void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-06 20:43:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Include authentication URL in config

Browse source
This commit is contained in:
Adam Ierymenko 2021-07-23 19:17:42 -04:00
parent efe0e8aa7b
commit 0310bfa3e3
No known key found for this signature in database
GPG key ID: C8877CF2D7A5D7F3
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
controller/EmbeddedNetworkController.cpp
View file

@ -1355,21 +1355,21 @@ void EmbeddedNetworkController::_request(
member["lastAuthorizedCredential"] = autoAuthCredential; member["lastAuthorizedCredential"] = autoAuthCredential;
} }
// Should we check SSO Stuff? // Should we check SSO Stuff?
// If network is configured with SSO, and the member is not marked exempt: yes // If network is configured with SSO, and the member is not marked exempt: yes
// Otherwise no, we use standard auth logic. // Otherwise no, we use standard auth logic.
bool networkSSOEnabled = OSUtils::jsonBool(network["ssoEnabled"], false); bool networkSSOEnabled = OSUtils::jsonBool(network["ssoEnabled"], false);
bool memberSSOExempt = OSUtils::jsonBool(member["ssoExempt"], false); bool memberSSOExempt = OSUtils::jsonBool(member["ssoExempt"], false);
std::string authenticationURL;
if (networkSSOEnabled && !memberSSOExempt) { if (networkSSOEnabled && !memberSSOExempt) {
authenticationURL = _db.getSSOAuthURL(member, _ssoRedirectURL);
std::string memberId = member["id"]; std::string memberId = member["id"];
fprintf(stderr, "ssoEnabled && !ssoExempt %s-%s\n", nwids, memberId.c_str()); fprintf(stderr, "ssoEnabled && !ssoExempt %s-%s\n", nwids, memberId.c_str());
uint64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0); uint64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0);
if (authenticationExpiryTime > 0) { if (authenticationExpiryTime > 0) {
fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime); fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime);
if (authenticationExpiryTime < now) { if (authenticationExpiryTime < now) {
std::string authenticationURL = _db.getSSOAuthURL(member, _ssoRedirectURL);
if (!authenticationURL.empty()) { if (!authenticationURL.empty()) {
Dictionary<3072> authInfo; Dictionary<3072> authInfo;
authInfo.add("aU", authenticationURL.c_str()); authInfo.add("aU", authenticationURL.c_str());
@ -1377,9 +1377,9 @@ void EmbeddedNetworkController::_request(
DB::cleanMember(member); DB::cleanMember(member);
_db.save(member,true); _db.save(member,true);
_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes()); _sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes());
return;
} }
} else { return;
} else if (authorized) {
_db.memberExpiring(authenticationExpiryTime, nwid, identity.address().toInt()); _db.memberExpiring(authenticationExpiryTime, nwid, identity.address().toInt());
} }
} }
@ -1451,7 +1451,8 @@ void EmbeddedNetworkController::_request(
nc->ssoEnabled = OSUtils::jsonBool(network["ssoEnabled"], false); nc->ssoEnabled = OSUtils::jsonBool(network["ssoEnabled"], false);
nc->authenticationExpiryTime = OSUtils::jsonInt(member["authenticationExpiryTime"], 0LL); nc->authenticationExpiryTime = OSUtils::jsonInt(member["authenticationExpiryTime"], 0LL);
if (!authenticationURL.empty())
Utils::scopy(nc->authenticationURL, sizeof(nc->authenticationURL), authenticationURL.c_str());
std::string rtt(OSUtils::jsonString(member["remoteTraceTarget"],"")); std::string rtt(OSUtils::jsonString(member["remoteTraceTarget"],""));
if (rtt.length() == 10) { if (rtt.length() == 10) {