Export SSO types and functions in lib/web#17530
Merged
Conversation
Export some names in the `lib/auth` package so that SSO auth plugins can be implemented from outside this package: * struct `ssoRequestParams` (including fields) * struct `ssoCallbackResponse` (including fields) * func `parseSSORequestParams` * func `ssoSetWebSessionAndRedirectURL` * func `redirectURLWithError` * var `ssoLoginConsoleErr` * type `CachedSessionLingeringThreshold` (for TestSAML)
Contributor
Author
|
This PR supersedes #17457, taking a cut-down approach to what is exported. |
strideynet
approved these changes
Oct 18, 2022
Tener
approved these changes
Oct 18, 2022
Contributor
Tener
left a comment
Tener
left a comment
There was a problem hiding this comment.
Looks good, the only issue I can see is some missing docs.
| } | ||
|
|
||
| func redirectURLWithError(clientRedirectURL string, errReply error) (*url.URL, error) { | ||
| func RedirectURLWithError(clientRedirectURL string, errReply error) (*url.URL, error) { |
| clientRedirectURL string | ||
| connectorID string | ||
| csrfToken string | ||
| type SSORequestParams struct { |
Contributor
There was a problem hiding this comment.
Missing doc for type and fields.
| } | ||
|
|
||
| func parseSSORequestParams(r *http.Request) (*ssoRequestParams, error) { | ||
| func ParseSSORequestParams(r *http.Request) (*SSORequestParams, error) { |
| username string | ||
| sessionName string | ||
| clientRedirectURL string | ||
| type SSOCallbackResponse struct { |
Contributor
There was a problem hiding this comment.
Missing doc for type and fields.
| } | ||
|
|
||
| func ssoSetWebSessionAndRedirectURL(w http.ResponseWriter, r *http.Request, response *ssoCallbackResponse, verifyCSRF bool) error { | ||
| func SSOSetWebSessionAndRedirectURL(w http.ResponseWriter, r *http.Request, response *SSOCallbackResponse, verifyCSRF bool) error { |
zmb3
reviewed
Oct 18, 2022
| const ( | ||
| // ssoLoginConsoleErr is a generic error message to hide revealing sso login failure msgs. | ||
| ssoLoginConsoleErr = "Failed to login. Please check Teleport's log for more details." | ||
| // SSOLoginConsoleErr is a generic error message to hide revealing sso login failure msgs. |
Collaborator
There was a problem hiding this comment.
Suggested change
| // SSOLoginConsoleErr is a generic error message to hide revealing sso login failure msgs. | |
| // SSOLoginConsoleErr is a generic error message avoid disclosing sensitive SSO failure messages. |
When something is exported, it's extra important to get the name and documentation right.
Additionally, I would generally expect that something named FooErr implements error, and this is just a string. Maybe SSOLoginFailureMessage or something along those lines would be a better name.
Contributor
Author
There was a problem hiding this comment.
ack. renamed and updated doc string as suggested.
Rename SSOLoginConsoleErr to SSOLoginFailureMessage and update the doc string to be grammatically correct. Addresses: #17530 (comment)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Export some names in the
lib/webpackage so that SSO auth plugins can be implemented from outside this package:ssoRequestParams(including fields)ssoCallbackResponse(including fields)parseSSORequestParamsssoSetWebSessionAndRedirectURLredirectURLWithErrorssoLoginConsoleErrCachedSessionLingeringThreshold(for TestSAML)Issue: https://github.com/gravitational/teleport.e/issues/525
Note: This supersedes PR #17457, exporting much less while still enabling the SAML lib/web tests to
move to the enterprise repo.
Follow-on PRs are: