From b4e0c981b18d772070da61167693863abc54a159 Mon Sep 17 00:00:00 2001 From: Steve Ramage Date: Thu, 21 Nov 2024 14:18:27 -0800 Subject: [PATCH] MR Feedback --- external/oidc/index.go | 167 -------------------------- external/oidc/server.go | 251 ---------------------------------------- 2 files changed, 418 deletions(-) diff --git a/external/oidc/index.go b/external/oidc/index.go index 7f5a86a..4551f21 100644 --- a/external/oidc/index.go +++ b/external/oidc/index.go @@ -158,170 +158,3 @@ func GenerateCodeChallenge(verifier string) (string, error) { // Base64 URL encode the hash return base64.RawURLEncoding.EncodeToString(hash[:]), nil } - -/* - - tmpl, err := template.New("index").Parse(oidc.Index) - - if err != nil { - log.Errorf("Could not parse index template") - w.WriteHeader(500) - return - } - - err = tmpl.Execute(w, profiles) - - if err != nil { - log.Warnf("Error handling request %v\n%v", r, err) - return - } - }) - - http.HandleFunc("/callback", func(w http.ResponseWriter, r *http.Request) { - // Parse the query parameters - queryParams := r.URL.Query() - - // Convert query parameters to a map - data := make(map[string]string) - for key, values := range queryParams { - data[key] = values[0] // Use the first value if multiple are provided - } - - data["uri"] = fmt.Sprintf("http://localhost:", port) - - if data["code"] != "" { - - state, err := r.Cookie("state") - - if err != nil { - log.Errorf("Could not get state cookie") - w.WriteHeader(500) - return - } - - verifier, err := r.Cookie("code_verifier") - - if err != nil { - log.Errorf("Could not get verifier cookie") - w.WriteHeader(500) - return - } - - result, err := rest.CreateInternal(context.Background(), &httpclient.HttpParameterOverrides{}, []string{"account-management-authentication-token", - "authentication_mechanism", "oidc", - "oauth_authorization_code", data["code"], - "oauth_redirect_uri", fmt.Sprintf("http://localhost:%d/callback", port), - "oauth_state", state.Value, - "oauth_code_verifier", verifier.Value, - }, false, "", true) - - if err != nil { - RenderErrorPage(w, "Could Not Get Account Tokens", err.Error()) - return - } - - spi := SuccessPageInfo{ - LoginType: "AM", - } - - err = gojson.Unmarshal([]byte(result), &spi.AccountTokenResponse) - - if err != nil { - log.Errorf("Could not unmarshal account: %v", err) - } - - for _, v := range spi.AccountTokenResponse.Data { - - str, err := gojson.Marshal(v) - - if err != nil { - log.Errorf("Could not encode token %v", err) - } - - base64.URLEncoding.EncodeToString(str) - - spi.AccountTokenStructBase64 = append(spi.AccountTokenStructBase64, base64.URLEncoding.EncodeToString(str)) - } - - log.Infof("Result: %v, SPI: %v, State: %s, Verifier: %s", result, spi, state.String(), verifier.String()) - - tmpl, err := template.New("index").Parse(oidc.SuccessPage) - - if err != nil { - log.Errorf("Could not parse index template") - w.WriteHeader(500) - return - } - - err = tmpl.Execute(w, spi) - - if err != nil { - log.Warnf("Error handling request %v\n%v", r, err) - return - } - - return - } else if data["error"] == "" { - RenderErrorPage(w, "bad_response", "Invalid response from IdP, no code or error query parameter") - } else { - RenderErrorPage(w, data["error"], data["error_description"]) - } - - }) - - http.HandleFunc("/style.css", func(w http.ResponseWriter, r *http.Request) { - - w.Header().Set("Content-Type", "text/css") - - _, err := fmt.Fprintf(w, oidc.Css) - if err != nil { - log.Warnf("Error handling request %v\n%v", r, err) - return - } - }) - - http.HandleFunc("/set-am-token/", func(w http.ResponseWriter, r *http.Request) { - token := strings.Replace(r.URL.Path, "/set-am-token/", "", 