auth

infrastructure/auth_connector/auth_connector.go

@@ -3,6 +3,7 @@ package auth_connectors
 import (
 	"net/http"
 	"oc-auth/conf"
+	"strings"
 
 	"cloud.o-forge.io/core/oc-lib/tools"
 )
@@ -37,5 +38,10 @@ var a = map[string]AuthConnector{
 }
 
 func GetAuthConnector() AuthConnector {
-	return a[conf.GetConfig().Auth]
+	for k := range a {
+		if strings.Contains(conf.GetConfig().Auth, k) {
+			return a[k]
+		}
+	}
+	return nil
 }

infrastructure/auth_connector/hydra_connector.go

@@ -32,6 +32,9 @@ func (a HydraConnector) Status() tools.State {
 	caller := tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{})
 	var responseBody map[string]interface{}
 	host := conf.GetConfig().AuthConnectorHost
+	if conf.GetConfig().Local {
+		host = "localhost"
+	}
 	port := fmt.Sprintf("%v", conf.GetConfig().AuthConnectorPort)
 	resp, err := caller.CallGet("http://"+host+":"+port, "/health/ready")
 	if err != nil {
@@ -68,6 +71,7 @@ func (a HydraConnector) challenge(username string, url string, challenge string,
 	resp, err := a.Caller.CallRaw(http.MethodPut,
 		a.getPath(true, true), "/auth/requests/"+challenge+"/accept?"+challenge+"_challenge="+s[1],
 		body, "application/json", true, cookies...) // "remember": true, "subject": username
+	fmt.Println(a.getPath(true, true), "/auth/requests/"+challenge+"/accept?"+challenge+"_challenge="+s[1], resp, err)
 	if err != nil {
 		return nil, s[1], cookies, err
 	}
@@ -138,11 +142,11 @@ func (a HydraConnector) getClient(clientID string) string {
 }
 
 func (a HydraConnector) Login(clientID string, username string, cookies ...*http.Cookie) (t *Token, err error) {
-	fmt.Println("login", clientID, username)
 	clientID = a.getClient(clientID)
 	redirect, _, cookies, err := a.tryLog(username, a.getPath(false, true),
 		"/auth?client_id="+clientID+"&response_type="+strings.ReplaceAll(a.ResponseType, " ", "%20")+"&scope="+strings.ReplaceAll(a.Scopes, " ", "%20")+"&state="+a.State,
 		"login", cookies...)
+	fmt.Println("login", clientID, username, a.getPath(false, true), redirect, err)
 	if err != nil || redirect == nil {
 		return nil, err
 	}
@@ -190,7 +194,6 @@ func (a HydraConnector) Login(clientID string, username string, cookies ...*http
 	unix := now.Unix()
 
 	c := claims.GetClaims().AddClaimsToToken(clientID, username, pp.Data[0].(*peer.Peer))
-	fmt.Println("claims", c.Session.AccessToken)
 	c.Session.AccessToken["exp"] = unix
 
 	b, _ = json.Marshal(c)
@@ -250,6 +253,9 @@ func (a HydraConnector) Introspect(token string, cookie ...*http.Cookie) (bool,
 
 func (a HydraConnector) getPath(isAdmin bool, isOauth bool) string {
 	host := conf.GetConfig().AuthConnectorHost
+	if conf.GetConfig().Local {
+		host = "localhost"
+	}
 	port := fmt.Sprintf("%v", conf.GetConfig().AuthConnectorPort)
 	if isAdmin {
 		port = fmt.Sprintf("%v", conf.GetConfig().AuthConnectorAdminPort) + "/admin"

infrastructure/auth_connector/ldap.go

@@ -228,7 +228,7 @@ func (cli *Client) FindOIDCClaims(ctx context.Context, username string) ([]LDAPC
 		// It's sufficient to compare the DN's suffix with the base DN.
 		n, k := len(roleDN), len(cli.RoleBaseDN)
 		if n < k || !strings.EqualFold(roleDN[n-k:], cli.RoleBaseDN) {
-			panic("You should never see that")
+			return nil, errors.New("You should never see that")
 		}
 		// The DN without the role's base DN must contain a CN and OU
 		// where the CN is for uniqueness only, and the OU is an application id.
@@ -322,7 +322,7 @@ func (cli *Client) findRoles(cn conn, attrs ...string) (map[string]LDAPRoles, er
 		// It's sufficient to compare the DN's suffix with the base DN.
 		n, k := len(roleDN), len(cli.RoleBaseDN)
 		if n < k || !strings.EqualFold(roleDN[n-k:], cli.RoleBaseDN) {
-			panic("You should never see that")
+			return nil, errors.New("You should never see that")
 		}
 		// The DN without the role's base DN must contain a CN and OU
 		// where the CN is for uniqueness only, and the OU is an application id.