mirror of
https://github.com/davidallendj/opaal.git
synced 2025-12-19 19:17:01 -07:00
132 lines
4.8 KiB
Go
132 lines
4.8 KiB
Go
package cmd
|
|
|
|
import (
|
|
opaal "davidallendj/opaal/internal"
|
|
cache "davidallendj/opaal/internal/cache/sqlite"
|
|
"davidallendj/opaal/internal/oauth"
|
|
"davidallendj/opaal/internal/oidc"
|
|
"fmt"
|
|
"os"
|
|
"slices"
|
|
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
var (
|
|
client oauth.Client
|
|
scope []string
|
|
target string = ""
|
|
targetIndex int = -1
|
|
)
|
|
|
|
var loginCmd = &cobra.Command{
|
|
Use: "login",
|
|
Short: "Start the login flow",
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
for {
|
|
// try and find client with valid identity provider config
|
|
var provider *oidc.IdentityProvider
|
|
if target != "" {
|
|
// only try to use client with name give
|
|
index := slices.IndexFunc(config.Authentication.Clients, func(c oauth.Client) bool {
|
|
return target == c.Name
|
|
})
|
|
if index < 0 {
|
|
fmt.Printf("could not find the target client listed by name")
|
|
os.Exit(1)
|
|
}
|
|
client := config.Authentication.Clients[index]
|
|
_, err := cache.GetIdentityProvider(config.Options.CachePath, client.Issuer)
|
|
if err != nil {
|
|
|
|
}
|
|
|
|
} else if targetIndex >= 0 {
|
|
// only try to use client by index
|
|
targetCount := len(config.Authentication.Clients) - 1
|
|
if targetIndex > targetCount {
|
|
fmt.Printf("target index out of range (found %d)", targetCount)
|
|
}
|
|
client := config.Authentication.Clients[targetIndex]
|
|
_, err := cache.GetIdentityProvider(config.Options.CachePath, client.Issuer)
|
|
if err != nil {
|
|
|
|
}
|
|
} else {
|
|
for _, c := range config.Authentication.Clients {
|
|
// try to get identity provider info locally first
|
|
_, err := cache.GetIdentityProvider(config.Options.CachePath, c.Issuer)
|
|
if err != nil && !config.Options.CacheOnly {
|
|
fmt.Printf("fetching config from issuer: %v\n", c.Issuer)
|
|
// try to get info remotely by fetching
|
|
provider, err = oidc.FetchServerConfig(c.Issuer)
|
|
if err != nil {
|
|
fmt.Printf("failed to fetch server config: %v\n", err)
|
|
continue
|
|
}
|
|
client = c
|
|
// fetch the provider's JWKS
|
|
err := provider.FetchJwks()
|
|
if err != nil {
|
|
fmt.Printf("failed to fetch JWKS: %v\n", err)
|
|
}
|
|
break
|
|
}
|
|
// only test the first if --run-all flag is not set
|
|
if !config.Authentication.TestAllClients {
|
|
fmt.Printf("stopping after first test...\n\n\n")
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
if provider == nil {
|
|
fmt.Printf("failed to retrieve provider config\n")
|
|
os.Exit(1)
|
|
}
|
|
|
|
// use clients to make SSO buttons that
|
|
for _, client := range config.Authentication.Clients {
|
|
MakeButton()
|
|
}
|
|
|
|
// start the listener
|
|
err := opaal.Login(&config, &client, provider)
|
|
if err != nil {
|
|
fmt.Printf("%v\n", err)
|
|
os.Exit(1)
|
|
} else if config.Options.RunOnce {
|
|
break
|
|
}
|
|
}
|
|
},
|
|
}
|
|
|
|
func init() {
|
|
loginCmd.Flags().StringVar(&client.Id, "client.id", client.Id, "set the client ID")
|
|
loginCmd.Flags().StringVar(&client.Secret, "client.secret", client.Secret, "set the client secret")
|
|
loginCmd.Flags().StringSliceVar(&client.RedirectUris, "client.redirect-uris", client.RedirectUris, "set the redirect URI")
|
|
loginCmd.Flags().StringSliceVar(&client.Scope, "client.scope", client.Scope, "set the identity provider scopes")
|
|
loginCmd.Flags().StringSliceVar(&config.Authorization.Token.Scope, "token.scope", scope, "set the access token scope")
|
|
loginCmd.Flags().StringVar(&config.Server.Host, "server.host", config.Server.Host, "set the listening host")
|
|
loginCmd.Flags().IntVar(&config.Server.Port, "server.port", config.Server.Port, "set the listening port")
|
|
loginCmd.Flags().BoolVar(&config.Options.OpenBrowser, "open-browser", config.Options.OpenBrowser, "automatically open link in browser")
|
|
loginCmd.Flags().BoolVar(&config.Options.RunOnce, "once", config.Options.RunOnce, "set whether to run login once and exit")
|
|
loginCmd.Flags().StringVar(&config.Options.FlowType, "flow", config.Options.FlowType, "set the grant-type/authorization flow")
|
|
loginCmd.Flags().BoolVar(&config.Options.CacheOnly, "cache-only", config.Options.CacheOnly, "only fetch identity provider configs stored locally")
|
|
loginCmd.Flags().BoolVar(&config.Authentication.TestAllClients, "test-all", config.Authentication.TestAllClients, "test all clients in config for a valid provider")
|
|
loginCmd.Flags().StringVar(&target, "target.name", "", "set target client to use from config by name")
|
|
loginCmd.Flags().IntVar(&targetIndex, "target.index", -1, "set target client to use from config by index")
|
|
loginCmd.MarkFlagsMutuallyExclusive("target.name", "target.index")
|
|
rootCmd.AddCommand(loginCmd)
|
|
}
|
|
|
|
func MakeButton(url string, text string) string {
|
|
// check if we have http:// a
|
|
html := "<input type=\"button\" "
|
|
html += "class=\"button\" "
|
|
html += fmt.Sprintf("onclick=\"window.location.href='%s';\" ", url)
|
|
html += fmt.Sprintf("value=\"%s\"", text)
|
|
return html
|
|
// return "<a href=\"" + url + "\"> " + text + "</a>"
|
|
}
|