diff options
| author | Clement Michaud <clement.michaud34@gmail.com> | 2019-11-17 11:47:07 +0100 |
|---|---|---|
| committer | Clément Michaud <clement.michaud34@gmail.com> | 2019-11-17 16:30:33 +0100 |
| commit | 3b2d733367c88621e4178301f2bcb4bc03613eee (patch) | |
| tree | 41ac41fc5b6cece04db85a08bfa7c32a022f7354 /internal/handlers/handler_sign_duo.go | |
| parent | a06b69dd458e756f1a3d6867eb5b9f54560e2ee1 (diff) | |
Move source code into internal directory to follow standard project layout.
https://github.com/golang-standards/project-layout
Diffstat (limited to 'internal/handlers/handler_sign_duo.go')
| -rw-r--r-- | internal/handlers/handler_sign_duo.go | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/internal/handlers/handler_sign_duo.go b/internal/handlers/handler_sign_duo.go new file mode 100644 index 000000000..eee49df4f --- /dev/null +++ b/internal/handlers/handler_sign_duo.go @@ -0,0 +1,71 @@ +package handlers + +import ( + "fmt" + "net/url" + + "github.com/clems4ever/authelia/internal/authentication" + "github.com/clems4ever/authelia/internal/duo" + "github.com/clems4ever/authelia/internal/middlewares" +) + +// SecondFactorDuoPost handler for sending a push notification via duo api. +func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler { + return func(ctx *middlewares.AutheliaCtx) { + var requestBody signDuoRequestBody + err := ctx.ParseBody(&requestBody) + + if err != nil { + ctx.Error(err, mfaValidationFailedMessage) + return + } + + userSession := ctx.GetSession() + + values := url.Values{} + // { username, ipaddr: clientIP, factor: "push", device: "auto", pushinfo: `target%20url=${targetURL}`} + values.Set("username", userSession.Username) + values.Set("ipaddr", ctx.RemoteIP().String()) + values.Set("factor", "push") + values.Set("device", "auto") + if requestBody.TargetURL != "" { + values.Set("pushinfo", fmt.Sprintf("target%%20url=%s", requestBody.TargetURL)) + } + + duoResponse, err := duoAPI.Call(values) + if err != nil { + ctx.Error(fmt.Errorf("Duo API errored: %s", err), mfaValidationFailedMessage) + return + } + + if duoResponse.Response.Result != "allow" { + ctx.ReplyUnauthorized() + return + } + + userSession.AuthenticationLevel = authentication.TwoFactor + err = ctx.SaveSession(userSession) + + if err != nil { + ctx.Error(fmt.Errorf("Unable to update authentication level with Duo: %s", err), mfaValidationFailedMessage) + return + } + + if requestBody.TargetURL != "" { + targetURL, err := url.ParseRequestURI(requestBody.TargetURL) + + if err != nil { + ctx.Error(fmt.Errorf("Unable to parse target URL: %s", err), mfaValidationFailedMessage) + return + } + + if targetURL != nil && isRedirectionSafe(*targetURL, ctx.Configuration.Session.Domain) { + ctx.SetJSONBody(redirectResponse{Redirect: requestBody.TargetURL}) + } else { + ctx.ReplyOK() + } + } else { + ctx.ReplyOK() + } + } +} |