1 // Copyright 2019 Palantir Technologies, Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package saml 16 17 import ( 18 "net/http" 19 "time" 20 ) 21 22 // IDStore stores the request id for SAML auth flows 23 type IDStore interface { 24 // StoreID stores a request ID in such a way that it can be 25 // retreived later using GetIDs 26 StoreID(w http.ResponseWriter, r *http.Request, id string) error 27 28 // GetIDs returns the currently valid request ID for SAML authentication 29 // If no ID is found an empty string should be returned without an error 30 GetID(r *http.Request) (string, error) 31 } 32 33 // cookieIDStore is the default insecure id store useful for testing and development. 34 // for producion use cases a secure tamper proof implementation of IDStore is strongly recommended. 35 type cookieIDStore struct{} 36 37 func (c cookieIDStore) StoreID(w http.ResponseWriter, _ *http.Request, id string) error { 38 39 http.SetCookie(w, &http.Cookie{ 40 Name: "saml_id", 41 Value: id, 42 MaxAge: int(5 * time.Minute.Seconds()), 43 HttpOnly: true, 44 Path: "/", 45 }) 46 47 return nil 48 } 49 50 func (c cookieIDStore) GetID(r *http.Request) (string, error) { 51 cookie, err := r.Cookie("saml_id") 52 if err != nil { 53 if err == http.ErrNoCookie { 54 return "", nil 55 } 56 57 return "", err 58 } 59 60 return cookie.Value, nil 61 } 62