fleet/server/service/transport_sessions.go

package service

import (
	"context"
	"encoding/json"
	"net/http"
	"strings"

	"github.com/kolide/fleet/server/sso"
	"github.com/pkg/errors"
)

func decodeGetInfoAboutSessionRequest(ctx context.Context, r *http.Request) (interface{}, error) {
	id, err := idFromRequest(r, "id")
	if err != nil {
		return nil, err
	}
	return getInfoAboutSessionRequest{ID: id}, nil
}

func decodeGetInfoAboutSessionsForUserRequest(ctx context.Context, r *http.Request) (interface{}, error) {
	id, err := idFromRequest(r, "id")
	if err != nil {
		return nil, err
	}
	return getInfoAboutSessionsForUserRequest{ID: id}, nil
}

func decodeDeleteSessionRequest(ctx context.Context, r *http.Request) (interface{}, error) {
	id, err := idFromRequest(r, "id")
	if err != nil {
		return nil, err
	}
	return deleteSessionRequest{ID: id}, nil
}

func decodeDeleteSessionsForUserRequest(ctx context.Context, r *http.Request) (interface{}, error) {
	id, err := idFromRequest(r, "id")
	if err != nil {
		return nil, err
	}
	return deleteSessionsForUserRequest{ID: id}, nil
}

func decodeLoginRequest(ctx context.Context, r *http.Request) (interface{}, error) {
	var req loginRequest
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
		return nil, err
	}
	req.Username = strings.ToLower(req.Username)
	return req, nil
}

func decodeInitiateSSORequest(ctx context.Context, r *http.Request) (interface{}, error) {
	var req initiateSSORequest
	err := json.NewDecoder(r.Body).Decode(&req)
	if err != nil {
		return nil, err
	}
	return req, nil
}

func decodeCallbackSSORequest(ctx context.Context, r *http.Request) (interface{}, error) {
	err := r.ParseForm()
	if err != nil {
		return nil, errors.Wrap(err, "decode sso callback")
	}
	authResponse, err := sso.DecodeAuthResponse(r.FormValue("SAMLResponse"))
	if err != nil {
		return nil, errors.Wrap(err, "decoding sso callback")
	}
	return authResponse, nil
}
Organizing go code (#241) 2016-09-26 18:48:55 +00:00			`package service`
Sessions endpoints (#108) * renaming auth service to sessions service * service method implementations * endpoint and transport and transport tests * Authenticate tests 2016-09-05 19:50:57 +00:00
			`import (`
Update go-kit to 0.4.0 (#1411) Notable refactoring: - Use stdlib "context" in place of "golang.org/x/net/context" - Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go - Use MakeHandler when setting up endpoint tests (fixes test bug caught during this refactoring) Closes #1411. 2017-03-15 15:55:30 +00:00			`"context"`
Header based JWT authentication (#131) * add a test data subcommand * updated sessions stuff * merge and tests 2016-09-08 01:24:11 +00:00			`"encoding/json"`
Sessions endpoints (#108) * renaming auth service to sessions service * service method implementations * endpoint and transport and transport tests * Authenticate tests 2016-09-05 19:50:57 +00:00			`"net/http"`
Lowercase strings which should be case insensitive, like email and username. (#302) Fixes #299 Closes #300 2016-10-12 16:35:34 +00:00			`"strings"`
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test 2017-05-09 00:43:48 +00:00
Rename project to Kolide Fleet (#1529) 2017-06-22 19:50:45 +00:00			`"github.com/kolide/fleet/server/sso"`
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test 2017-05-09 00:43:48 +00:00			`"github.com/pkg/errors"`
Sessions endpoints (#108) * renaming auth service to sessions service * service method implementations * endpoint and transport and transport tests * Authenticate tests 2016-09-05 19:50:57 +00:00			`)`

			`func decodeGetInfoAboutSessionRequest(ctx context.Context, r *http.Request) (interface{}, error) {`
			`id, err := idFromRequest(r, "id")`
			`if err != nil {`
			`return nil, err`
			`}`
			`return getInfoAboutSessionRequest{ID: id}, nil`
			`}`

			`func decodeGetInfoAboutSessionsForUserRequest(ctx context.Context, r *http.Request) (interface{}, error) {`
			`id, err := idFromRequest(r, "id")`
			`if err != nil {`
			`return nil, err`
			`}`
			`return getInfoAboutSessionsForUserRequest{ID: id}, nil`
			`}`

			`func decodeDeleteSessionRequest(ctx context.Context, r *http.Request) (interface{}, error) {`
			`id, err := idFromRequest(r, "id")`
			`if err != nil {`
			`return nil, err`
			`}`
			`return deleteSessionRequest{ID: id}, nil`
			`}`

			`func decodeDeleteSessionsForUserRequest(ctx context.Context, r *http.Request) (interface{}, error) {`
			`id, err := idFromRequest(r, "id")`
			`if err != nil {`
			`return nil, err`
			`}`
			`return deleteSessionsForUserRequest{ID: id}, nil`
			`}`
Header based JWT authentication (#131) * add a test data subcommand * updated sessions stuff * merge and tests 2016-09-08 01:24:11 +00:00
			`func decodeLoginRequest(ctx context.Context, r *http.Request) (interface{}, error) {`
			`var req loginRequest`
			`if err := json.NewDecoder(r.Body).Decode(&req); err != nil {`
			`return nil, err`
			`}`
Lowercase strings which should be case insensitive, like email and username. (#302) Fixes #299 Closes #300 2016-10-12 16:35:34 +00:00			`req.Username = strings.ToLower(req.Username)`
Header based JWT authentication (#131) * add a test data subcommand * updated sessions stuff * merge and tests 2016-09-08 01:24:11 +00:00			`return req, nil`
			`}`
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test 2017-05-09 00:43:48 +00:00
			`func decodeInitiateSSORequest(ctx context.Context, r *http.Request) (interface{}, error) {`
			`var req initiateSSORequest`
			`err := json.NewDecoder(r.Body).Decode(&req)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return req, nil`
			`}`

			`func decodeCallbackSSORequest(ctx context.Context, r *http.Request) (interface{}, error) {`
			`err := r.ParseForm()`
			`if err != nil {`
			`return nil, errors.Wrap(err, "decode sso callback")`
			`}`
			`authResponse, err := sso.DecodeAuthResponse(r.FormValue("SAMLResponse"))`
			`if err != nil {`
			`return nil, errors.Wrap(err, "decoding sso callback")`
			`}`
			`return authResponse, nil`
			`}`