Cadoles/hydra-werther
10
0
Fork 0
Code Issues Pull Requests Projects Releases 4 Wiki Activity

Définition des claims amr et acr via la configuration #5

Merged
lgourvenec merged 1 commits from acr_amr into develop 2025-02-17 16:44:22 +01:00
Conversation 4 Commits 1 Files Changed 4 +33 -13
4 changed files with 33 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 46b279a4f0 - Show all commits

12
conf/hydra-werther.conf
View File

@ -129,3 +129,15 @@ WERTHER_LDAP_ROLE_BASEDN=ou=groups,dc=myorg,dc=com
# [type] True or False # [type] True or False
# [default] false # [default] false
# [required] # [required]
# WERTHER_IDENTP_AMR=
# [description] Authentication Method Reference Values
# [type] Comma-separated list of String
# [default]
# [required] false
lgourvenec marked this conversation as resolved Outdated
lgourvenec commented 2025-02-17 16:20:13 +01:00
Outdated
Review
Copy Link

manque un espace

manque un espace
👍 1
# WERTHER_IDENTP_ACR=
# [description] Authentication Context Class Reference
# [type] String
# [default]
# [required] false
lgourvenec marked this conversation as resolved Outdated
lgourvenec commented 2025-02-17 16:20:09 +01:00
Outdated
Review
Copy Link

manque un espace

manque un espace
👍 1

10
internal/hydra/login.go
View File

@ -16,11 +16,13 @@ type LoginReqDoer struct {
hydraURL string hydraURL string
fakeTLSTermination bool fakeTLSTermination bool
rememberFor int rememberFor int
acr string
amr []string
} }
// NewLoginReqDoer creates a LoginRequest. // NewLoginReqDoer creates a LoginRequest.
func NewLoginReqDoer(hydraURL string, fakeTLSTermination bool, rememberFor int) *LoginReqDoer { func NewLoginReqDoer(hydraURL string, fakeTLSTermination bool, rememberFor int, acr string, amr []string) *LoginReqDoer {
return &LoginReqDoer{hydraURL: hydraURL, fakeTLSTermination: fakeTLSTermination, rememberFor: rememberFor} return &LoginReqDoer{hydraURL: hydraURL, fakeTLSTermination: fakeTLSTermination, rememberFor: rememberFor, acr: acr, amr: amr}
} }
// InitiateRequest fetches information on the OAuth2 request. // InitiateRequest fetches information on the OAuth2 request.
@ -35,10 +37,14 @@ func (lrd *LoginReqDoer) AcceptLoginRequest(challenge string, remember bool, sub
Remember bool `json:"remember"` Remember bool `json:"remember"`
RememberFor int `json:"remember_for"` RememberFor int `json:"remember_for"`
Subject string `json:"subject"` Subject string `json:"subject"`
ACR string `json:"acr,omitempty"`
AMR []string `json:"amr,omitempty"`
lgourvenec marked this conversation as resolved Outdated
lgourvenec commented 2025-02-17 16:19:58 +01:00
Outdated
Review
Copy Link

manque pas un 'y' ?

manque pas un 'y' ?
👍 1
}{ }{
Remember: remember, Remember: remember,
RememberFor: lrd.rememberFor, RememberFor: lrd.rememberFor,
Subject: subject, Subject: subject,
ACR: lrd.acr,
AMR: lrd.amr,
} }
redirectURI, err := acceptRequest(login, lrd.hydraURL, lrd.fakeTLSTermination, challenge, data) redirectURI, err := acceptRequest(login, lrd.hydraURL, lrd.fakeTLSTermination, challenge, data)
return redirectURI, errors.Wrap(err, "failed to accept login request") return redirectURI, errors.Wrap(err, "failed to accept login request")

4
internal/hydra/login_test.go
View File

@ -60,7 +60,7 @@ func TestInitiateLoginRequest(t *testing.T) {
h := &testInitiateLoginHandler{reqInfo: tc.reqInfo, status: tc.status} h := &testInitiateLoginHandler{reqInfo: tc.reqInfo, status: tc.status}
srv := httptest.NewServer(h) srv := httptest.NewServer(h)
defer srv.Close() defer srv.Close()
ldr := hydra.NewLoginReqDoer(srv.URL, false, 0) ldr := hydra.NewLoginReqDoer(srv.URL, false, 0, "", nil)
reqInfo, err := ldr.InitiateRequest(tc.challenge) reqInfo, err := ldr.InitiateRequest(tc.challenge)
@ -160,7 +160,7 @@ func TestAcceptLoginRequest(t *testing.T) {
h := &testAcceptLoginHandler{challenge: tc.challenge, status: tc.status, redirect: tc.redirect} h := &testAcceptLoginHandler{challenge: tc.challenge, status: tc.status, redirect: tc.redirect}
srv := httptest.NewServer(h) srv := httptest.NewServer(h)
defer srv.Close() defer srv.Close()
ldr := hydra.NewLoginReqDoer(srv.URL, false, tc.rememberFor) ldr := hydra.NewLoginReqDoer(srv.URL, false, tc.rememberFor, "", nil)
redirect, err := ldr.AcceptLoginRequest(tc.challenge, tc.remember, tc.subject) redirect, err := ldr.AcceptLoginRequest(tc.challenge, tc.remember, tc.subject)

