yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #11694 from JimMoen/fix-saml-callback 

fix: saml callback should check saml state
This commit is contained in:
JimMoen 2023-09-27 21:28:28 +08:00 committed by GitHub
parent 1f8985d09e c9194cd6b2
commit 2a39b6b8da
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_dashboard_sso/rebar.config
View File

@ -4,5 +4,5 @@
{deps, [ {deps, [
{emqx_ldap, {path, "../../apps/emqx_ldap"}}, {emqx_ldap, {path, "../../apps/emqx_ldap"}},
{emqx_dashboard, {path, "../../apps/emqx_dashboard"}}, {emqx_dashboard, {path, "../../apps/emqx_dashboard"}},
{esaml, {git, "https://github.com/emqx/esaml", {tag, "v1.1.1"}}} {esaml, {git, "https://github.com/emqx/esaml", {tag, "v1.1.2"}}}
]}. ]}.

2
apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl
View File

@ -100,6 +100,8 @@ desc(_) ->
%% APIs %% APIs
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
create(#{enable := false} = _Config) ->
{ok, undefined};
create(#{sp_sign_request := true} = Config) -> create(#{sp_sign_request := true} = Config) ->
try try
do_create(ensure_cert_and_key(Config)) do_create(ensure_cert_and_key(Config))

16
apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl
View File

@ -82,19 +82,17 @@ schema("/sso/saml/metadata") ->
sp_saml_metadata(get, _Req) -> sp_saml_metadata(get, _Req) ->
case emqx_dashboard_sso_manager:lookup_state(saml) of case emqx_dashboard_sso_manager:lookup_state(saml) of
undefined -> #{enable := true, sp := SP} = _State ->
{404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}};
#{sp := SP} = _State ->
SignedXml = esaml_sp:generate_metadata(SP), SignedXml = esaml_sp:generate_metadata(SP),
Metadata = xmerl:export([SignedXml], xmerl_xml), Metadata = xmerl:export([SignedXml], xmerl_xml),
{200, #{<<"Content-Type">> => <<"text/xml">>}, erlang:iolist_to_binary(Metadata)} {200, #{<<"Content-Type">> => <<"text/xml">>}, erlang:iolist_to_binary(Metadata)};
_ ->
{404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}}
end. end.
sp_saml_callback(post, Req) -> sp_saml_callback(post, Req) ->
case emqx_dashboard_sso_manager:lookup_state(saml) of case emqx_dashboard_sso_manager:lookup_state(saml) of
undefined -> State = #{enable := true} ->
{404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}};
State ->
case (provider(saml)):callback(Req, State) of case (provider(saml)):callback(Req, State) of
{redirect, Redirect} -> {redirect, Redirect} ->
Redirect; Redirect;
@ -105,7 +103,9 @@ sp_saml_callback(post, Req) ->
reason => Reason reason => Reason
}), }),
{403, #{code => <<"UNAUTHORIZED">>, message => Reason}} {403, #{code => <<"UNAUTHORIZED">>, message => Reason}}
end end;
_ ->
{404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}}
end. end.
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------