authelia/internal/duo/duo.go

package duo

import (
	"encoding/json"
	"net/url"

	duoapi "github.com/duosecurity/duo_api_golang"
	"github.com/valyala/fasthttp"

	"github.com/authelia/authelia/v4/internal/middlewares"
	"github.com/authelia/authelia/v4/internal/session"
)

// NewDuoAPI create duo API instance.
func NewDuoAPI(duoAPI *duoapi.DuoApi) *APIImpl {
	return &APIImpl{
		DuoApi: duoAPI,
	}
}

// Call performs a request to the DuoAPI.
func (d *APIImpl) Call(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, values url.Values, method string, path string) (*Response, error) {
	var response Response

	_, responseBytes, err := d.DuoApi.SignedCall(method, path, values)
	if err != nil {
		return nil, err
	}

	ctx.Logger.Tracef("Duo endpoint: %s response raw data for %s from IP %s: %s", path, userSession.Username, ctx.RemoteIP().String(), string(responseBytes))

	err = json.Unmarshal(responseBytes, &response)
	if err != nil {
		return nil, err
	}

	if response.Stat == "FAIL" {
		ctx.Logger.Warnf(
			"Duo Push Auth failed to process the auth request for %s from %s: %s (%s), error code %d.",
			userSession.Username, ctx.RemoteIP().String(),
			response.Message, response.MessageDetail, response.Code)
	}

	return &response, nil
}

// PreAuthCall performs a preauth request to the DuoAPI.
func (d *APIImpl) PreAuthCall(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, values url.Values) (*PreAuthResponse, error) {
	var preAuthResponse PreAuthResponse

	response, err := d.Call(ctx, userSession, values, fasthttp.MethodPost, "/auth/v2/preauth")
	if err != nil {
		return nil, err
	}

	err = json.Unmarshal(response.Response, &preAuthResponse)
	if err != nil {
		return nil, err
	}

	return &preAuthResponse, nil
}

// AuthCall performs an auth request to the DuoAPI.
func (d *APIImpl) AuthCall(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, values url.Values) (*AuthResponse, error) {
	var authResponse AuthResponse

	response, err := d.Call(ctx, userSession, values, fasthttp.MethodPost, "/auth/v2/auth")
	if err != nil {
		return nil, err
	}

	err = json.Unmarshal(response.Response, &authResponse)
	if err != nil {
		return nil, err
	}

	return &authResponse, nil
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`package duo`

			`import (`
			`"encoding/json"`
			`"net/url"`

[MISC] Update durations to notation format and housekeeping (#824) * added regulation validator * made regulations find_time and ban_time values duration notation strings * added DefaultRegulationConfiguration for the validator * made session expiration and inactivity values duration notation strings * TOTP period does not need to be converted because adjustment should be discouraged * moved TOTP defaults to DefaultTOTPConfiguration and removed the consts * arranged the root config validator in configuration file order * adjusted tests for the changes * moved duration notation docs to root of configuration * added references to duration notation where applicable * project wide gofmt and goimports: * run gofmt * run goimports -local github.com/authelia/authelia -w on all files * Make jwt_secret error uniform and add tests * now at 100% coverage for internal/configuration/validator/configuration.go 2020-04-05 12:37:21 +00:00			`duoapi "github.com/duosecurity/duo_api_golang"`
refactor: http verbs etc (#5248) Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-04-15 05:03:14 +00:00			`"github.com/valyala/fasthttp"`
[MISC] Add Detailed DUO Push Logging (#664) * [MISC] Add Detailed DUO Push Logging - Added trace logging for all response data from the DUO API - Added warning messages on auth failures - Added debug logging when DUO auth begins - Updated mocks/unit tests to use the AutheliaCtx as required 2020-03-01 00:51:11 +00:00
fix: include major in go.mod module directive (#2278) * build: include major in go.mod module directive * fix: xflags * revert: cobra changes * fix: mock doc 2021-08-11 01:04:35 +00:00			`"github.com/authelia/authelia/v4/internal/middlewares"`
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`"github.com/authelia/authelia/v4/internal/session"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`)`

