| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- package discourse
- import (
- "crypto/hmac"
- "crypto/sha256"
- "encoding/base64"
- "encoding/hex"
- "fmt"
- "net/url"
- "github.com/google/uuid"
- )
- // SsoConfig - Configuration for an SSO Request
- type SsoConfig struct {
- Endpoint string
- ReturnEndpoint string
- Secret string
- UUID uuid.UUID
- }
- // GetSSORequestURL - gets a url for an sso request
- func GetSSORequestURL(config SsoConfig) string {
- url := generateSSORequestURL(config)
- return url
- }
- // ValidateSsoResponse - Validate the signature on the sso response
- func ValidateSsoResponse(sso, sig, secret string) bool {
- ssoDataSig := computeHmac256(sso, secret)
- return sig == ssoDataSig
- }
- func generateSSORequestURL(config SsoConfig) string {
- // Build the query string payload
- payload := fmt.Sprintf("nonce=%s&return_sso_url=%s", config.UUID, config.ReturnEndpoint)
- // Base64 encode the payload
- base64Payload := base64.StdEncoding.EncodeToString([]byte(payload))
- // Urlencode the
- URLEncodedPayload := url.QueryEscape(base64Payload)
- // Get a hex signature for this payload with the sso secret
- hexSignature := computeHmac256(base64Payload, config.Secret)
- ssoURL := fmt.Sprintf("%s?sso=%s&sig=%s", config.Endpoint, URLEncodedPayload, hexSignature)
- return ssoURL
- }
- // Create a hex signature from a message and secret
- func computeHmac256(message string, secret string) string {
- key := []byte(secret)
- h := hmac.New(sha256.New, key)
- h.Write([]byte(message))
- return hex.EncodeToString(h.Sum(nil))
- }
|