6
internal/identp/identp.go
View File

@ -32,6 +32,8 @@ type Config struct {
SessionTTL time.Duration `envconfig:"session_ttl" default:"24h" desc:"a user session's TTL"` SessionTTL time.Duration `envconfig:"session_ttl" default:"24h" desc:"a user session's TTL"`
ClaimScopes map[string]string `envconfig:"claim_scopes" default:"name:profile,family_name:profile,given_name:profile,email:email,https%3A%2F%2Fgithub.com%2Fi-core%2Fwerther%2Fclaims%2Froles:roles" desc:"a mapping of OpenID Connect claims to scopes (all claims are URL encoded)"` ClaimScopes map[string]string `envconfig:"claim_scopes" default:"name:profile,family_name:profile,given_name:profile,email:email,https%3A%2F%2Fgithub.com%2Fi-core%2Fwerther%2Fclaims%2Froles:roles" desc:"a mapping of OpenID Connect claims to scopes (all claims are URL encoded)"`
FakeTLSTermination bool `envconfig:"fake_tls_termination" default:"false" desc:"Fake tls termination by adding \"X-Forwarded-Proto: https\" to http headers "` FakeTLSTermination bool `envconfig:"fake_tls_termination" default:"false" desc:"Fake tls termination by adding \"X-Forwarded-Proto: https\" to http headers "`
ACR string `envconfig:"acr" desc:"Authorization Context Class Reference"`
lgourvenec marked this conversation as resolved Outdated
lgourvenec commented 2025-02-17 16:24:31 +01:00
Outdated
Review
Copy Link

"Authorization" est en trop, non ? Et pourquoi définir une valeur par défaut ici ? La valeur par défaut du langage est suffisante, non ?

"Authorization" est en trop, non ? Et pourquoi définir une valeur par défaut ici ? La valeur par défaut du langage est suffisante, non ?
👍 1
AMR []string `envconfig:"amr" desc:"Authentication Method References"`
} }
// UserManager is an interface that is used for authentication and providing user's claims. // UserManager is an interface that is used for authentication and providing user's claims.
@ -85,8 +87,8 @@ func NewHandler(cnf Config, um UserManager, tr TemplateRenderer) *Handler {
// AddRoutes registers all required routes for Login & Consent Provider. // AddRoutes registers all required routes for Login & Consent Provider.
func (h *Handler) AddRoutes(apply func(m, p string, h http.Handler, mws ...func(http.Handler) http.Handler)) { func (h *Handler) AddRoutes(apply func(m, p string, h http.Handler, mws ...func(http.Handler) http.Handler)) {
sessionTTL := int(h.SessionTTL.Seconds()) sessionTTL := int(h.SessionTTL.Seconds())
apply(http.MethodGet, "/login", newLoginStartHandler(hydra.NewLoginReqDoer(h.HydraURL, h.FakeTLSTermination, 0), h.tr)) apply(http.MethodGet, "/login", newLoginStartHandler(hydra.NewLoginReqDoer(h.HydraURL, h.FakeTLSTermination, 0, h.ACR, h.AMR), h.tr))
apply(http.MethodPost, "/login", newLoginEndHandler(hydra.NewLoginReqDoer(h.HydraURL, h.FakeTLSTermination, sessionTTL), h.um, h.tr)) apply(http.MethodPost, "/login", newLoginEndHandler(hydra.NewLoginReqDoer(h.HydraURL, h.FakeTLSTermination, sessionTTL, h.ACR, h.AMR), h.um, h.tr))
apply(http.MethodGet, "/consent", newConsentHandler(hydra.NewConsentReqDoer(h.HydraURL, h.FakeTLSTermination, sessionTTL), h.um, h.ClaimScopes)) apply(http.MethodGet, "/consent", newConsentHandler(hydra.NewConsentReqDoer(h.HydraURL, h.FakeTLSTermination, sessionTTL), h.um, h.ClaimScopes))
apply(http.MethodGet, "/logout", newLogoutHandler(hydra.NewLogoutReqDoer(h.HydraURL, h.FakeTLSTermination))) apply(http.MethodGet, "/logout", newLogoutHandler(hydra.NewLogoutReqDoer(h.HydraURL, h.FakeTLSTermination)))
} }