httpserver/modules/saml/account.go

package saml

import (
	"fmt"
	"net/http"
	"time"

	"github.com/crewjam/saml"
	"github.com/gin-gonic/gin"
	"github.com/golang-jwt/jwt/v4"
	"github.com/google/uuid"
	"github.com/rs/zerolog/log"
	"go.sebtobie.de/httpserver/auth"
	"go.sebtobie.de/httpserver/constants"
)

var (
	defaccount = &account{
		data: map[constants.AccountConstant]any{
			constants.AccountID:   uuid.Nil,
			constants.AccountAnon: true,
		},
	}
	_ auth.AuthenticationHandler = &SAML{}
)

func maptoarray(m map[string]any) (output []any) {
	for k, v := range m {
		output = append(output, []any{k, v})
	}
	return
}

// Account returns the Account representation of the user
func (s *SAML) Account(c *gin.Context) auth.Account {
	acc := &(*defaccount)
	acc.s = s
	cookie, err := c.Cookie(s.Cookiename)
	if err != nil {
		return acc
	}
	var (
		claim *jwt.MapClaims
		ok    bool
	)
	token, err := jwt.ParseWithClaims(cookie, &jwt.MapClaims{}, s.signingkey)
	if err != nil {
		log.Debug().Err(err).Msg("Error while parsing token")
	}
	if claim, ok = token.Claims.(*jwt.MapClaims); ok && token.Valid {
		log.Debug().Interface("claim", claim).Msg("Got valid token")
		for key, value := range *claim {
			acc.data[constants.AccountConstant(key)] = value
		}
		return acc
	}
	log.Debug().Bool("valid", token.Valid).Interface("claim", claim).Msg("problem vith token")
	return acc
}

func (s *SAML) signingkey(token *jwt.Token) (key any, err error) {
	if _, ok := token.Method.(*jwt.SigningMethodRSAPSS); !ok {
		return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
	}
	return &s.jwtprivatekey.PublicKey, nil
}

type account struct {
	s    *SAML
	data map[constants.AccountConstant]any
}

func (a *account) Anonymous() bool {
	return a.data[constants.AccountAnon].(bool)
}

func (a *account) Redirect(c *gin.Context) {
	id := uuid.New().String()
	tokenstring, err := jwttoken(jwt.MapClaims{
		string(constants.AccountID):   id,
		string(constants.AccountAnon): true,
	}, a.s.jwtprivatekey)
	if err != nil {
		log.Error().Err(err).Msg("Failed to generate the token")
		c.AbortWithStatus(http.StatusInternalServerError)
		return
	}

	c.SetCookie(a.s.Cookiename, tokenstring, int(time.Hour), "", "", true, true)
	request, err := a.s.sp.MakeAuthenticationRequest(
		a.s.sp.GetSSOBindingLocation(saml.HTTPRedirectBinding),
		saml.HTTPRedirectBinding,
		saml.HTTPRedirectBinding,
	)
	if err != nil {
		c.AbortWithStatus(http.StatusInternalServerError)
	}
	request.ID = id
	u, err := request.Redirect(c.Request.URL.String(), a.s.sp)
	if err != nil {
		log.Error().Err(err).Msg("Failed to create redirect")
		c.AbortWithStatus(500)
		return
	}
	log.Debug().Msgf("Leite weiter: %s", u.String())
	c.Redirect(http.StatusSeeOther, u.String())
}

func (a *account) Get(key constants.AccountConstant) any {
	return a.data[key]
}

func (a *account) List() []constants.AccountConstant {
	var liste []constants.AccountConstant
	for key := range a.data {
		liste = append(liste, key)
	}
	return liste
}
first version of my httpserver 2021-01-09 20:39:05 +00:00			`package saml`

			`import (`
			`"fmt"`
			`"net/http"`
			`"time"`

			`"github.com/crewjam/saml"`
			`"github.com/gin-gonic/gin"`
updated jwt depndency 2022-11-04 22:55:39 +00:00			`"github.com/golang-jwt/jwt/v4"`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`"github.com/google/uuid"`
moved the constants from auth to contatnts 2022-11-05 07:31:12 +00:00			`"github.com/rs/zerolog/log"`
cleaned up old references i forgot 2021-01-10 00:35:50 +00:00			`"go.sebtobie.de/httpserver/auth"`
moved the constants from auth to contatnts 2022-11-05 07:31:12 +00:00			`"go.sebtobie.de/httpserver/constants"`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`)`

added an compiletime test to ensure that SAML is an AuthenticationHandler 2022-11-06 09:58:13 +00:00			`var (`
			`defaccount = &account{`
			`data: map[constants.AccountConstant]any{`
			`constants.AccountID: uuid.Nil,`
			`constants.AccountAnon: true,`
			`},`
			`}`
			`_ auth.AuthenticationHandler = &SAML{}`
			`)`
first version of my httpserver 2021-01-09 20:39:05 +00:00
changed logging to zerolog and raised the minimal go version to 1.19 2022-11-06 09:52:24 +00:00			`func maptoarray(m map[string]any) (output []any) {`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`for k, v := range m {`
changed logging to zerolog and raised the minimal go version to 1.19 2022-11-06 09:52:24 +00:00			`output = append(output, []any{k, v})`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`}`
			`return`
			`}`

