diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2022-06-14 15:17:11 +1000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-14 15:17:11 +1000 |
| commit | 607bbcc324e0d0410d0b25fd40358f0d2bd2e9b1 (patch) | |
| tree | f34ec58e06ca383dde6d4b2db2c7d08d8ec1b754 /internal/handlers/handler_oidc_authorization_consent.go | |
| parent | e786eec8b04f0a65132d1621248d94d1c89395c2 (diff) | |
fix(handler): oidc two factor handling (#3512)
Diffstat (limited to 'internal/handlers/handler_oidc_authorization_consent.go')
| -rw-r--r-- | internal/handlers/handler_oidc_authorization_consent.go | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/internal/handlers/handler_oidc_authorization_consent.go b/internal/handlers/handler_oidc_authorization_consent.go index eb7579906..a4419d293 100644 --- a/internal/handlers/handler_oidc_authorization_consent.go +++ b/internal/handlers/handler_oidc_authorization_consent.go @@ -8,6 +8,8 @@ import ( "github.com/google/uuid" "github.com/ory/fosite" + "github.com/authelia/authelia/v4/internal/authentication" + "github.com/authelia/authelia/v4/internal/authorization" "github.com/authelia/authelia/v4/internal/middlewares" "github.com/authelia/authelia/v4/internal/model" "github.com/authelia/authelia/v4/internal/oidc" @@ -105,7 +107,7 @@ func handleOIDCAuthorizationConsentWithChallengeID(ctx *middlewares.AutheliaCtx, return consent, false } - handleOIDCAuthorizationConsentRedirect(rootURI, client, userSession, rw, r) + handleOIDCAuthorizationConsentRedirect(ctx, rootURI, client, userSession, rw, r, requester) return consent, true } @@ -169,16 +171,23 @@ func handleOIDCAuthorizationConsentGenerate(ctx *middlewares.AutheliaCtx, rootUR return nil, true } - handleOIDCAuthorizationConsentRedirect(rootURI, client, userSession, rw, r) + handleOIDCAuthorizationConsentRedirect(ctx, rootURI, client, userSession, rw, r, requester) return consent, true } -func handleOIDCAuthorizationConsentRedirect(destination string, client *oidc.Client, userSession session.UserSession, rw http.ResponseWriter, r *http.Request) { +func handleOIDCAuthorizationConsentRedirect(ctx *middlewares.AutheliaCtx, destination string, client *oidc.Client, + userSession session.UserSession, rw http.ResponseWriter, r *http.Request, requester fosite.AuthorizeRequester) { if client.IsAuthenticationLevelSufficient(userSession.AuthenticationLevel) { + ctx.Logger.Debugf("Authorization Request with id '%s' on client with id '%s' authentication level '%s' is sufficient for client level '%s'", requester.GetID(), client.GetID(), authentication.LevelToString(userSession.AuthenticationLevel), authorization.LevelToPolicy(client.Policy)) + destination = fmt.Sprintf("%s/consent", destination) + } else { + ctx.Logger.Debugf("Authorization Request with id '%s' on client with id '%s' authentication level '%s' is insufficient for client level '%s'", requester.GetID(), client.GetID(), authentication.LevelToString(userSession.AuthenticationLevel), authorization.LevelToPolicy(client.Policy)) } + ctx.Logger.Debugf("Authorization Request with id '%s' on client with id '%s' is being redirected to '%s'", requester.GetID(), client.GetID(), destination) + http.Redirect(rw, r, destination, http.StatusFound) } |