[CI] Add godot linter (#958) * [CI] Add godot linter * Implement godot recommendations 2020-05-02 05:06:39 +00:00			`// NewDuoAPI create duo API instance.`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`func NewDuoAPI(duoAPI duoapi.DuoApi) APIImpl {`
fix(notification): text emails not encoded properly (#3854) This fixes an issue where the plain text portion of emails is not encoded with quoted printable encoding. 2022-08-26 21:39:20 +00:00			`return &APIImpl{`
			`DuoApi: duoAPI,`
			`}`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`}`

feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`// Call performs a request to the DuoAPI.`
			`func (d APIImpl) Call(ctx middlewares.AutheliaCtx, userSession session.UserSession, values url.Values, method string, path string) (Response, error) {`
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-05 19:35:32 +00:00			`var response Response`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
feat(duo): multi device selection (#2137) Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator. Closes #594. Closes #1039. 2021-12-01 03:32:58 +00:00			`_, responseBytes, err := d.DuoApi.SignedCall(method, path, values)`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`if err != nil {`
			`return nil, err`
			`}`

feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`ctx.Logger.Tracef("Duo endpoint: %s response raw data for %s from IP %s: %s", path, userSession.Username, ctx.RemoteIP().String(), string(responseBytes))`
[MISC] Add Detailed DUO Push Logging (#664) * [MISC] Add Detailed DUO Push Logging - Added trace logging for all response data from the DUO API - Added warning messages on auth failures - Added debug logging when DUO auth begins - Updated mocks/unit tests to use the AutheliaCtx as required 2020-03-01 00:51:11 +00:00
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`err = json.Unmarshal(responseBytes, &response)`
			`if err != nil {`
			`return nil, err`
			`}`
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-05 19:35:32 +00:00
feat(duo): multi device selection (#2137) Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator. Closes #594. Closes #1039. 2021-12-01 03:32:58 +00:00			`if response.Stat == "FAIL" {`
			`ctx.Logger.Warnf(`
			`"Duo Push Auth failed to process the auth request for %s from %s: %s (%s), error code %d.",`
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`userSession.Username, ctx.RemoteIP().String(),`
feat(duo): multi device selection (#2137) Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator. Closes #594. Closes #1039. 2021-12-01 03:32:58 +00:00			`response.Message, response.MessageDetail, response.Code)`
			`}`

Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`return &response, nil`
			`}`
feat(duo): multi device selection (#2137) Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator. Closes #594. Closes #1039. 2021-12-01 03:32:58 +00:00
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`// PreAuthCall performs a preauth request to the DuoAPI.`
			`func (d APIImpl) PreAuthCall(ctx middlewares.AutheliaCtx, userSession session.UserSession, values url.Values) (PreAuthResponse, error) {`
feat(duo): multi device selection (#2137) Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator. Closes #594. Closes #1039. 2021-12-01 03:32:58 +00:00			`var preAuthResponse PreAuthResponse`

refactor: http verbs etc (#5248) Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-04-15 05:03:14 +00:00			`response, err := d.Call(ctx, userSession, values, fasthttp.MethodPost, "/auth/v2/preauth")`
feat(duo): multi device selection (#2137) Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator. Closes #594. Closes #1039. 2021-12-01 03:32:58 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`err = json.Unmarshal(response.Response, &preAuthResponse)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return &preAuthResponse, nil`
			`}`

feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`// AuthCall performs an auth request to the DuoAPI.`
			`func (d APIImpl) AuthCall(ctx middlewares.AutheliaCtx, userSession session.UserSession, values url.Values) (AuthResponse, error) {`
feat(duo): multi device selection (#2137) Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator. Closes #594. Closes #1039. 2021-12-01 03:32:58 +00:00			`var authResponse AuthResponse`

refactor: http verbs etc (#5248) Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-04-15 05:03:14 +00:00			`response, err := d.Call(ctx, userSession, values, fasthttp.MethodPost, "/auth/v2/auth")`
feat(duo): multi device selection (#2137) Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator. Closes #594. Closes #1039. 2021-12-01 03:32:58 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`err = json.Unmarshal(response.Response, &authResponse)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return &authResponse, nil`
			`}`