Skip to content

Fix SSO cookies problem when session didn't change. #118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 18, 2024
Merged

Fix SSO cookies problem when session didn't change. #118

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6e2fa03
fix sso cookie problem while updating user session
LalitDeore Oct 17, 2024
2b65e4c
updated user session condition in handleopenid fucntion
LalitDeore Oct 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
250 changes: 210 additions & 40 deletions shared.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18948,6 +18948,13 @@ func HandleOpenId(resp http.ResponseWriter, request *http.Request) {
redirectUrl = os.Getenv("SSO_REDIRECT_URL")
}

if len(userName) == 0 {
log.Printf("[ERROR] Username (%v) is empty in OpenID login for org: %v", userName, org.Id)
resp.WriteHeader(401)
resp.Write([]byte(`{"success": false, "reason": "Username is empty"}`))
return
}

users, err := FindGeneratedUser(ctx, strings.ToLower(strings.TrimSpace(userName)))
if err == nil && len(users) > 0 {
for _, user := range users {
Expand All @@ -18964,7 +18971,7 @@ func HandleOpenId(resp http.ResponseWriter, request *http.Request) {

expiration := time.Now().Add(3600 * time.Second)
if len(user.Session) == 0 {
log.Printf("[INFO] User does NOT have session - creating")
log.Printf("[INFO] User does NOT have session - creating - (1)")
sessionToken := uuid.NewV4().String()

newCookie := http.Cookie{
Expand Down Expand Up @@ -18994,6 +19001,35 @@ func HandleOpenId(resp http.ResponseWriter, request *http.Request) {
}

user.Session = sessionToken
} else {
log.Printf("[INFO] user have session resetting session and cookies for user: %v - (1)", userName)
sessionToken := user.Session
newCookie := &http.Cookie{
Name: "session_token",
Value: sessionToken,
Expires: expiration,
Path: "/",
}

if project.Environment == "cloud" {
newCookie.Domain = ".shuffler.io"
newCookie.Secure = true
newCookie.HttpOnly = true
}

http.SetCookie(resp, newCookie)

newCookie.Name = "__session"
http.SetCookie(resp, newCookie)

err = SetSession(ctx, user, sessionToken)
if err != nil {
log.Printf("[WARNING] Error creating session for user: %s", err)
resp.WriteHeader(401)
resp.Write([]byte(fmt.Sprintf(`{"success": false, "reason": "Failed setting session"}`)))
return
}

}
user.LoginInfo = append(user.LoginInfo, LoginInfo{
IP: GetRequestIp(request),
Expand Down Expand Up @@ -19034,7 +19070,7 @@ func HandleOpenId(resp http.ResponseWriter, request *http.Request) {

expiration := time.Now().Add(3600 * time.Second)
if len(user.Session) == 0 {
log.Printf("[INFO] User does NOT have session - creating")
log.Printf("[INFO] User does NOT have session - creating - (2)")
sessionToken := uuid.NewV4().String()
newCookie := &http.Cookie{
Name: "session_token",
Expand Down Expand Up @@ -19063,6 +19099,35 @@ func HandleOpenId(resp http.ResponseWriter, request *http.Request) {
}

user.Session = sessionToken
} else {
log.Printf("[INFO] user have session resetting session and cookies for user: %v - (2)", userName)
sessionToken := user.Session
newCookie := &http.Cookie{
Name: "session_token",
Value: sessionToken,
Expires: expiration,
Path: "/",
}

if project.Environment == "cloud" {
newCookie.Domain = ".shuffler.io"
newCookie.Secure = true
newCookie.HttpOnly = true
}

http.SetCookie(resp, newCookie)

newCookie.Name = "__session"
http.SetCookie(resp, newCookie)

err = SetSession(ctx, user, sessionToken)
if err != nil {
log.Printf("[WARNING] Error creating session for user: %s", err)
resp.WriteHeader(401)
resp.Write([]byte(fmt.Sprintf(`{"success": false, "reason": "Failed setting session"}`)))
return
}

