
Details
2023-12-06 12:02:29 +01:00
wpetit
885d18ebb0 Merge pull request 'Possibilité d'ignorer les vérifications TLS sur les connexions au service Hydra depuis la configuration' (#3) from feat/ssl-ignore into develop
All checks were successful
Cadoles/hydra-werther/pipeline/head This commit looks good
Details 
Reviewed-on: #3
 2023-12-06 11:55:57 +01:00
Philippe Caseiro
271d62dc27 feat: configurable ignore of tls verification for hydra connections
All checks were successful
Cadoles/hydra-werther/pipeline/pr-develop This commit looks good
Details
2023-12-06 11:55:01 +01:00
5 changed files with 34 additions and 13 deletions
Expand all files Collapse all files

18
cmd/werther/main.go
View File

@ -14,6 +14,8 @@ import (
"net/url"
"os"
"crypto/tls"
"github.com/i-core/rlog"
"github.com/i-core/routegroup"
"github.com/i-core/werther/internal/identp"
@ -30,11 +32,12 @@ var version = ""
// Config is a server's configuration.
type Config struct {
DevMode bool `envconfig:"dev_mode" default:"false" desc:"a development mode"`
Listen string `default:":8080" desc:"a host and port to listen on (<host>:<port>)"`
Identp identp.Config
LDAP ldapclient.Config
Web web.Config
DevMode bool `envconfig:"dev_mode" default:"false" desc:"Enable development mode"`
Listen string `default:":8080" desc:"a host and port to listen on (<host>:<port>)"`
InsecureSkipVerify bool `envconfig:"insecure_skip_verify" default:"false" desc:"Disable TLS verification on Hydra connection"`
Identp identp.Config
LDAP ldapclient.Config
Web web.Config
}
func main() {
@ -80,6 +83,11 @@ func main() {
os.Exit(1)
}
if cnf.InsecureSkipVerify {
log.Warn("All ssl verifications are disabled !")
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}
ldap := ldapclient.New(cnf.LDAP)
router := routegroup.NewRouter(nosurf.NewPure, rlog.NewMiddleware(log))

8
conf/hydra-werther.conf
View File

@ -122,4 +122,10 @@ WERTHER_LDAP_ROLE_BASEDN=ou=groups,dc=myorg,dc=com
# [description] LDAP server connection timeout
# [type] Duration
# [default] 60s
# [required]
# [required]
# WERTHER_INSECURE_SKIP_VERIFY=
# [description] Disable TLS verification on Hydra connection
# [type] True or False
# [default] false
# [required]

5
internal/hydra/hydra.go
View File

@ -26,6 +26,8 @@ var (
ErrChallengeNotFound = errors.New("challenge not found")
// ErrChallengeExpired is an error that happens when a challenge is already used.
ErrChallengeExpired = errors.New("challenge expired")
//ErrServiceUnavailable is an error that happens when the hydra admin service is unavailable
ErrServiceUnavailable = errors.New("hydra service unavailable")
)
type reqType string
@ -52,6 +54,7 @@ func initiateRequest(typ reqType, hydraURL string, fakeTLSTermination bool, chal
if err != nil {
return nil, err
}
u, err := parseURL(hydraURL)
if err != nil {
return nil, err
@ -145,6 +148,8 @@ func checkResponse(resp *http.Response) error {
return ErrChallengeNotFound
case 409:
return ErrChallengeExpired
case 503:
return ErrServiceUnavailable
default:
var rs struct {
Message string `json:"error"`

4
internal/identp/identp.go
View File

@ -11,6 +11,7 @@ package identp
import (
"context"
"fmt"
"net/http"
"net/url"
"strings"
@ -127,7 +128,8 @@ func newLoginStartHandler(rproc oa2LoginReqProcessor, tmplRenderer TemplateRende
return
}
log.Infow("Failed to initiate an OAuth2 login request", zap.Error(err), "challenge", challenge)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
errMsg := fmt.Sprintf("%s - %s - %s", http.StatusText(http.StatusInternalServerError), err, errors.Cause(err))
http.Error(w, errMsg, http.StatusInternalServerError)
return
}
log.Infow("A login request is initiated", "challenge", challenge, "username", ri.Subject)

