github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

feat(oauth): improve Azure OAuth support

pull/2749/head
Anthony Lapenna 2019-02-20 13:53:25 +13:00
parent ce9e009e22
commit d510d23408
3 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/http/handler/auth/authenticate_oauth.go
View File

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"log"
"github.com/asaskevich/govalidator" "github.com/asaskevich/govalidator"
httperror "github.com/portainer/libhttp/error" httperror "github.com/portainer/libhttp/error"
@ -83,7 +84,7 @@ func (handler *Handler) validateOAuth(w http.ResponseWriter, r *http.Request) *h
} }
if settings.AuthenticationMethod != 3 { if settings.AuthenticationMethod != 3 {
return &httperror.HandlerError{http.StatusForbidden, "OAuth authentication is not enabled", err} return &httperror.HandlerError{http.StatusForbidden, "OAuth authentication is not enabled", portainer.Error("OAuth authentication is not enabled")}
} }
extension, err := handler.ExtensionService.Extension(portainer.OAuthAuthenticationExtension) extension, err := handler.ExtensionService.Extension(portainer.OAuthAuthenticationExtension)
@ -95,6 +96,7 @@ func (handler *Handler) validateOAuth(w http.ResponseWriter, r *http.Request) *h
username, err := handler.authenticateThroughExtension(payload.Code, extension.License.LicenseKey, &settings.OAuthSettings) username, err := handler.authenticateThroughExtension(payload.Code, extension.License.LicenseKey, &settings.OAuthSettings)
if err != nil { if err != nil {
log.Printf("[DEBUG] - OAuth authentication error: %s", err)
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to authenticate through OAuth", portainer.ErrUnauthorized} return &httperror.HandlerError{http.StatusInternalServerError, "Unable to authenticate through OAuth", portainer.ErrUnauthorized}
} }

2
api/http/handler/settings/settings_public.go
View File

@ -34,7 +34,7 @@ func (handler *Handler) settingsPublic(w http.ResponseWriter, r *http.Request) *
EnableHostManagementFeatures: settings.EnableHostManagementFeatures, EnableHostManagementFeatures: settings.EnableHostManagementFeatures,
ExternalTemplates: false, ExternalTemplates: false,
// TODO: check if state=portainer useful or not // TODO: check if state=portainer useful or not
OAuthLoginURI: fmt.Sprintf("%s?response_type=code&client_id=%s&redirect_uri=%s&scope=%s&state=portainer", OAuthLoginURI: fmt.Sprintf("%s?response_type=code&client_id=%s&redirect_uri=%s&scope=%s&state=portainer&prompt=login",
settings.OAuthSettings.AuthorizationURI, settings.OAuthSettings.AuthorizationURI,
settings.OAuthSettings.ClientID, settings.OAuthSettings.ClientID,
settings.OAuthSettings.RedirectURI, settings.OAuthSettings.RedirectURI,

2
app/extensions/oauth/components/oauth-providers-selector/oauth-provider-selector-controller.js
View File

@ -7,7 +7,7 @@ angular.module('portainer.extensions.oauth')
authUrl: 'https://login.microsoftonline.com/TENANT_ID/oauth2/authorize', authUrl: 'https://login.microsoftonline.com/TENANT_ID/oauth2/authorize',
accessTokenUrl: 'https://login.microsoftonline.com/TENANT_ID/oauth2/token', accessTokenUrl: 'https://login.microsoftonline.com/TENANT_ID/oauth2/token',
resourceUrl: 'https://graph.windows.net/TENANT_ID/me?api-version=2013-11-08', resourceUrl: 'https://graph.windows.net/TENANT_ID/me?api-version=2013-11-08',
userIdentifier: 'mail', userIdentifier: 'userPrincipalName',
scopes: 'id,email,name', scopes: 'id,email,name',
name: 'microsoft' name: 'microsoft'
}, },