|
|
|
@ -77,43 +77,28 @@ type Service struct { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (s *Service) Authenticate(ctx context.Context, client string, r *authn.Request) (*authn.Identity, bool, error) { |
|
|
|
func (s *Service) Authenticate(ctx context.Context, client string, r *authn.Request) (*authn.Identity, bool, error) { |
|
|
|
ctx, span := s.tracer.Start(ctx, "authn.Authenticate") |
|
|
|
|
|
|
|
defer span.End() |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
span.SetAttributes("authn.client", client, attribute.Key("authn.client").String(client)) |
|
|
|
|
|
|
|
logger := s.log.FromContext(ctx) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
c, ok := s.clients[client] |
|
|
|
c, ok := s.clients[client] |
|
|
|
if !ok { |
|
|
|
if !ok { |
|
|
|
logger.Debug("auth client not found", "client", client) |
|
|
|
|
|
|
|
span.AddEvents([]string{"message"}, []tracing.EventValue{{Str: "auth client is not configured"}}) |
|
|
|
|
|
|
|
return nil, false, nil |
|
|
|
return nil, false, nil |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if !c.Test(ctx, r) { |
|
|
|
if !c.Test(ctx, r) { |
|
|
|
logger.Debug("auth client cannot handle request", "client", client) |
|
|
|
|
|
|
|
span.AddEvents([]string{"message"}, []tracing.EventValue{{Str: "auth client cannot handle request"}}) |
|
|
|
|
|
|
|
return nil, false, nil |
|
|
|
return nil, false, nil |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ctx, span := s.tracer.Start(ctx, "authn.Authenticate") |
|
|
|
|
|
|
|
defer span.End() |
|
|
|
|
|
|
|
span.SetAttributes("authn.client", client, attribute.Key("authn.client").String(client)) |
|
|
|
|
|
|
|
|
|
|
|
r.OrgID = orgIDFromRequest(r) |
|
|
|
r.OrgID = orgIDFromRequest(r) |
|
|
|
identity, err := c.Authenticate(ctx, r) |
|
|
|
identity, err := c.Authenticate(ctx, r) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
logger.Warn("auth client could not authenticate request", "client", client, "error", err) |
|
|
|
s.log.FromContext(ctx).Warn("auth client could not authenticate request", "client", client, "error", err) |
|
|
|
span.AddEvents([]string{"message"}, []tracing.EventValue{{Str: "auth client could not authenticate request"}}) |
|
|
|
span.AddEvents([]string{"message"}, []tracing.EventValue{{Str: "auth client could not authenticate request"}}) |
|
|
|
return nil, true, err |
|
|
|
return nil, true, err |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// FIXME: We want to perform common authentication operations here.
|
|
|
|
|
|
|
|
// We will add them as we start to implement clients that requires them.
|
|
|
|
|
|
|
|
// Those operations can be Syncing user, syncing teams, create a session etc.
|
|
|
|
|
|
|
|
// We would need to check what operations a client support and also if they are requested
|
|
|
|
|
|
|
|
// because for e.g. basic auth we want to create a session if the call is coming from the
|
|
|
|
|
|
|
|
// login handler, but if we want to perform basic auth during a request (called from contexthandler) we don't
|
|
|
|
|
|
|
|
// want a session to be created.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
params := c.ClientParams() |
|
|
|
params := c.ClientParams() |
|
|
|
|
|
|
|
|
|
|
|
for _, hook := range s.postAuthHooks { |
|
|
|
for _, hook := range s.postAuthHooks { |
|
|
|
if err := hook(ctx, params, identity, r); err != nil { |
|
|
|
if err := hook(ctx, params, identity, r); err != nil { |
|
|
|
return nil, false, err |
|
|
|
return nil, false, err |
|
|
|
|
Karl Persson
2 years ago
committed by