-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthenticator_oss.go
124 lines (101 loc) · 2.86 KB
/
authenticator_oss.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
package main
import (
"bytes"
"crypto"
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"net/http"
"net/url"
"github.com/prometheus/common/log"
)
type ossStrategy struct {
Target *url.URL
Verbose bool
client *http.Client
creds *authContext
hash crypto.Hash
}
func (o *ossStrategy) authenticate() (string, error) {
idToken, err := o.getIDToken()
if err != nil {
return "", err
}
body := fmt.Sprintf(`{"token":"%s"}`, idToken)
bodyLog := fmt.Sprintf(`{"token":"*****"}`)
if o.Verbose {
log.Infof("Authenticating: POST %s %s", o.creds.AuthEndpoint, bodyLog)
}
r, _ := http.NewRequest("POST", o.creds.AuthEndpoint, bytes.NewBufferString(body))
r.Header.Add("Content-Type", "application/json")
resp, err := o.client.Do(r)
checkError(err)
if o.Verbose {
log.Infof("Authentication result: %d", resp.StatusCode)
}
rbody := []byte{}
if resp.Body != nil {
rbodyString, err := ioutil.ReadAll(resp.Body)
checkError(err)
rbody = rbodyString
defer resp.Body.Close()
}
var token string
if resp.StatusCode == 200 {
data := make(map[string]interface{})
if err := json.Unmarshal(rbody, &data); err != nil {
return "", err
}
if _token, ok := data["token"]; ok {
token = _token.(string)
}
}
if len(token) == 0 {
log.Error(fmt.Sprintf("POST %s : %d\n%s",
o.creds.AuthEndpoint, resp.StatusCode, resp.Body))
return "", errors.New("Failed to obtain DC/OS AuthN token")
}
return token, nil
}
func (o *ossStrategy) getIDToken() (string, error) {
body := fmt.Sprintf(`{"grant_type":"password","scope":"openid email",
"client_id":"%s","client_secret":"%s","username":"%s","password":"%s"}`,
o.creds.OAuthClientID, o.creds.OAuthClientSecret, o.creds.UID, o.creds.Password)
bodyLog := fmt.Sprintf(`{"grant_type":"password","scope":"openid email",
"client_id":"%s","client_secret":"%s","username":"%s","password":"*****"}`,
o.creds.OAuthClientID, o.creds.OAuthClientSecret, o.creds.UID)
if o.Verbose {
log.Infof("Authenticating: POST %s %s", o.creds.TokenEndpoint, bodyLog)
}
r, _ := http.NewRequest("POST", o.creds.TokenEndpoint, bytes.NewBufferString(body))
r.Header.Add("Content-Type", "application/json")
resp, err := o.client.Do(r)
checkError(err)
if o.Verbose {
log.Infof("Authentication result: %d", resp.StatusCode)
}
rbody := []byte{}
if resp.Body != nil {
rbodyString, err := ioutil.ReadAll(resp.Body)
checkError(err)
rbody = rbodyString
defer resp.Body.Close()
}
var idToken string
if resp.StatusCode == 200 {
data := make(map[string]interface{})
if err := json.Unmarshal(rbody, &data); err != nil {
return "", err
}
if _idToken, ok := data["id_token"]; ok {
idToken = _idToken.(string)
}
}
if len(idToken) == 0 {
log.Error(fmt.Sprintf("POST %s : %d\n%s",
o.creds.TokenEndpoint, resp.StatusCode, resp.Body))
return "", errors.New("Failed to obtain OIDC id_token")
}
return idToken, nil
}