mirror of
https://github.com/goauthentik/authentik
synced 2026-04-27 09:57:31 +02:00
6dde8bdd4a
* wip Co-authored-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Dominic R <dominic@sdko.org> * remove testing files * a * wip * pls * pls2 * a * Update authentik/providers/proxy/models.py Co-authored-by: Jens L. <jens@beryju.org> Signed-off-by: Dominic R <dominic@sdko.org> * makemigrations * pls * pls1000 * dont migrate in go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set uuid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more test cases Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better logging Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set gorm nowfunc (gorm defaults to local time) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve test db closing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move expiration to field Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont' manually set table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refactor tests more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix em Signed-off-by: Jens Langhammer <jens@goauthentik.io> * postgres cleanup is done by worker Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update expiry and set expiring Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Dominic R <dominic@sdko.org> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@beryju.org>
88 lines
2.3 KiB
Go
88 lines
2.3 KiB
Go
package application
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"goauthentik.io/internal/outpost/proxyv2/types"
|
|
)
|
|
|
|
type TokenResponse struct {
|
|
AccessToken string `json:"access_token"`
|
|
IDToken string `json:"id_token"`
|
|
}
|
|
|
|
const JWTUsername = "goauthentik.io/token"
|
|
|
|
func (a *Application) attemptBasicAuth(username, password string) *types.Claims {
|
|
if username == JWTUsername {
|
|
res := a.attemptBearerAuth(password)
|
|
if res != nil {
|
|
return &res.Claims
|
|
}
|
|
}
|
|
values := url.Values{
|
|
"grant_type": []string{"client_credentials"},
|
|
"client_id": []string{a.oauthConfig.ClientID},
|
|
"username": []string{username},
|
|
"password": []string{password},
|
|
"scope": []string{strings.Join(a.oauthConfig.Scopes, " ")},
|
|
}
|
|
req, err := http.NewRequest("POST", a.endpoint.TokenURL, strings.NewReader(values.Encode()))
|
|
if err != nil {
|
|
a.log.WithError(err).Warning("failed to create token request")
|
|
return nil
|
|
}
|
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
res, err := a.publicHostHTTPClient.Do(req)
|
|
if err != nil {
|
|
a.log.WithError(err).Warning("failed to send token request")
|
|
return nil
|
|
}
|
|
defer func() {
|
|
if err := res.Body.Close(); err != nil {
|
|
a.log.WithError(err).Warning("failed to close response body")
|
|
}
|
|
}()
|
|
|
|
if res.StatusCode > 200 {
|
|
b, readErr := io.ReadAll(res.Body)
|
|
if readErr != nil {
|
|
b = []byte(readErr.Error())
|
|
a.log.WithError(readErr).WithField("body", string(b)).Warning("failed to read error response body")
|
|
} else {
|
|
a.log.WithField("body", string(b)).Warning("failed to send token request")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
var token TokenResponse
|
|
err = json.NewDecoder(res.Body).Decode(&token)
|
|
if err != nil {
|
|
a.log.WithError(err).Warning("failed to parse token response")
|
|
return nil
|
|
}
|
|
// Parse and verify ID Token payload.
|
|
idToken, err := a.tokenVerifier.Verify(context.Background(), token.IDToken)
|
|
if err != nil {
|
|
a.log.WithError(err).Warning("failed to verify token")
|
|
return nil
|
|
}
|
|
|
|
// Extract custom claims
|
|
var claims *types.Claims
|
|
if err := idToken.Claims(&claims); err != nil {
|
|
a.log.WithError(err).Warning("failed to convert token to claims")
|
|
return nil
|
|
}
|
|
if claims.Proxy == nil {
|
|
claims.Proxy = &types.ProxyClaims{}
|
|
}
|
|
claims.RawToken = token.IDToken
|
|
return claims
|
|
}
|