mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2025-12-31 01:59:39 -05:00
179 lines
4.9 KiB
Go
179 lines
4.9 KiB
Go
/*
|
|
* Copyright 2017-2019 Kopano and its licensors
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
*/
|
|
|
|
package identifier
|
|
|
|
import (
|
|
"net/url"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
|
|
"github.com/libregraph/lico/identifier/meta"
|
|
"github.com/libregraph/lico/identity/clients"
|
|
)
|
|
|
|
// A LogonRequest is the request data as sent to the logon endpoint
|
|
type LogonRequest struct {
|
|
State string `json:"state"`
|
|
|
|
Params []string `json:"params"`
|
|
Hello *HelloRequest `json:"hello"`
|
|
}
|
|
|
|
// A LogonResponse holds a response as sent by the logon endpoint.
|
|
type LogonResponse struct {
|
|
Success bool `json:"success"`
|
|
State string `json:"state"`
|
|
|
|
Hello *HelloResponse `json:"hello"`
|
|
}
|
|
|
|
// A HelloRequest is the request data as send to the hello endpoint.
|
|
type HelloRequest struct {
|
|
State string `json:"state"`
|
|
Flow string `json:"flow"`
|
|
RawScope string `json:"scope"`
|
|
RawPrompt string `json:"prompt"`
|
|
ClientID string `json:"client_id"`
|
|
RawRedirectURI string `json:"redirect_uri"`
|
|
RawIDTokenHint string `json:"id_token_hint"`
|
|
RawMaxAge string `json:"max_age"`
|
|
|
|
Scopes map[string]bool `json:"-"`
|
|
Prompts map[string]bool `json:"-"`
|
|
RedirectURI *url.URL `json:"-"`
|
|
IDTokenHint *jwt.Token `json:"-"`
|
|
MaxAge time.Duration `json:"-"`
|
|
|
|
//TODO(longsleep): Add support to pass request parameters as JWT as
|
|
// specified in http://openid.net/specs/openid-connect-core-1_0.html#JWTRequests
|
|
}
|
|
|
|
func (hr *HelloRequest) parse() error {
|
|
hr.Scopes = make(map[string]bool)
|
|
hr.Prompts = make(map[string]bool)
|
|
|
|
hr.RedirectURI, _ = url.Parse(hr.RawRedirectURI)
|
|
|
|
if hr.RawScope != "" {
|
|
for _, scope := range strings.Split(hr.RawScope, " ") {
|
|
hr.Scopes[scope] = true
|
|
}
|
|
}
|
|
if hr.RawPrompt != "" {
|
|
for _, prompt := range strings.Split(hr.RawPrompt, " ") {
|
|
hr.Prompts[prompt] = true
|
|
}
|
|
}
|
|
if hr.RawMaxAge != "" {
|
|
maxAgeInt, err := strconv.ParseInt(hr.RawMaxAge, 10, 64)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
hr.MaxAge = time.Duration(maxAgeInt) * time.Second
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// A HelloResponse holds a response as sent by the hello endpoint.
|
|
type HelloResponse struct {
|
|
State string `json:"state"`
|
|
Flow string `json:"flow"`
|
|
Success bool `json:"success"`
|
|
Username string `json:"username,omitempty"`
|
|
DisplayName string `json:"displayName,omitempty"`
|
|
|
|
Next string `json:"next,omitempty"`
|
|
ContinueURI string `json:"continue_uri,omitempty"`
|
|
Scopes map[string]bool `json:"scopes,omitempty"`
|
|
ClientDetails *clients.Details `json:"client,omitempty"`
|
|
Meta *meta.Meta `json:"meta,omitempty"`
|
|
Branding *meta.Branding `json:"branding,omitempty"`
|
|
}
|
|
|
|
// A StateRequest is a general request with a state.
|
|
type StateRequest struct {
|
|
State string
|
|
}
|
|
|
|
// A StateResponse hilds a response as reply to a StateRequest.
|
|
type StateResponse struct {
|
|
Success bool `json:"success"`
|
|
State string `json:"state"`
|
|
}
|
|
|
|
// StateData contains data bound to a state.
|
|
type StateData struct {
|
|
State string `json:"state"`
|
|
Mode string `json:"mode,omitempty"`
|
|
|
|
RawQuery string `json:"raw_query,omitempty"`
|
|
|
|
ClientID string `json:"client_id"`
|
|
Ref string `json:"ref,omitempty"`
|
|
|
|
Extra map[string]interface{} `json:"extra,omitempty"`
|
|
|
|
Trampolin *TrampolinData `json:"trampolin,omitempty"`
|
|
}
|
|
|
|
type TrampolinData struct {
|
|
URI string `json:"uri"`
|
|
Scope string `json:"scope"`
|
|
}
|
|
|
|
// A ConsentRequest is the request data as sent to the consent endpoint.
|
|
type ConsentRequest struct {
|
|
State string `json:"state"`
|
|
Allow bool `json:"allow"`
|
|
RawScope string `json:"scope"`
|
|
ClientID string `json:"client_id"`
|
|
RawRedirectURI string `json:"redirect_uri"`
|
|
Ref string `json:"ref"`
|
|
Nonce string `json:"flow_nonce"`
|
|
}
|
|
|
|
// Consent is the data received and sent to allow or cancel consent flows.
|
|
type Consent struct {
|
|
Allow bool `json:"allow"`
|
|
RawScope string `json:"scope"`
|
|
}
|
|
|
|
// Scopes returns the associated consents approved scopes filtered by the
|
|
//provided requested scopes and the full unfiltered approved scopes table.
|
|
func (c *Consent) Scopes(requestedScopes map[string]bool) (map[string]bool, map[string]bool) {
|
|
scopes := make(map[string]bool)
|
|
if c.RawScope != "" {
|
|
for _, scope := range strings.Split(c.RawScope, " ") {
|
|
scopes[scope] = true
|
|
}
|
|
}
|
|
|
|
approved := make(map[string]bool)
|
|
for n, v := range requestedScopes {
|
|
if ok, _ := scopes[n]; ok && v {
|
|
approved[n] = true
|
|
}
|
|
}
|
|
|
|
return approved, scopes
|
|
}
|