github/paralus
1
0
Fork 0
mirror of https://github.com/paralus/paralus.git synced 2026-05-06 08:26:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

OIdC Provider: Deny duplicate Issuer Url

Browse Source 
Duplicate email from different provider applications with same issuer
url cause problems.
This commit is contained in:
Akshay Gaikwad
2022-05-06 12:09:59 +05:30
parent eb0b7d3ef2
commit 38a2dd50cd
1 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
pkg/service/oidc_provider.go
View File

@@ -71,7 +71,7 @@ func (s *oidcProvider) getPartnerOrganization(ctx context.Context, provider *sys
}
func (s *oidcProvider) Create(ctx context.Context, provider *systemv3.OIDCProvider) (*systemv3.OIDCProvider, error) {
name := provider.Metadata.GetName()
name := provider.GetMetadata().GetName()
if len(name) == 0 {
return &systemv3.OIDCProvider{}, fmt.Errorf("EMPTY NAME")
}
@@ -79,6 +79,10 @@ func (s *oidcProvider) Create(ctx context.Context, provider *systemv3.OIDCProvid
if scopes == nil || len(scopes) == 0 {
return &systemv3.OIDCProvider{}, fmt.Errorf("NO SCOPES")
}
issUrl := provider.GetSpec().GetIssuerUrl()
if len(issUrl) == 0 {
return &systemv3.OIDCProvider{}, fmt.Errorf("EMPTY ISSUER URL")
}
partnerId, organizationId, err := s.getPartnerOrganization(ctx, provider)
if err != nil {
@@ -87,26 +91,34 @@ func (s *oidcProvider) Create(ctx context.Context, provider *systemv3.OIDCProvid
p, _ := dao.GetIdByNamePartnerOrg(
ctx,
s.db,
provider.GetMetadata().GetName(),
name,
uuid.NullUUID{UUID: partnerId, Valid: true},
uuid.NullUUID{UUID: organizationId, Valid: true},
&models.OIDCProvider{},
)
if p != nil {
return nil, fmt.Errorf("OIDC provider %q already exists", provider.GetMetadata().GetName())
return nil, fmt.Errorf("OIDC provider %q already exists", name)
}
p, _ = dao.GetM(ctx, s.db, map[string]interface{}{
"issuer_url": issUrl,
"partner_id": partnerId,
"organization_id": organizationId,
}, &models.OIDCProvider{})
if p != nil {
return nil, fmt.Errorf("DUPLICATE ISSUER URL")
}
if validateURL(issUrl) != nil {
return &systemv3.OIDCProvider{}, fmt.Errorf("INVALID ISSUER URL")
}
mapUrl := provider.Spec.GetMapperUrl()
issUrl := provider.Spec.GetIssuerUrl()
authUrl := provider.Spec.GetAuthUrl()
tknUrl := provider.Spec.GetTokenUrl()
if len(mapUrl) != 0 && validateURL(mapUrl) != nil {
return &systemv3.OIDCProvider{}, fmt.Errorf("INVALID MAPPER URL")
}
if len(issUrl) != 0 && validateURL(issUrl) != nil {
return &systemv3.OIDCProvider{}, fmt.Errorf("INVALID ISSUER URL")
}
if len(authUrl) != 0 && validateURL(authUrl) != nil {
return &systemv3.OIDCProvider{}, fmt.Errorf("INVALID AUTH URL")
}