update package name (crewjam#594)

more updates to package name

use new saml handler

change from application handler to assertion handler

remove useless coment

Add SamlAssertionHandler to middleware

keep import order

fix spelling

add in BassicAssertionHandler to do nothing by default

fix lint

fix lint

Co-authored-by: Kevin Coxe <[email protected]>

Author: crewjam

samlsp/basic_assertion_handler.go

@@ -0,0 +1,15 @@
+package samlsp
+
+import (
+	"github.com/crewjam/saml"
+)
+
+var _ AssertionHandler = NopAssertionHandler{}
+
+// NopAssertionHandler is an implementation of AssertionHandler that does nothing.
+type NopAssertionHandler struct{}
+
+// HandleAssertion is called and passed a SAML assertion. This implementation does nothing.
+func (as NopAssertionHandler) HandleAssertion(_ *saml.Assertion) error {
+	return nil
+}

samlsp/middleware.go

@@ -40,12 +40,13 @@ import (
 // SAML service provider already has a private key, we borrow that key
 // to sign the JWTs as well.
 type Middleware struct {
-	ServiceProvider saml.ServiceProvider
-	OnError         func(w http.ResponseWriter, r *http.Request, err error)
-	Binding         string // either saml.HTTPPostBinding or saml.HTTPRedirectBinding
-	ResponseBinding string // either saml.HTTPPostBinding or saml.HTTPArtifactBinding
-	RequestTracker  RequestTracker
-	Session         SessionProvider
+	ServiceProvider  saml.ServiceProvider
+	OnError          func(w http.ResponseWriter, r *http.Request, err error)
+	Binding          string // either saml.HTTPPostBinding or saml.HTTPRedirectBinding
+	ResponseBinding  string // either saml.HTTPPostBinding or saml.HTTPArtifactBinding
+	RequestTracker   RequestTracker
+	Session          SessionProvider
+	AssertionHandler AssertionHandler
 }
 
 // ServeHTTP implements http.Handler and serves the SAML-specific HTTP endpoints
@@ -99,6 +100,11 @@ func (m *Middleware) ServeACS(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if handlerErr := m.AssertionHandler.HandleAssertion(assertion); handlerErr != nil {
+		m.OnError(w, r, handlerErr)
+		return
+	}
+
 	m.CreateSessionFromAssertion(w, r, assertion, m.ServiceProvider.DefaultRedirectURI)
 }
 

samlsp/new.go

@@ -131,6 +131,12 @@ func DefaultServiceProvider(opts Options) saml.ServiceProvider {
 	}
 }
 
+// DefaultAssertionHandler returns the default AssertionHandler for the provided options,
+// a NopAssertionHandler configured to do nothing.
+func DefaultAssertionHandler(_ Options) NopAssertionHandler {
+	return NopAssertionHandler{}
+}
+
 // New creates a new Middleware with the default providers for the
 // given options.
 //
@@ -139,11 +145,12 @@ func DefaultServiceProvider(opts Options) saml.ServiceProvider {
 // in the returned Middleware.
 func New(opts Options) (*Middleware, error) {
 	m := &Middleware{
-		ServiceProvider: DefaultServiceProvider(opts),
-		Binding:         "",
-		ResponseBinding: saml.HTTPPostBinding,
-		OnError:         DefaultOnError,
-		Session:         DefaultSessionProvider(opts),
+		ServiceProvider:  DefaultServiceProvider(opts),
+		Binding:          "",
+		ResponseBinding:  saml.HTTPPostBinding,
+		OnError:          DefaultOnError,
+		Session:          DefaultSessionProvider(opts),
+		AssertionHandler: DefaultAssertionHandler(opts),
 	}
 	m.RequestTracker = DefaultRequestTracker(opts, &m.ServiceProvider)
 	if opts.UseArtifactResponse {

samlsp/saml_assertion_handler.go

@@ -0,0 +1,9 @@
+package samlsp
+
+import "github.com/crewjam/saml"
+
+// AssertionHandler is an interface implemented by types that can handle
+// assertions and add extra functionality
+type AssertionHandler interface {
+	HandleAssertion(assertion *saml.Assertion) error
+}