outposts/ldap: cached bind (#2824)

* initial cached ldap bind support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* clean up api generation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use gh action for golangci-lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L
2022-05-08 16:48:53 +02:00
committed by GitHub
parent 2678b381b9
commit ab2299ba1e
33 changed files with 455 additions and 208 deletions

View File

@ -35,11 +35,13 @@ type FlowExecutor struct {
Answers map[StageComponent]string
Context context.Context
cip string
api *api.APIClient
flowSlug string
log *log.Entry
token string
cip string
api *api.APIClient
flowSlug string
log *log.Entry
token string
session *http.Cookie
transport http.RoundTripper
sp *sentry.Span
}
@ -54,28 +56,41 @@ func NewFlowExecutor(ctx context.Context, flowSlug string, refConfig *api.Config
l.WithError(err).Warning("Failed to create cookiejar")
panic(err)
}
transport := ak.NewUserAgentTransport(constants.OutpostUserAgent(), ak.NewTracingTransport(rsp.Context(), ak.GetTLSTransport()))
fe := &FlowExecutor{
Params: url.Values{},
Answers: make(map[StageComponent]string),
Context: rsp.Context(),
flowSlug: flowSlug,
log: l,
sp: rsp,
cip: "",
transport: transport,
}
// Create new http client that also sets the correct ip
config := api.NewConfiguration()
config.Host = refConfig.Host
config.Scheme = refConfig.Scheme
config.HTTPClient = &http.Client{
Jar: jar,
Transport: ak.NewUserAgentTransport(constants.OutpostUserAgent(), ak.NewTracingTransport(rsp.Context(), ak.GetTLSTransport())),
Transport: fe,
}
token := strings.Split(refConfig.DefaultHeader["Authorization"], " ")[1]
config.AddDefaultHeader(HeaderAuthentikOutpostToken, token)
apiClient := api.NewAPIClient(config)
return &FlowExecutor{
Params: url.Values{},
Answers: make(map[StageComponent]string),
Context: rsp.Context(),
api: apiClient,
flowSlug: flowSlug,
log: l,
token: token,
sp: rsp,
cip: "",
fe.token = strings.Split(refConfig.DefaultHeader["Authorization"], " ")[1]
config.AddDefaultHeader(HeaderAuthentikOutpostToken, fe.token)
fe.api = api.NewAPIClient(config)
return fe
}
func (fe *FlowExecutor) RoundTrip(req *http.Request) (*http.Response, error) {
res, err := fe.transport.RoundTrip(req)
if res != nil {
for _, cookie := range res.Cookies() {
if cookie.Name == "authentik_session" {
fe.session = cookie
}
}
}
return res, err
}
func (fe *FlowExecutor) ApiClient() *api.APIClient {
@ -115,6 +130,10 @@ func (fe *FlowExecutor) getAnswer(stage StageComponent) string {
return ""
}
func (fe *FlowExecutor) GetSession() *http.Cookie {
return fe.session
}
// WarmUp Ensure authentik's flow cache is warmed up
func (fe *FlowExecutor) WarmUp() error {
gcsp := sentry.StartSpan(fe.Context, "authentik.outposts.flow_executor.get_challenge")