}
user.LoginInfo = append(user.LoginInfo, LoginInfo{
IP: GetRequestIp(request),
Expand Down Expand Up @@ -19392,6 +19457,13 @@ func HandleSSO(resp http.ResponseWriter, request *http.Request) {
}
*/

if len(userName) == 0 {
log.Printf("[ERROR] Username (%v) is empty in SAML SSO login for org: %v", userName, matchingOrgs[0].Id)
resp.WriteHeader(401)
resp.Write([]byte(`{"success": false, "reason": "Username is empty"}`))
return
}

users, err := FindGeneratedUser(ctx, strings.ToLower(strings.TrimSpace(userName)))
if err == nil && len(users) > 0 {
for _, user := range users {
Expand All @@ -19418,7 +19490,7 @@ func HandleSSO(resp http.ResponseWriter, request *http.Request) {

expiration := time.Now().Add(3600 * time.Second)
if len(user.Session) == 0 {
log.Printf("[INFO] User does NOT have session - creating")
log.Printf("[INFO] User does NOT have session - creating (1)")
sessionToken := uuid.NewV4().String()
newCookie := &http.Cookie{
Name: "session_token",
Expand Down Expand Up @@ -19452,12 +19524,40 @@ func HandleSSO(resp http.ResponseWriter, request *http.Request) {
})

user.Session = sessionToken
} else {
log.Printf("[INFO] user have session resetting session and cookies for user: %v - (1)", userName)
sessionToken := user.Session
newCookie := &http.Cookie{
Name: "session_token",
Value: sessionToken,
Expires: expiration,
Path: "/",
}

if project.Environment == "cloud" {
newCookie.Domain = ".shuffler.io"
newCookie.Secure = true
newCookie.HttpOnly = true
}

http.SetCookie(resp, newCookie)

newCookie.Name = "__session"
http.SetCookie(resp, newCookie)

err = SetSession(ctx, user, sessionToken)
if err != nil {
log.Printf("[WARNING] Error creating session for user: %s", err)
resp.WriteHeader(401)
resp.Write([]byte(fmt.Sprintf(`{"success": false, "reason": "Failed setting session"}`)))
return
}

user.LoginInfo = append(user.LoginInfo, LoginInfo{
IP: GetRequestIp(request),
Timestamp: time.Now().Unix(),
})
}
// user.LoginInfo = append(user.LoginInfo, LoginInfo{
// IP: GetRequestIp(request),
// Timestamp: time.Now().Unix(),
// })
// }

//store user's last session so don't have to go through sso again while changing org.
user.UsersLastSession = user.Session
Expand Down Expand Up @@ -19497,7 +19597,7 @@ func HandleSSO(resp http.ResponseWriter, request *http.Request) {

expiration := time.Now().Add(3600 * time.Second)
if len(user.Session) == 0 {
log.Printf("[INFO] User does NOT have session - creating")
log.Printf("[INFO] User does NOT have session - creating - (2)")
sessionToken := uuid.NewV4().String()
newCookie := &http.Cookie{
Name: "session_token",
Expand Down Expand Up @@ -19526,6 +19626,39 @@ func HandleSSO(resp http.ResponseWriter, request *http.Request) {
}

user.Session = sessionToken
user.LoginInfo = append(user.LoginInfo, LoginInfo{
IP: GetRequestIp(request),
Timestamp: time.Now().Unix(),
})
} else {
log.Printf("[INFO] user have session resetting session and cookies for user: %v - (2)", userName)
sessionToken := user.Session
newCookie := &http.Cookie{
Name: "session_token",
Value: sessionToken,
Expires: expiration,
Path: "/",
}

if project.Environment == "cloud" {
newCookie.Domain = ".shuffler.io"
newCookie.Secure = true
newCookie.HttpOnly = true
}

http.SetCookie(resp, newCookie)

newCookie.Name = "__session"
http.SetCookie(resp, newCookie)

