mirror of
https://github.com/fatedier/frp.git
synced 2025-06-16 08:08:20 +00:00
d0829760c6
Validate the subject in an oidc ping against a list of logged in subjects. This resolves the issue that multiple connected FRP clients with different OIDC clients result in a failing ping. The ping would fail because the subject in memory would be the value of the last logged in FRPC. This change also changes the constructor of OidcAuthVerifier to take a TokenVerifier interface. This will not change production behavior, but makes testing easier because we can inject a mock verifier during testing. Resolves: #4466
58 lines
1.6 KiB
Go
58 lines
1.6 KiB
Go
// Copyright 2020 guylewin, guy@lewin.co.il
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package auth
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
v1 "github.com/fatedier/frp/pkg/config/v1"
|
|
"github.com/fatedier/frp/pkg/msg"
|
|
)
|
|
|
|
type Setter interface {
|
|
SetLogin(*msg.Login) error
|
|
SetPing(*msg.Ping) error
|
|
SetNewWorkConn(*msg.NewWorkConn) error
|
|
}
|
|
|
|
func NewAuthSetter(cfg v1.AuthClientConfig) (authProvider Setter) {
|
|
switch cfg.Method {
|
|
case v1.AuthMethodToken:
|
|
authProvider = NewTokenAuth(cfg.AdditionalScopes, cfg.Token)
|
|
case v1.AuthMethodOIDC:
|
|
authProvider = NewOidcAuthSetter(cfg.AdditionalScopes, cfg.OIDC)
|
|
default:
|
|
panic(fmt.Sprintf("wrong method: '%s'", cfg.Method))
|
|
}
|
|
return authProvider
|
|
}
|
|
|
|
type Verifier interface {
|
|
VerifyLogin(*msg.Login) error
|
|
VerifyPing(*msg.Ping) error
|
|
VerifyNewWorkConn(*msg.NewWorkConn) error
|
|
}
|
|
|
|
func NewAuthVerifier(cfg v1.AuthServerConfig) (authVerifier Verifier) {
|
|
switch cfg.Method {
|
|
case v1.AuthMethodToken:
|
|
authVerifier = NewTokenAuth(cfg.AdditionalScopes, cfg.Token)
|
|
case v1.AuthMethodOIDC:
|
|
tokenVerifier := NewTokenVerifier(cfg.OIDC)
|
|
authVerifier = NewOidcAuthVerifier(cfg.AdditionalScopes, tokenVerifier)
|
|
}
|
|
return authVerifier
|
|
}
|