|
|
|
|
@ -127,6 +127,7 @@ func (h *LoginHandler) handleGet(
|
|
|
|
|
for _, email := range certEmails {
|
|
|
|
|
if *subject == email {
|
|
|
|
|
subjectInCert = true
|
|
|
|
|
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
@ -275,13 +276,20 @@ func (h *LoginHandler) rejectLogin(
|
|
|
|
|
w.WriteHeader(http.StatusFound)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (h *LoginHandler) rejectLoginMissingSubject(w http.ResponseWriter, r *http.Request, challenge string, localizer *i18n.Localizer, subject string) {
|
|
|
|
|
func (h *LoginHandler) rejectLoginMissingSubject(
|
|
|
|
|
w http.ResponseWriter, r *http.Request, challenge string, localizer *i18n.Localizer, subject string,
|
|
|
|
|
) {
|
|
|
|
|
rejectRequest := client.NewRejectOAuth2RequestWithDefaults()
|
|
|
|
|
rejectRequest.SetErrorDescription(h.trans.LookupMessage("LoginDeniedSubjectMissing", map[string]interface{}{"Subject": subject}, localizer))
|
|
|
|
|
rejectRequest.SetErrorDescription(h.trans.LookupMessage(
|
|
|
|
|
"LoginDeniedSubjectMissing", map[string]interface{}{"Subject": subject}, localizer),
|
|
|
|
|
)
|
|
|
|
|
rejectRequest.SetErrorHint(h.trans.LookupMessage("HintChooseDifferentClientCertificate", nil, localizer))
|
|
|
|
|
rejectRequest.SetStatusCode(http.StatusForbidden)
|
|
|
|
|
|
|
|
|
|
rejectLoginRequest, response, err := h.adminClient.RejectOAuth2LoginRequest(r.Context()).LoginChallenge(challenge).RejectOAuth2Request(*rejectRequest).Execute()
|
|
|
|
|
rejectLoginRequest, response, err := h.adminClient.RejectOAuth2LoginRequest(
|
|
|
|
|
r.Context()).LoginChallenge(challenge).RejectOAuth2Request(
|
|
|
|
|
*rejectRequest,
|
|
|
|
|
).Execute()
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.logger.Error("error sending reject login request", "error", err)
|
|
|
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
|
|
|
|
