1f349/lavender
4
0
Fork 0
mirror of https://github.com/1f349/lavender.git synced 2025-04-15 15:27:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rename StateExtended to StateAuthenticated

Browse Source
This commit is contained in:
Melon 2025-03-13 23:11:35 +00:00
parent ba76dc5371
commit 159bc86d69
Signed by: melon
GPG Key ID: 6C9D970C50D26A25
3 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
auth/process/state.go
View File

@ -12,17 +12,15 @@ const (
// StateBasic defines the "username and password with no OTP" user state // StateBasic defines the "username and password with no OTP" user state
// This is skipped if OTP/passkey is optional and not enabled for the user // This is skipped if OTP/passkey is optional and not enabled for the user
StateBasic StateBasic
// StateExtended defines the "logged in" user state // StateAuthenticated defines the "logged in" user state
StateExtended StateAuthenticated
// StateSudo defines the "sudo" user state // StateSudo defines the "sudo" user state
// This state is temporary and has a configurable duration // This state is temporary and has a configurable duration
StateSudo StateSudo
) )
func (s State) IsValid() bool { func (s State) IsValid() bool { return s <= StateSudo }
return s <= StateSudo
}
func (s State) IsLoggedIn() bool { return s >= StateExtended } func (s State) IsLoggedIn() bool { return s >= StateAuthenticated }
func (s State) IsSudoAvailable() bool { return s == StateSudo } func (s State) IsSudoAvailable() bool { return s == StateSudo }

6
auth/providers/oauth.go
View File

@ -175,7 +175,7 @@ func (o OAuthLogin) updateExternalUserInfo(req *http.Request, sso *issuer.WellKn
}) })
return auth.UserAuth{ return auth.UserAuth{
Subject: userSubject, Subject: userSubject,
Factor: process.StateExtended, Factor: process.StateBasic, // TODO: should the user be allowed to skip otp via oauth?
UserInfo: sessionData.UserInfo, UserInfo: sessionData.UserInfo,
}, err }, err
case errors.Is(err, sql.ErrNoRows): case errors.Is(err, sql.ErrNoRows):
@ -231,7 +231,7 @@ func (o OAuthLogin) updateExternalUserInfo(req *http.Request, sso *issuer.WellKn
// TODO(melon): this feels bad // TODO(melon): this feels bad
sessionData = auth.UserAuth{ sessionData = auth.UserAuth{
Subject: userSubject, Subject: userSubject,
Factor: process.StateExtended, Factor: process.StateAuthenticated, // TODO: should the user be allowed to skip otp via oauth?
UserInfo: sessionData.UserInfo, UserInfo: sessionData.UserInfo,
} }
@ -296,7 +296,7 @@ func (o OAuthLogin) fetchUserInfo(sso *issuer.WellKnownOIDC, token *oauth2.Token
return auth.UserAuth{ return auth.UserAuth{
Subject: subject, Subject: subject,
Factor: process.StateExtended, Factor: process.StateBasic, // TODO: should the user be allowed to skip otp via oauth?
UserInfo: userInfoJson, UserInfo: userInfoJson,
}, nil }, nil
} }

2
server/auth_test.go
View File

@ -19,7 +19,7 @@ func TestUserAuth_NextFlowUrl(t *testing.T) {
assert.Equal(t, url.URL{Path: "/login"}, *u.NextFlowUrl(&url.URL{})) assert.Equal(t, url.URL{Path: "/login"}, *u.NextFlowUrl(&url.URL{}))
assert.Equal(t, url.URL{Path: "/login", RawQuery: url.Values{"redirect": {"/hello"}}.Encode()}, *u.NextFlowUrl(&url.URL{Path: "/hello"})) assert.Equal(t, url.URL{Path: "/login", RawQuery: url.Values{"redirect": {"/hello"}}.Encode()}, *u.NextFlowUrl(&url.URL{Path: "/hello"}))
assert.Equal(t, url.URL{Path: "/login", RawQuery: url.Values{"redirect": {"/hello?a=A"}}.Encode()}, *u.NextFlowUrl(&url.URL{Path: "/hello", RawQuery: url.Values{"a": {"A"}}.Encode()})) assert.Equal(t, url.URL{Path: "/login", RawQuery: url.Values{"redirect": {"/hello?a=A"}}.Encode()}, *u.NextFlowUrl(&url.URL{Path: "/hello", RawQuery: url.Values{"a": {"A"}}.Encode()}))
u.Factor = process.StateExtended u.Factor = process.StateAuthenticated
assert.Nil(t, u.NextFlowUrl(&url.URL{})) assert.Nil(t, u.NextFlowUrl(&url.URL{}))
} }