12
internal/web/templates.go
View File

@ -89,7 +89,7 @@ func loginTmpl() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "login.tmpl", size: 1376, mode: os.FileMode(0664), modTime: time.Unix(1598432745, 0)}
info := bindataFileInfo{name: "login.tmpl", size: 1376, mode: os.FileMode(0644), modTime: time.Unix(1632751659, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x96, 0x82, 0x4c, 0x6a, 0xc3, 0x92, 0x44, 0x14, 0x82, 0xe7, 0x9a, 0xa8, 0xc8, 0x81, 0x35, 0x91, 0x53, 0xa8, 0x9, 0xe5, 0x8, 0xd5, 0xf, 0x5c, 0x48, 0x31, 0xde, 0xbf, 0xb7, 0x65, 0x23, 0xa9}}
return a, nil
}
@ -109,7 +109,7 @@ func staticFontsRobotoLightTtf() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "static/fonts/Roboto-Light.ttf", size: 170012, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)}
info := bindataFileInfo{name: "static/fonts/Roboto-Light.ttf", size: 170012, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0xdb, 0x2, 0x9, 0x6a, 0x91, 0xc2, 0xa, 0xb6, 0x2d, 0x45, 0x90, 0x1, 0xa1, 0x5, 0x9b, 0xc8, 0xd7, 0x8c, 0xaa, 0x35, 0xd6, 0x37, 0xdc, 0x91, 0x49, 0x4c, 0x44, 0x40, 0x81, 0x5a, 0x6a, 0xc1}}
return a, nil
}
@ -129,7 +129,7 @@ func staticFontsRobotoLightWoff() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff", size: 93468, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)}
info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff", size: 93468, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x77, 0xad, 0xe0, 0x48, 0xda, 0x36, 0xf1, 0x3, 0xa5, 0x20, 0x45, 0x5a, 0xcb, 0xd2, 0xf, 0x26, 0xbd, 0x45, 0xd6, 0xf1, 0xc4, 0x21, 0x5, 0x4a, 0x5d, 0x92, 0x6f, 0x55, 0x65, 0x25, 0x16, 0x35}}
return a, nil
}
@ -149,7 +149,7 @@ func staticFontsRobotoLightWoff2() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff2", size: 64272, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)}
info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff2", size: 64272, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x1a, 0x87, 0xc0, 0x97, 0xd1, 0xa3, 0x42, 0xec, 0x1b, 0x1a, 0x40, 0x6, 0x6d, 0x4d, 0xbe, 0x9d, 0x6f, 0x14, 0x49, 0x2d, 0x78, 0x80, 0x5d, 0xe2, 0xa1, 0xb5, 0x7d, 0xaf, 0x8b, 0x28, 0xd6, 0x40}}
return a, nil
}
@ -169,7 +169,7 @@ func staticScriptJs() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "static/script.js", size: 1240, mode: os.FileMode(0644), modTime: time.Unix(1565090829, 0)}
info := bindataFileInfo{name: "static/script.js", size: 1240, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x21, 0x83, 0x40, 0xc4, 0xb1, 0x4e, 0x2c, 0xf8, 0x84, 0x11, 0x9b, 0x80, 0xc2, 0xe6, 0xab, 0xb5, 0xf8, 0xd5, 0x3b, 0xc9, 0x2e, 0x5b, 0x12, 0x7, 0x29, 0x2f, 0x21, 0x5f, 0x59, 0x35, 0xf7, 0xad}}
return a, nil
}
@ -189,7 +189,7 @@ func staticStyleCss() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "static/style.css", size: 5966, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)}
info := bindataFileInfo{name: "static/style.css", size: 5966, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0xdf, 0x10, 0x89, 0x7e, 0x7, 0xd2, 0xf2, 0xcc, 0xa2, 0x4e, 0xcf, 0x1, 0x63, 0x75, 0x97, 0xa1, 0x1c, 0x36, 0x4e, 0x34, 0x44, 0x85, 0x53, 0x93, 0xd4, 0x40, 0x69, 0x5f, 0x78, 0x30, 0x17, 0x8f}}
return a, nil
}