mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2025-12-30 17:48:52 -05:00
90 lines
2.8 KiB
Go
90 lines
2.8 KiB
Go
package samlsp
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"net/http"
|
|
|
|
"github.com/crewjam/saml"
|
|
)
|
|
|
|
// Session is an interface implemented to contain a session.
|
|
type Session interface{}
|
|
|
|
// SessionWithAttributes is a session that can expose the
|
|
// attributes provided by the SAML identity provider.
|
|
type SessionWithAttributes interface {
|
|
Session
|
|
GetAttributes() Attributes
|
|
}
|
|
|
|
// ErrNoSession is the error returned when the remote user does not have a session
|
|
var ErrNoSession = errors.New("saml: session not present")
|
|
|
|
// SessionProvider is an interface implemented by types that can track
|
|
// the active session of a user. The default implementation is CookieSessionProvider
|
|
type SessionProvider interface {
|
|
// CreateSession is called when we have received a valid SAML assertion and
|
|
// should create a new session and modify the http response accordingly, e.g. by
|
|
// setting a cookie.
|
|
CreateSession(w http.ResponseWriter, r *http.Request, assertion *saml.Assertion) error
|
|
|
|
// DeleteSession is called to modify the response such that it removed the current
|
|
// session, e.g. by deleting a cookie.
|
|
DeleteSession(w http.ResponseWriter, r *http.Request) error
|
|
|
|
// GetSession returns the current Session associated with the request, or
|
|
// ErrNoSession if there is no valid session.
|
|
GetSession(r *http.Request) (Session, error)
|
|
}
|
|
|
|
// SessionCodec is an interface to convert SAML assertions to a
|
|
// Session. The default implementation uses JWTs, JWTSessionCodec.
|
|
type SessionCodec interface {
|
|
// New creates a Session from the SAML assertion.
|
|
New(assertion *saml.Assertion) (Session, error)
|
|
|
|
// Encode returns a serialized version of the Session.
|
|
//
|
|
// Note: When implementing this function, it is reasonable to expect that
|
|
// Session is of the exact type returned by New(), and panic if it is not.
|
|
Encode(s Session) (string, error)
|
|
|
|
// Decode parses the serialized session that may have been returned by Encode
|
|
// and returns a Session.
|
|
Decode(string) (Session, error)
|
|
}
|
|
|
|
type indexType int
|
|
|
|
const sessionIndex indexType = iota
|
|
|
|
// SessionFromContext returns the session associated with ctx, or nil
|
|
// if no session are associated
|
|
func SessionFromContext(ctx context.Context) Session {
|
|
v := ctx.Value(sessionIndex)
|
|
if v == nil {
|
|
return nil
|
|
}
|
|
return v.(Session)
|
|
}
|
|
|
|
// ContextWithSession returns a new context with session associated
|
|
func ContextWithSession(ctx context.Context, session Session) context.Context {
|
|
return context.WithValue(ctx, sessionIndex, session)
|
|
}
|
|
|
|
// AttributeFromContext is a convenience method that returns the named attribute
|
|
// from the session, if available.
|
|
func AttributeFromContext(ctx context.Context, name string) string {
|
|
s := SessionFromContext(ctx)
|
|
if s == nil {
|
|
return ""
|
|
}
|
|
sa, ok := s.(SessionWithAttributes)
|
|
if !ok {
|
|
return ""
|
|
}
|
|
return sa.GetAttributes().Get(name)
|
|
}
|