err = SetSession(ctx, user, sessionToken)
if err != nil {
log.Printf("[WARNING] Error creating session for user: %s", err)
resp.WriteHeader(401)
resp.Write([]byte(fmt.Sprintf(`{"success": false, "reason": "Failed setting session"}`)))
return
}

user.LoginInfo = append(user.LoginInfo, LoginInfo{
IP: GetRequestIp(request),
Timestamp: time.Now().Unix(),
Expand Down Expand Up @@ -19601,44 +19734,81 @@ func HandleSSO(resp http.ResponseWriter, request *http.Request) {
newUser.VerificationToken = verifyToken.String()

expiration := time.Now().Add(3600 * time.Second)
//if len(user.Session) == 0 {
log.Printf("[INFO] User does NOT have session - creating")
sessionToken := uuid.NewV4().String()
newCookie := &http.Cookie{
Name: "session_token",
Value: sessionToken,
Expires: expiration,
Path: "/",
}
if len(newUser.Session) == 0 {
log.Printf("[INFO] User does NOT have session - creating - (3)")
sessionToken := uuid.NewV4().String()
newCookie := &http.Cookie{
Name: "session_token",
Value: sessionToken,
Expires: expiration,
Path: "/",
}

if project.Environment == "cloud" {
newCookie.Domain = ".shuffler.io"
newCookie.Secure = true
newCookie.HttpOnly = true
}
if project.Environment == "cloud" {
newCookie.Domain = ".shuffler.io"
newCookie.Secure = true
newCookie.HttpOnly = true
}

http.SetCookie(resp, newCookie)
http.SetCookie(resp, newCookie)

newCookie.Name = "__session"
http.SetCookie(resp, newCookie)
newCookie.Name = "__session"
http.SetCookie(resp, newCookie)

err = SetSession(ctx, *newUser, sessionToken)
if err != nil {
log.Printf("[WARNING] Error creating session for user: %s", err)
resp.WriteHeader(401)
resp.Write([]byte(fmt.Sprintf(`{"success": false, "reason": "Failed setting session"}`)))
return
}
err = SetSession(ctx, *newUser, sessionToken)
if err != nil {
log.Printf("[WARNING] Error creating session for user: %s", err)
resp.WriteHeader(401)
resp.Write([]byte(fmt.Sprintf(`{"success": false, "reason": "Failed setting session"}`)))
return
}

newUser.Session = sessionToken
newUser.Session = sessionToken

newUser.LoginInfo = append(newUser.LoginInfo, LoginInfo{
IP: GetRequestIp(request),
Timestamp: time.Now().Unix(),
})
newUser.LoginInfo = append(newUser.LoginInfo, LoginInfo{
IP: GetRequestIp(request),
Timestamp: time.Now().Unix(),
})

//Store user's last session so don't have to go through sso again while changing org.
newUser.UsersLastSession = sessionToken
//Store user's last session so don't have to go through sso again while changing org.
newUser.UsersLastSession = sessionToken
} else {
log.Printf("[INFO] user have session resetting session and cookies for user: %v - (3)", userName)
sessionToken := newUser.Session
newCookie := &http.Cookie{
Name: "session_token",
Value: sessionToken,
Expires: expiration,
Path: "/",
}

if project.Environment == "cloud" {
newCookie.Domain = ".shuffler.io"
newCookie.Secure = true
newCookie.HttpOnly = true
}

http.SetCookie(resp, newCookie)

newCookie.Name = "__session"
http.SetCookie(resp, newCookie)

err = SetSession(ctx, *newUser, sessionToken)
if err != nil {
log.Printf("[WARNING] Error creating session for user: %s", err)
resp.WriteHeader(401)
resp.Write([]byte(fmt.Sprintf(`{"success": false, "reason": "Failed setting session"}`)))
return
}

newUser.LoginInfo = append(newUser.LoginInfo, LoginInfo{
IP: GetRequestIp(request),
Timestamp: time.Now().Unix(),
})

//Store user's last session so don't have to go through sso again while changing org.
newUser.UsersLastSession = sessionToken
}

err = SetUser(ctx, newUser, true)
if err != nil {
Expand Down
Loading