summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
Diffstat (limited to 'internal')
-rw-r--r--internal/api/api.go7
-rw-r--r--internal/api/api_test.go4
-rw-r--r--internal/server/secureinternet.go26
3 files changed, 28 insertions, 9 deletions
diff --git a/internal/api/api.go b/internal/api/api.go
index 16f86af..6cba35c 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -44,7 +44,7 @@ type ServerData struct {
// BaseAuthWK is the base well-known endpoint for authorization. This is only different in case of secure internet
BaseAuthWK string
// ProcessAuth processes the OAuth authorization
- ProcessAuth func(string) string
+ ProcessAuth func(context.Context, string) (string, error)
// DisableAuthorize indicates whether or not new authorization requests should be disabled
DisableAuthorize bool
// Transport is the HTTP transport, only used for testing currently
@@ -134,7 +134,10 @@ func (a *API) authorize(ctx context.Context) (err error) {
return err
}
if a.Data.ProcessAuth != nil {
- url = a.Data.ProcessAuth(url)
+ url, err = a.Data.ProcessAuth(ctx, url)
+ if err != nil {
+ return err
+ }
}
// We expect an uri if custom redirect is non empty
uri, err := a.cb.TriggerAuth(ctx, url, a.oauth.CustomRedirect != "")
diff --git a/internal/api/api_test.go b/internal/api/api_test.go
index 5de1d7b..397dd3c 100644
--- a/internal/api/api_test.go
+++ b/internal/api/api_test.go
@@ -196,8 +196,8 @@ func createTestAPI(t *testing.T, tok *eduoauth.Token, gt []string, hps []test.Ha
Type: server.TypeCustom,
BaseWK: serv.URL,
BaseAuthWK: serv.URL,
- ProcessAuth: func(in string) string {
- return in
+ ProcessAuth: func(ctx context.Context, in string) (string, error) {
+ return in, nil
},
DisableAuthorize: false,
Transport: servc.Client.Transport,
diff --git a/internal/server/secureinternet.go b/internal/server/secureinternet.go
index 0571e5f..f167756 100644
--- a/internal/server/secureinternet.go
+++ b/internal/server/secureinternet.go
@@ -29,12 +29,19 @@ func (s *Servers) AddSecure(ctx context.Context, disco *discovery.Discovery, org
}
sd := api.ServerData{
- ID: orgID,
+ ID: dorg.OrgID,
Type: server.TypeSecureInternet,
BaseWK: dsrv.BaseURL,
BaseAuthWK: dsrv.BaseURL,
- ProcessAuth: func(url string) string {
- return util.ReplaceWAYF(dsrv.AuthenticationURLTemplate, url, dorg.OrgID)
+ ProcessAuth: func(ctx context.Context, url string) (string, error) {
+ disco.Servers(ctx)
+ disco.Organizations(ctx)
+ updorg, updsrv, err := disco.SecureHomeArgs(orgID)
+ if err != nil {
+ return "", err
+ }
+ ret := util.ReplaceWAYF(updsrv.AuthenticationURLTemplate, url, updorg.OrgID)
+ return ret, nil
},
}
@@ -96,8 +103,17 @@ func (s *Servers) GetSecure(ctx context.Context, orgID string, disco *discovery.
Type: server.TypeSecureInternet,
BaseWK: dloc.BaseURL,
BaseAuthWK: dhome.BaseURL,
- ProcessAuth: func(url string) string {
- return util.ReplaceWAYF(dhome.AuthenticationURLTemplate, url, dorg.OrgID)
+ ProcessAuth: func(ctx context.Context, url string) (string, error) {
+ disco.MarkServersExpired()
+ disco.Servers(ctx)
+ disco.MarkOrganizationsExpired()
+ disco.Organizations(ctx)
+ updorg, updsrv, err := disco.SecureHomeArgs(orgID)
+ if err != nil {
+ return "", err
+ }
+ ret := util.ReplaceWAYF(updsrv.AuthenticationURLTemplate, url, updorg.OrgID)
+ return ret, nil
},
DisableAuthorize: disableAuth,
}