|
|
|
@ -19,6 +19,7 @@ package handlers
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"context"
|
|
|
|
|
"crypto/x509"
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
|
|
|
@ -45,6 +46,12 @@ const (
|
|
|
|
|
// ClientCertificateToken acrType = "cert+token"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type contextKey int
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
ctxKeyMessage contextKey = iota
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type templateName string
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
@ -138,6 +145,11 @@ func (h *LoginHandler) handleGet(
|
|
|
|
|
h.renderRequestForClientCert(w, r, certEmails, localizer, loginRequest)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type FlashMessage struct {
|
|
|
|
|
Type string
|
|
|
|
|
Message string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (h *LoginHandler) handlePost(
|
|
|
|
|
w http.ResponseWriter,
|
|
|
|
|
r *http.Request,
|
|
|
|
@ -151,11 +163,25 @@ func (h *LoginHandler) handlePost(
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if r.FormValue("email") == "" {
|
|
|
|
|
h.handleGet(w, r.WithContext(context.WithValue(
|
|
|
|
|
r.Context(),
|
|
|
|
|
ctxKeyMessage,
|
|
|
|
|
FlashMessage{
|
|
|
|
|
Type: "warning",
|
|
|
|
|
Message: h.messageCatalog.LookupMessage("NoEmailAddressSelected", nil, localizer),
|
|
|
|
|
},
|
|
|
|
|
)), challenge, certEmails, localizer)
|
|
|
|
|
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// perform certificate auth
|
|
|
|
|
h.logger.WithField("emails", certEmails).Info("will perform certificate authentication")
|
|
|
|
|
|
|
|
|
|
userID, err := h.performCertificateLogin(certEmails, r)
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.logger.WithError(err).Error("could not perform certificate login")
|
|
|
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
|
|
|
|
|
|
|
|
return
|
|
|
|
@ -288,6 +314,7 @@ func (h *LoginHandler) renderRequestForClientCert(
|
|
|
|
|
"RequestText": msg("CertLoginRequestText", nil, localizer),
|
|
|
|
|
"AcceptLabel": msg("LabelAcceptCertLogin", nil, localizer),
|
|
|
|
|
"RejectLabel": msg("LabelRejectCertLogin", nil, localizer),
|
|
|
|
|
"FlashMessage": r.Context().Value(ctxKeyMessage),
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.logger.WithError(err).Error("template rendering failed")
|
|
|
|
|