From a318ad486a368fba6d26e1222a05df2226155d1e Mon Sep 17 00:00:00 2001 From: JimMoen Date: Fri, 22 Sep 2023 16:43:12 +0800 Subject: [PATCH] refactor: behavior login/2 use all http request --- .../emqx_dashboard_sso/src/emqx_dashboard_sso.erl | 4 +++- .../src/emqx_dashboard_sso_api.erl | 15 +++++++-------- .../src/emqx_dashboard_sso_ldap.erl | 6 +++--- .../src/emqx_dashboard_sso_saml.erl | 15 ++++++++------- .../src/emqx_dashboard_sso_saml_api.erl | 2 +- 5 files changed, 22 insertions(+), 20 deletions(-) diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso.erl index a47f01199..5abfa3d33 100644 --- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso.erl +++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso.erl @@ -39,7 +39,9 @@ {ok, NewState :: state()} | {error, Reason :: term()}. -callback destroy(State :: state()) -> ok. -callback login(request(), State :: state()) -> - {ok, dashboard_user_role(), Token :: binary()} | {redirect, fun()} | {error, Reason :: term()}. + {ok, dashboard_user_role(), Token :: binary()} + | {redirect, tuple()} + | {error, Reason :: term()}. %%------------------------------------------------------------------------------ %% Callback Interface diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl index f2cd02ecb..6674db3a8 100644 --- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl +++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl @@ -151,23 +151,22 @@ running(get, _Request) -> maps:values(SSO) )}. -login(post, #{bindings := #{backend := Backend}, body := Sign, headers := Headers}) -> +login(post, #{bindings := #{backend := Backend}} = Request) -> case emqx_dashboard_sso_manager:lookup_state(Backend) of undefined -> {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}}; State -> - Provider = provider(Backend), - case emqx_dashboard_sso:login(Provider, Sign, State) of + case emqx_dashboard_sso:login(provider(Backend), Request, State) of {ok, Role, Token} -> - ?SLOG(info, #{msg => "dashboard_sso_login_successful", request => Sign}), + ?SLOG(info, #{msg => "dashboard_sso_login_successful", request => Request}), {200, login_reply(Role, Token)}; - {redirect, RedirectFun} -> - ?SLOG(info, #{msg => "dashboard_sso_login_redirect", request => Sign}), - RedirectFun(Headers); + {redirect, Redirect} -> + ?SLOG(info, #{msg => "dashboard_sso_login_redirect", request => Request}), + Redirect; {error, Reason} -> ?SLOG(info, #{ msg => "dashboard_sso_login_failed", - request => Sign, + request => Request, reason => Reason }), {401, #{code => ?BAD_USERNAME_OR_PWD, message => <<"Auth failed">>}} diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl index d6acbb164..bea8ef7c6 100644 --- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl +++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl @@ -121,7 +121,7 @@ adjust_ldap_field(Any) -> Any. login( - #{<<"username">> := Username} = Req, + #{body := #{<<"username">> := Username} = Sign} = _Req, #{ query_timeout := Timeout, resource_id := ResourceId @@ -130,7 +130,7 @@ login( case emqx_resource:simple_sync_query( ResourceId, - {query, Req, [], Timeout} + {query, Sign, [], Timeout} ) of {ok, []} -> @@ -139,7 +139,7 @@ login( case emqx_resource:simple_sync_query( ResourceId, - {bind, Req} + {bind, Sign} ) of ok -> diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl index 9f2b5cc48..455fc5686 100644 --- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl +++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl @@ -134,12 +134,14 @@ update(_Config0, State) -> destroy(_State) -> ok. -login(_Req, #{sp := SP, idp_meta := #esaml_idp_metadata{login_location = IDP}} = _State) -> +login( + #{headers := Headers} = _Req, + #{sp := SP, idp_meta := #esaml_idp_metadata{login_location = IDP}} = _State +) -> SignedXml = esaml_sp:generate_authn_request(IDP, SP), Target = esaml_binding:encode_http_redirect(IDP, SignedXml, <<>>), - %% TODO: _Req acutally is HTTP request body, not fully request - RedirectFun = fun(Headers) -> - RespHeaders = #{<<"Cache-Control">> => <<"no-cache">>, <<"Pragma">> => <<"no-cache">>}, + RespHeaders = #{<<"Cache-Control">> => <<"no-cache">>, <<"Pragma">> => <<"no-cache">>}, + Redirect = case is_msie(Headers) of true -> Html = esaml_binding:encode_http_post(IDP, SignedXml, <<>>), @@ -147,9 +149,8 @@ login(_Req, #{sp := SP, idp_meta := #esaml_idp_metadata{login_location = IDP}} = false -> RespHeaders1 = RespHeaders#{<<"Location">> => Target}, {302, RespHeaders1, <<"Redirecting...">>} - end - end, - {redirect, RedirectFun}. + end, + {redirect, Redirect}. callback(_Req = #{body := Body}, #{sp := SP} = _State) -> case do_validate_assertion(SP, fun esaml_util:check_dupe_ets/2, Body) of diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl index 492012153..0163ab9a8 100644 --- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl +++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl @@ -87,7 +87,7 @@ sp_saml_metadata(get, _Req) -> #{sp := SP} = _State -> SignedXml = esaml_sp:generate_metadata(SP), Metadata = xmerl:export([SignedXml], xmerl_xml), - {200, [{<<"Content-Type">>, <<"text/xml">>}], Metadata} + {200, #{<<"Content-Type">> => <<"text/xml">>}, Metadata} end. sp_saml_callback(post, Req) ->