Compare commits
No commits in common. "885d18ebb064c2a8eff77d123aedc9adbfb490f7" and "592749eebf176e9ba508ac35008f476c354c5a0f" have entirely different histories.
885d18ebb0
...
592749eebf
|
@ -14,8 +14,6 @@ import (
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"crypto/tls"
|
|
||||||
|
|
||||||
"github.com/i-core/rlog"
|
"github.com/i-core/rlog"
|
||||||
"github.com/i-core/routegroup"
|
"github.com/i-core/routegroup"
|
||||||
"github.com/i-core/werther/internal/identp"
|
"github.com/i-core/werther/internal/identp"
|
||||||
|
@ -32,12 +30,11 @@ var version = ""
|
||||||
|
|
||||||
// Config is a server's configuration.
|
// Config is a server's configuration.
|
||||||
type Config struct {
|
type Config struct {
|
||||||
DevMode bool `envconfig:"dev_mode" default:"false" desc:"Enable development mode"`
|
DevMode bool `envconfig:"dev_mode" default:"false" desc:"a development mode"`
|
||||||
Listen string `default:":8080" desc:"a host and port to listen on (<host>:<port>)"`
|
Listen string `default:":8080" desc:"a host and port to listen on (<host>:<port>)"`
|
||||||
InsecureSkipVerify bool `envconfig:"insecure_skip_verify" default:"false" desc:"Disable TLS verification on Hydra connection"`
|
Identp identp.Config
|
||||||
Identp identp.Config
|
LDAP ldapclient.Config
|
||||||
LDAP ldapclient.Config
|
Web web.Config
|
||||||
Web web.Config
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
@ -83,11 +80,6 @@ func main() {
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
if cnf.InsecureSkipVerify {
|
|
||||||
log.Warn("All ssl verifications are disabled !")
|
|
||||||
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
|
||||||
}
|
|
||||||
|
|
||||||
ldap := ldapclient.New(cnf.LDAP)
|
ldap := ldapclient.New(cnf.LDAP)
|
||||||
|
|
||||||
router := routegroup.NewRouter(nosurf.NewPure, rlog.NewMiddleware(log))
|
router := routegroup.NewRouter(nosurf.NewPure, rlog.NewMiddleware(log))
|
||||||
|
|
|
@ -123,9 +123,3 @@ WERTHER_LDAP_ROLE_BASEDN=ou=groups,dc=myorg,dc=com
|
||||||
# [type] Duration
|
# [type] Duration
|
||||||
# [default] 60s
|
# [default] 60s
|
||||||
# [required]
|
# [required]
|
||||||
|
|
||||||
# WERTHER_INSECURE_SKIP_VERIFY=
|
|
||||||
# [description] Disable TLS verification on Hydra connection
|
|
||||||
# [type] True or False
|
|
||||||
# [default] false
|
|
||||||
# [required]
|
|
|
@ -26,8 +26,6 @@ var (
|
||||||
ErrChallengeNotFound = errors.New("challenge not found")
|
ErrChallengeNotFound = errors.New("challenge not found")
|
||||||
// ErrChallengeExpired is an error that happens when a challenge is already used.
|
// ErrChallengeExpired is an error that happens when a challenge is already used.
|
||||||
ErrChallengeExpired = errors.New("challenge expired")
|
ErrChallengeExpired = errors.New("challenge expired")
|
||||||
//ErrServiceUnavailable is an error that happens when the hydra admin service is unavailable
|
|
||||||
ErrServiceUnavailable = errors.New("hydra service unavailable")
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type reqType string
|
type reqType string
|
||||||
|
@ -54,7 +52,6 @@ func initiateRequest(typ reqType, hydraURL string, fakeTLSTermination bool, chal
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
u, err := parseURL(hydraURL)
|
u, err := parseURL(hydraURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -148,8 +145,6 @@ func checkResponse(resp *http.Response) error {
|
||||||
return ErrChallengeNotFound
|
return ErrChallengeNotFound
|
||||||
case 409:
|
case 409:
|
||||||
return ErrChallengeExpired
|
return ErrChallengeExpired
|
||||||
case 503:
|
|
||||||
return ErrServiceUnavailable
|
|
||||||
default:
|
default:
|
||||||
var rs struct {
|
var rs struct {
|
||||||
Message string `json:"error"`
|
Message string `json:"error"`
|
||||||
|
|
|
@ -11,7 +11,6 @@ package identp
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -128,8 +127,7 @@ func newLoginStartHandler(rproc oa2LoginReqProcessor, tmplRenderer TemplateRende
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
log.Infow("Failed to initiate an OAuth2 login request", zap.Error(err), "challenge", challenge)
|
log.Infow("Failed to initiate an OAuth2 login request", zap.Error(err), "challenge", challenge)
|
||||||
errMsg := fmt.Sprintf("%s - %s - %s", http.StatusText(http.StatusInternalServerError), err, errors.Cause(err))
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||||
http.Error(w, errMsg, http.StatusInternalServerError)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
log.Infow("A login request is initiated", "challenge", challenge, "username", ri.Subject)
|
log.Infow("A login request is initiated", "challenge", challenge, "username", ri.Subject)
|
||||||
|
|
Loading…
Reference in New Issue