			`// Account returns the Account representation of the user`
cleaned up old references i forgot 2021-01-10 00:35:50 +00:00			`func (s SAML) Account(c gin.Context) auth.Account {`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`acc := &(*defaccount)`
			`acc.s = s`
			`cookie, err := c.Cookie(s.Cookiename)`
			`if err != nil {`
			`return acc`
			`}`
			`var (`
			`claim *jwt.MapClaims`
			`ok bool`
			`)`
			`token, err := jwt.ParseWithClaims(cookie, &jwt.MapClaims{}, s.signingkey)`
			`if err != nil {`
			`log.Debug().Err(err).Msg("Error while parsing token")`
			`}`
			`if claim, ok = token.Claims.(*jwt.MapClaims); ok && token.Valid {`
replaced phuslu/log with zerolog 2022-11-05 07:29:17 +00:00			`log.Debug().Interface("claim", claim).Msg("Got valid token")`
created a new Type AccountConstant. This should help a bit with linting 2021-11-07 20:41:48 +00:00			`for key, value := range *claim {`
moved the constants from auth to contatnts 2022-11-05 07:31:12 +00:00			`acc.data[constants.AccountConstant(key)] = value`
created a new Type AccountConstant. This should help a bit with linting 2021-11-07 20:41:48 +00:00			`}`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`return acc`
			`}`
replaced phuslu/log with zerolog 2022-11-05 07:29:17 +00:00			`log.Debug().Bool("valid", token.Valid).Interface("claim", claim).Msg("problem vith token")`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`return acc`
			`}`

changed logging to zerolog and raised the minimal go version to 1.19 2022-11-06 09:52:24 +00:00			`func (s SAML) signingkey(token jwt.Token) (key any, err error) {`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`if _, ok := token.Method.(*jwt.SigningMethodRSAPSS); !ok {`
			`return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])`
			`}`
			`return &s.jwtprivatekey.PublicKey, nil`
			`}`

			`type account struct {`
			`s *SAML`
changed logging to zerolog and raised the minimal go version to 1.19 2022-11-06 09:52:24 +00:00			`data map[constants.AccountConstant]any`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`}`

			`func (a *account) Anonymous() bool {`
moved the constants from auth to contatnts 2022-11-05 07:31:12 +00:00			`return a.data[constants.AccountAnon].(bool)`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`}`

			`func (a account) Redirect(c gin.Context) {`
			`id := uuid.New().String()`
			`tokenstring, err := jwttoken(jwt.MapClaims{`
moved the constants from auth to contatnts 2022-11-05 07:31:12 +00:00			`string(constants.AccountID): id,`
			`string(constants.AccountAnon): true,`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`}, a.s.jwtprivatekey)`
			`if err != nil {`
			`log.Error().Err(err).Msg("Failed to generate the token")`
			`c.AbortWithStatus(http.StatusInternalServerError)`
			`return`
			`}`

			`c.SetCookie(a.s.Cookiename, tokenstring, int(time.Hour), "", "", true, true)`
cleaned up the code and updated dependencies 2022-11-04 23:03:21 +00:00			`request, err := a.s.sp.MakeAuthenticationRequest(`
			`a.s.sp.GetSSOBindingLocation(saml.HTTPRedirectBinding),`
			`saml.HTTPRedirectBinding,`
			`saml.HTTPRedirectBinding,`
			`)`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`if err != nil {`
			`c.AbortWithStatus(http.StatusInternalServerError)`
			`}`
			`request.ID = id`
cleaned up the code and updated dependencies 2022-11-04 23:03:21 +00:00			`u, err := request.Redirect(c.Request.URL.String(), a.s.sp)`
			`if err != nil {`
			`log.Error().Err(err).Msg("Failed to create redirect")`
			`c.AbortWithStatus(500)`
			`return`
			`}`
			`log.Debug().Msgf("Leite weiter: %s", u.String())`
			`c.Redirect(http.StatusSeeOther, u.String())`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`}`

changed logging to zerolog and raised the minimal go version to 1.19 2022-11-06 09:52:24 +00:00			`func (a *account) Get(key constants.AccountConstant) any {`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`return a.data[key]`
			`}`

moved the constants from auth to contatnts 2022-11-05 07:31:12 +00:00			`func (a *account) List() []constants.AccountConstant {`
			`var liste []constants.AccountConstant`
first version of my httpserver 2021-01-09 20:39:05 +00:00			`for key := range a.data {`
			`liste = append(liste, key)`
			`}`
			`return liste`
			`}`