refactor: behavior login/2 use all http request

2023-09-22 16:43:12 +08:00 · 2023-09-22 16:43:12 +08:00 · a318ad486a
parent 9181ec844f
commit a318ad486a
5 changed files with 22 additions and 20 deletions
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso.erl
@ -39,7 +39,9 @@
    {ok, NewState :: state()} | {error, Reason :: term()}.
 -callback destroy(State :: state()) -> ok.
 -callback login(request(), State :: state()) ->
-    {ok, dashboard_user_role(), Token :: binary()} | {redirect, fun()} | {error, Reason :: term()}.
+    {ok, dashboard_user_role(), Token :: binary()}
+    | {redirect, tuple()}
+    | {error, Reason :: term()}.

 %%------------------------------------------------------------------------------
 %% Callback Interface
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
@ -151,23 +151,22 @@ running(get, _Request) ->
            maps:values(SSO)
        )}.

-login(post, #{bindings := #{backend := Backend}, body := Sign, headers := Headers}) ->
+login(post, #{bindings := #{backend := Backend}} = Request) ->
    case emqx_dashboard_sso_manager:lookup_state(Backend) of
        undefined ->
            {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}};
        State ->
-            Provider = provider(Backend),
-            case emqx_dashboard_sso:login(Provider, Sign, State) of
+            case emqx_dashboard_sso:login(provider(Backend), Request, State) of
                {ok, Role, Token} ->
-                    ?SLOG(info, #{msg => "dashboard_sso_login_successful", request => Sign}),
+                    ?SLOG(info, #{msg => "dashboard_sso_login_successful", request => Request}),
                    {200, login_reply(Role, Token)};
-                {redirect, RedirectFun} ->
-                    ?SLOG(info, #{msg => "dashboard_sso_login_redirect", request => Sign}),
-                    RedirectFun(Headers);
+                {redirect, Redirect} ->
+                    ?SLOG(info, #{msg => "dashboard_sso_login_redirect", request => Request}),
+                    Redirect;
                {error, Reason} ->
                    ?SLOG(info, #{
                        msg => "dashboard_sso_login_failed",
-                        request => Sign,
+                        request => Request,
                        reason => Reason
                    }),
                    {401, #{code => ?BAD_USERNAME_OR_PWD, message => <<"Auth failed">>}}
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl
@ -121,7 +121,7 @@ adjust_ldap_field(Any) ->
    Any.

 login(
-    #{<<"username">> := Username} = Req,
+    #{body := #{<<"username">> := Username} = Sign} = _Req,
    #{
        query_timeout := Timeout,
        resource_id := ResourceId
@ -130,7 +130,7 @@ login(
    case
        emqx_resource:simple_sync_query(
            ResourceId,
-            {query, Req, [], Timeout}
+            {query, Sign, [], Timeout}
        )
    of
        {ok, []} ->
@ -139,7 +139,7 @@ login(
            case
                emqx_resource:simple_sync_query(
                    ResourceId,
-                    {bind, Req}
+                    {bind, Sign}
                )
            of
                ok ->
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl
@ -134,12 +134,14 @@ update(_Config0, State) ->
 destroy(_State) ->
    ok.

-login(_Req, #{sp := SP, idp_meta := #esaml_idp_metadata{login_location = IDP}} = _State) ->
+login(
+    #{headers := Headers} = _Req,
+    #{sp := SP, idp_meta := #esaml_idp_metadata{login_location = IDP}} = _State
+) ->
    SignedXml = esaml_sp:generate_authn_request(IDP, SP),
    Target = esaml_binding:encode_http_redirect(IDP, SignedXml, <<>>),
-    %% TODO: _Req acutally is HTTP request body, not fully request
-    RedirectFun = fun(Headers) ->
-        RespHeaders = #{<<"Cache-Control">> => <<"no-cache">>, <<"Pragma">> => <<"no-cache">>},
+    RespHeaders = #{<<"Cache-Control">> => <<"no-cache">>, <<"Pragma">> => <<"no-cache">>},
+    Redirect =
        case is_msie(Headers) of
            true ->
                Html = esaml_binding:encode_http_post(IDP, SignedXml, <<>>),
@ -147,9 +149,8 @@ login(_Req, #{sp := SP, idp_meta := #esaml_idp_metadata{login_location = IDP}} =
            false ->
                RespHeaders1 = RespHeaders#{<<"Location">> => Target},
                {302, RespHeaders1, <<"Redirecting...">>}
-        end
-    end,
-    {redirect, RedirectFun}.
+        end,
+    {redirect, Redirect}.

 callback(_Req = #{body := Body}, #{sp := SP} = _State) ->
    case do_validate_assertion(SP, fun esaml_util:check_dupe_ets/2, Body) of
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl
@ -87,7 +87,7 @@ sp_saml_metadata(get, _Req) ->
        #{sp := SP} = _State ->
            SignedXml = esaml_sp:generate_metadata(SP),
            Metadata = xmerl:export([SignedXml], xmerl_xml),
-            {200, [{<<"Content-Type">>, <<"text/xml">>}], Metadata}
+            {200, #{<<"Content-Type">> => <<"text/xml">>}, Metadata}
    end.

 sp_saml_callback(post, Req) ->