bluepython508/sso-bsn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Auth route /whoami for nginx subrequest auth, support changing the session cookie domain for that purpose

Browse Source
This commit is contained in:
bluepython508
2023-11-08 09:36:30 +00:00
parent 54db8727b0
commit 93cd897b0e
6 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/dev.exs
View File

@@ -26,6 +26,8 @@ config :sso_bsn, SsoBsnWeb.Endpoint,
tailwind: {Tailwind, :install_and_run, [:default, ~w(--watch)]} tailwind: {Tailwind, :install_and_run, [:default, ~w(--watch)]}
] ]
config :sso_bsn, :session_domain, "localhost"
# ## SSL Support # ## SSL Support
# #
# In order to use HTTPS in development, a self-signed # In order to use HTTPS in development, a self-signed

3
lib/sso_bsn_web/controllers/openid/authorize_controller.ex
View File

@@ -7,8 +7,7 @@ defmodule SsoBsnWeb.Openid.AuthorizeController do
alias Boruta.Oauth.Error alias Boruta.Oauth.Error
alias Boruta.Oauth.ResourceOwner alias Boruta.Oauth.ResourceOwner
alias SsoBsnWeb.UserAuth alias SsoBsnWeb.UserAuth
alias SsoBsnWeb.Openid.AuthorizeView
def oauth_module, do: Application.get_env(:sso_bsn, :oauth_module, Boruta.Oauth) def oauth_module, do: Application.get_env(:sso_bsn, :oauth_module, Boruta.Oauth)
def authorize(%Plug.Conn{} = conn, _params) do def authorize(%Plug.Conn{} = conn, _params) do

9
lib/sso_bsn_web/controllers/user_session_controller.ex
View File

@@ -23,4 +23,13 @@ defmodule SsoBsnWeb.UserSessionController do
|> put_flash(:info, "Logged out successfully.") |> put_flash(:info, "Logged out successfully.")
|> UserAuth.log_out_user() |> UserAuth.log_out_user()
end end
def check_auth(conn, _params) do
user = conn.assigns[:current_user]
conn
|> put_resp_header("X-Auth-Username", user.username)
|> json(%{
username: user.username
})
end
end end

3
lib/sso_bsn_web/endpoint.ex
View File

@@ -8,7 +8,8 @@ defmodule SsoBsnWeb.Endpoint do
store: :cookie, store: :cookie,
key: "_sso_bsn_key", key: "_sso_bsn_key",
signing_salt: "2YoB6zeO", signing_salt: "2YoB6zeO",
same_site: "Lax" same_site: "Lax",
domain: Application.compile_env(:sso_bsn, :session_domain)
] ]
socket "/live", Phoenix.LiveView.Socket, websocket: [connect_info: [session: @session_options]] socket "/live", Phoenix.LiveView.Socket, websocket: [connect_info: [session: @session_options]]

1
lib/sso_bsn_web/resource_owners.ex
View File

@@ -4,7 +4,6 @@ defmodule SsoBsnWeb.ResourceOwners do
alias Boruta.Oauth.ResourceOwner alias Boruta.Oauth.ResourceOwner
alias SsoBsn.Accounts.User alias SsoBsn.Accounts.User
alias SsoBsn.Accounts alias SsoBsn.Accounts
alias SsoBsn.Repo
@impl Boruta.Oauth.ResourceOwners @impl Boruta.Oauth.ResourceOwners
def get_by(username: username) do def get_by(username: username) do

6
lib/sso_bsn_web/router.ex
View File

@@ -74,6 +74,12 @@ defmodule SsoBsnWeb.Router do
delete "/users/log_out", UserSessionController, :delete delete "/users/log_out", UserSessionController, :delete
end end
scope "/", SsoBsnWeb do
pipe_through [:api, :fetch_session, :fetch_current_user, :require_authenticated_user]
get "/whoami", UserSessionController, :check_auth
end
# OIDC # OIDC
scope "/oauth", SsoBsnWeb.Oauth do scope "/oauth", SsoBsnWeb.Oauth do