1) - - log.Infof("Setting Token to %s", token) - - amTokenJson, err := base64.URLEncoding.DecodeString(token) - - if err != nil { - log.Errorf("Could not base64 decode token %v", err) - w.WriteHeader(500) - return - } - - amToken := authentication.AccountManagementAuthenticationTokenStruct{} - - err = gojson.Unmarshal(amTokenJson, &amToken) - - if err != nil { - log.Errorf("Could not unmarshal token %v", err) - w.WriteHeader(500) - return - } - - authentication.SaveAccountManagementAuthenticationToken(amToken) - - tmpl, err := template.New("index").Parse(oidc.DonePage) - - if err != nil { - log.Errorf("Could not parse index template") - w.WriteHeader(500) - return - } - - err = tmpl.Execute(w, amToken) - - if err != nil { - log.Warnf("Error handling request %v\n%v", r, err) - return - } - - return - - return - }) -*/ diff --git a/external/oidc/server.go b/external/oidc/server.go index a3cac22..785d5fa 100644 --- a/external/oidc/server.go +++ b/external/oidc/server.go @@ -112,254 +112,3 @@ type OidcProfileInfo struct { AuthorizationLink string `mapstructure:"authorization_link"` Idp string } - -/* - overrides := &httpclient.HttpParameterOverrides{ - QueryParameters: nil, - OverrideUrlPath: "", - } - - // Get customer and account authentication settings to populate the aliases - customerAuthSettings, err := rest.GetInternal(ctx, overrides, []string{"customer-authentication-settings"}, false) - - if err != nil { - log.Errorf("Could not retrieve customer authentication settings") - w.WriteHeader(500) - return - - } - - accountAuthSettings, err := rest.GetInternal(ctx, overrides, []string{"account-authentication-settings"}, false) - - if err != nil { - log.Errorf("Could not retrieve account authentication settings") - w.WriteHeader(500) - return - - } - - customerRealmId, err := json.RunJQOnStringAndGetString(".data.relationships[\"authentication-realm\"].data.id", customerAuthSettings) - - if err != nil { - log.Errorf("Could not determine customer realm id") - w.WriteHeader(500) - return - } - log.Infof("Customer Auth Settings: %v", customerRealmId) - - customerClientId, err := json.RunJQOnStringAndGetString(".data.meta.client_id", customerAuthSettings) - - if err != nil { - log.Errorf("Could not determine customer client id") - w.WriteHeader(500) - return - } - - accountRealmId, err := json.RunJQOnStringAndGetString(".data.relationships.authentication_realm.data.id", accountAuthSettings) - - if err != nil { - log.Errorf("Could not determine account realm id") - w.WriteHeader(500) - return - } - - accountClientId, err := json.RunJQOnStringAndGetString(".data.meta.client_id", accountAuthSettings) - - if err != nil { - log.Errorf("Could not determine customer client id") - w.WriteHeader(500) - return - } - - log.Infof("Account Auth Settings: %v", accountRealmId) - - customerProfiles, err := getOidcProfilesForRealm(ctx, overrides, customerRealmId) - - if err != nil { - log.Errorf("Could not determine customer OIDC Profiles") - return - } - - accountProfiles, err := getOidcProfilesForRealm(ctx, overrides, accountRealmId) - - if err != nil { - log.Errorf("Could not determine customer OIDC Profiles: %v", err) - return - } - - verifier, err := GenerateCodeVerifier() - - if err != nil { - log.Errorf("Could not get verifier %v", err) - return - } - - challenge, err := GenerateCodeChallenge(verifier) - - if err != nil { - log.Errorf("Could not get challenge %v", err) - return - } - - profiles := LoginPageInfo{ - CustomerProfiles: customerProfiles, - CustomerClientId: customerClientId, - AccountProfiles: accountProfiles, - AccountClientId: accountClientId, - State: uuid.New().String(), - RedirectUriEncoded: