fix (session): expand session information

To handle scenarios where we need to know the whole session information
to make decisions such as in our use case: authorisation

server/common/config.go

@@ -84,6 +84,7 @@ func NewConfiguration() Configuration {
 					FormElement{Name: "filepage_default_view", Type: "select", Default: "grid", Opts: []string{"list", "grid"}, Description: "Default layout for files and folder on the file page"},
 					FormElement{Name: "filepage_default_sort", Type: "select", Default: "type", Opts: []string{"type", "date", "name"}, Description: "Default order for files and folder on the file page"},
 					FormElement{Name: "cookie_timeout", Type: "number", Default: 60 * 24 * 7, Description: "Authentication Cookie expiration in minutes. Default: 60 * 24 * 7 = 1 week"},
+					FormElement{Name: "extended_session", Type: "boolean", Default: false, Description: "Store extra auth data in session"},
 					FormElement{Name: "custom_css", Type: "long_text", Default: "", Description: "Set custom css code for your instance"},
 				},
 			},

server/common/crypto.go

@@ -200,9 +200,10 @@ func GenerateID(params map[string]string) string {
 
 	for _, key := range orderedKeys {
 		switch key {
-		case "timestamp":
 		case "password":
 		case "path":
+		case "session":
+		case "timestamp":
 		default:
 			if val := params[key]; val != "" {
 				p += key + "=>" + params[key] + ", "

server/ctrl/session.go

@@ -320,7 +320,7 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request)
 	// Step2: End of the authentication process. Could come from:
 	// - target of a html form. eg: ldap, mysql, ...
 	// - identity provider redirection uri. eg: oauth2, openid, ...
-	templateBind, err := plugin.Callback(formData, idpParams, res)
+	pluginCallback, err := plugin.Callback(formData, idpParams, res)
 	if err == ErrAuthenticationFailed {
 		Log.Warning("failed authentication - %s", err.Error())
 		http.Redirect(
@@ -340,7 +340,7 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request)
 	} else if err != nil { // response handled directly within a plugin
 		return
 	}
-	templateBind = TmplParams(templateBind)
+	templateBind := TmplParams(pluginCallback)
 
 	var (
 		label = ""
@@ -426,6 +426,12 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request)
 			mappingToUse[k] = out
 		}
 		mappingToUse["timestamp"] = time.Now().Format(time.RFC3339)
+		if label != "" && Config.Get("general.extended_session").Bool() {
+			pluginCallback["label"] = label
+			if jsonStr, err := json.Marshal(pluginCallback); err == nil {
+				mappingToUse["session"] = string(jsonStr)
+			}
+		}
 		return mappingToUse, nil
 	}(templateBind)
 	if err != nil {

server/ctrl/tmpl.go

@@ -38,14 +38,18 @@ func TmplExec(params string, input map[string]string) (string, error) {
 }
 
 func TmplParams(data map[string]string) map[string]string {
-	data["machine_id"] = GenerateMachineID()
+	out := map[string]string{}
+	for key, value := range data {
+		out[key] = value
+	}
+	out["machine_id"] = GenerateMachineID()
 	for _, value := range os.Environ() {
 		pair := strings.SplitN(value, "=", 2)
 		if len(pair) == 2 {
-			data[fmt.Sprintf("ENV_%s", pair[0])] = pair[1]
+			out[fmt.Sprintf("ENV_%s", pair[0])] = pair[1]
 		}
 	}
-	return data
+	return out
 }
 
 var tmplFuncs = template.FuncMap{