github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-06 16:36:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(handler/reverseproxy): only trigger acr step up for non-ignored autologin paths

Browse Source
This commit is contained in:
Trong Huu Nguyen
2023-05-02 08:33:12 +02:00
parent f90e57783b
commit 59b2dd1d66
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/handler/autologin/autologin.go
View File

@@ -21,8 +21,8 @@ type AutoLogin struct {
cache sync.Map
}
func (a *AutoLogin) NeedsLogin(r *http.Request, isAuthenticated bool) bool {
if isAuthenticated || !a.Enabled || r.Method != http.MethodGet {
func (a *AutoLogin) NeedsLogin(r *http.Request, isAuthenticated, isAcrValid bool) bool {
if (isAuthenticated && isAcrValid) || !a.Enabled || r.Method != http.MethodGet {
return false
}

7
pkg/handler/reverseproxy.go
View File

@@ -84,13 +84,14 @@ func (rp *ReverseProxy) Handler(src ReverseProxySource, w http.ResponseWriter, r
logger.Errorf("default: unauthenticated: unexpected error: %+v", err)
}
isAcrValid := true
err = src.GetAcrHandler().Validate(sess)
if err != nil {
loginRedirect(src, w, r, err.Error())
return
isAcrValid = false
logger.Infof("default: acr: %+v; checking for autologin...", err)
}
if src.GetAutoLogin().NeedsLogin(r, isAuthenticated) {
if src.GetAutoLogin().NeedsLogin(r, isAuthenticated, isAcrValid) {
loginRedirect(src, w, r, "request matches autologin")
return
}