fmt.Sprintf("%s%d%s", "http%3A%2F%2Flocalhost%3A", port, "/callback"), - RedirectUriUnencoded: fmt.Sprintf("%s%d%s", "http://localhost:", port, "/callback"), - CodeVerifier: verifier, - CodeChallenge: challenge, - } - - if err != nil { - log.Errorf("Could not determine customer OIDC Profiles") - return - } - - tmpl, err := template.New("index").Parse(oidc.Index) - - if err != nil { - log.Errorf("Could not parse index template") - w.WriteHeader(500) - return - } - - err = tmpl.Execute(w, profiles) - - if err != nil { - log.Warnf("Error handling request %v\n%v", r, err) - return - } - }) - - http.HandleFunc("/callback", func(w http.ResponseWriter, r *http.Request) { - // Parse the query parameters - queryParams := r.URL.Query() - - // Convert query parameters to a map - data := make(map[string]string) - for key, values := range queryParams { - data[key] = values[0] // Use the first value if multiple are provided - } - - data["uri"] = fmt.Sprintf("http://localhost:", port) - - if data["code"] != "" { - - state, err := r.Cookie("state") - - if err != nil { - log.Errorf("Could not get state cookie") - w.WriteHeader(500) - return - } - - verifier, err := r.Cookie("code_verifier") - - if err != nil { - log.Errorf("Could not get verifier cookie") - w.WriteHeader(500) - return - } - - result, err := rest.CreateInternal(context.Background(), &httpclient.HttpParameterOverrides{}, []string{"account-management-authentication-token", - "authentication_mechanism", "oidc", - "oauth_authorization_code", data["code"], - "oauth_redirect_uri", fmt.Sprintf("http://localhost:%d/callback", port), - "oauth_state", state.Value, - "oauth_code_verifier", verifier.Value, - }, false, "", true) - - if err != nil { - RenderErrorPage(w, "Could Not Get Account Tokens", err.Error()) - return - } - - spi := SuccessPageInfo{ - LoginType: "AM", - } - - err = gojson.Unmarshal([]byte(result), &spi.AccountTokenResponse) - - if err != nil { - log.Errorf("Could not unmarshal account: %v", err) - } - - for _, v := range spi.AccountTokenResponse.Data { - - str, err := gojson.Marshal(v) - - if err != nil { - log.Errorf("Could not encode token %v", err) - } - - base64.URLEncoding.EncodeToString(str) - - spi.AccountTokenStructBase64 = append(spi.AccountTokenStructBase64, base64.URLEncoding.EncodeToString(str)) - } - - log.Infof("Result: %v, SPI: %v, State: %s, Verifier: %s", result, spi, state.String(), verifier.String()) - - tmpl, err := template.New("index").Parse(oidc.SuccessPage) - - if err != nil { - log.Errorf("Could not parse index template") - w.WriteHeader(500) - return - } - - err = tmpl.Execute(w, spi) - - if err != nil { - log.Warnf("Error handling request %v\n%v", r, err) - return - } - - return - } else if data["error"] == "" { - RenderErrorPage(w, "bad_response", "Invalid response from IdP, no code or error query parameter") - } else { - RenderErrorPage(w, data["error"], data["error_description"]) - } - - }) - - http.HandleFunc("/style.css", func(w http.ResponseWriter, r *http.Request) { - - w.Header().Set("Content-Type", "text/css") - - _, err := fmt.Fprintf(w, oidc.Css) - if err != nil { - log.Warnf("Error handling request %v\n%v", r, err) - return - } - }) - - -*/ - -/* - -func RenderErrorPage(w http.ResponseWriter, title string, description string) { - tmpl, err := template.New("index").Parse(oidc.ErrorPage) - - if err != nil { - log.Errorf("Could not parse index template") - w.WriteHeader(500) - return - } - - data := map[string]string{ - "error": title, - "error_description": description, - } - err = tmpl.Execute(w, data) - - if err != nil { - log.Warnf("Error handling request %v\n%v", err) - return - } -} -*/