Require level 4 auth

pasientskyhosting · Jul 6, 2021 · c782a1f · c782a1f
1 parent eb76715
commit c782a1f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-VERSION ?= v1.0.2
+VERSION ?= v1.0.3
 run:
 	go run -ldflags="-X main.version=${VERSION} -X main.date=$(shell date '+%Y-%m-%dT%H:%M:%S%z')" src/main.go
 

diff --git a/forwardproxy.go b/forwardproxy.go
@@ -207,6 +207,14 @@ func (fp *ForwardProxy) checkCredentialsExternal(r *http.Request) error {
 	// check the token type
 	tokenType := gjson.GetBytes(data, "tokenType")
 	if tokenType.String() == "serviceProviderToken" {
+		// Check auth level
+		securityLevel := gjson.GetBytes(data, "accessContext.authenticationMethod.securityLevel")
+		if securityLevel.Exists() {
+			if securityLevel.String() != "4" {
+				fmt.Println("Insufficient security level " + securityLevel.String())
+				return errors.New(fmt.Sprintf("Insufficient security level: %s", securityLevel.String()))
+			}
+		}
 		// Check module access
 		access := gjson.GetBytes(data, fmt.Sprintf(`accessContext.%s.#(id="%s")`, fp.accessContext, fp.accessContextID))
 		// `accessContext.features.#(id="ps_norwegian_healthcare_integration_electronic_messages")`