mirror of
https://github.com/TwiN/gatus.git
synced 2024-11-24 17:04:42 +01:00
oidc: Log when a subject tries to authenticate but isn't allowed
This commit is contained in:
parent
dd5e3ee7ee
commit
139a78b2f6
2
go.mod
2
go.mod
@ -5,6 +5,7 @@ go 1.17
|
|||||||
require (
|
require (
|
||||||
github.com/TwiN/g8 v1.2.0
|
github.com/TwiN/g8 v1.2.0
|
||||||
github.com/TwiN/gocache v1.2.4
|
github.com/TwiN/gocache v1.2.4
|
||||||
|
github.com/TwiN/gocache/v2 v2.0.0
|
||||||
github.com/TwiN/health v1.3.0
|
github.com/TwiN/health v1.3.0
|
||||||
github.com/beorn7/perks v1.0.1 // indirect
|
github.com/beorn7/perks v1.0.1 // indirect
|
||||||
github.com/cespare/xxhash/v2 v2.1.2 // indirect
|
github.com/cespare/xxhash/v2 v2.1.2 // indirect
|
||||||
@ -51,7 +52,6 @@ require (
|
|||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/TwiN/gocache/v2 v2.0.0 // indirect
|
|
||||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 // indirect
|
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 // indirect
|
||||||
google.golang.org/appengine v1.6.6 // indirect
|
google.golang.org/appengine v1.6.6 // indirect
|
||||||
gopkg.in/square/go-jose.v2 v2.5.1 // indirect
|
gopkg.in/square/go-jose.v2 v2.5.1 // indirect
|
||||||
|
@ -27,7 +27,7 @@ type OIDCConfig struct {
|
|||||||
|
|
||||||
// isValid returns whether the basic security configuration is valid or not
|
// isValid returns whether the basic security configuration is valid or not
|
||||||
func (c *OIDCConfig) isValid() bool {
|
func (c *OIDCConfig) isValid() bool {
|
||||||
return len(c.IssuerURL) > 0 && len(c.RedirectURL) > 0 && len(c.ClientID) > 0 && len(c.ClientSecret) > 0 && len(c.Scopes) > 0
|
return len(c.IssuerURL) > 0 && len(c.RedirectURL) > 0 && strings.HasSuffix(c.RedirectURL, "/authorization-code/callback") && len(c.ClientID) > 0 && len(c.ClientSecret) > 0 && len(c.Scopes) > 0
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *OIDCConfig) initialize() error {
|
func (c *OIDCConfig) initialize() error {
|
||||||
@ -123,7 +123,7 @@ func (c *OIDCConfig) callbackHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
log.Println("user is not in the list of allowed subjects")
|
log.Printf("[security][callbackHandler] Subject %s is not in the list of allowed subjects", idToken.Subject)
|
||||||
http.Redirect(w, r, "/login?error=access_denied", http.StatusFound)
|
http.Redirect(w, r, "/login?error=access_denied", http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user