Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Easily addressable PR feedback #99

Merged
merged 9 commits into from
Feb 15, 2020
Merged

Easily addressable PR feedback #99

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
8103c52
run go mod
tyrannosaurus-becks Feb 14, 2020
a2354e2
strip unused err
tyrannosaurus-becks Feb 14, 2020
b206ac3
strip inconsequential cases
tyrannosaurus-becks Feb 14, 2020
95b34da
refactor go var name id_token to idToken
tyrannosaurus-becks Feb 14, 2020
7888502
fix test
tyrannosaurus-becks Feb 15, 2020
99706fd
rename id_token in another place
tyrannosaurus-becks Feb 15, 2020
62e5ccc
update logic in parseMounts
tyrannosaurus-becks Feb 15, 2020
a70fc06
Put back error
Feb 15, 2020
a4e21c7
Restore parseMount
Feb 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions cli.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,11 +116,10 @@ func callbackHandler(c *api.Client, mount string, doneCh chan<- loginResp) http.
return func(w http.ResponseWriter, req *http.Request) {
var response string
var secret *api.Secret
var err error

defer func() {
w.Write([]byte(response))
doneCh <- loginResp{secret, err}
doneCh <- loginResp{secret, nil}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error that was here is the one that gets set on line 150.

}()

// Pull any parameters from either the body or query parameters.
Expand Down Expand Up @@ -148,7 +147,7 @@ func callbackHandler(c *api.Client, mount string, doneCh chan<- loginResp) http.
delete(data, "id_token")
}

secret, err = c.Logical().ReadWithData(fmt.Sprintf("auth/%s/oidc/callback", mount), data)
secret, err := c.Logical().ReadWithData(fmt.Sprintf("auth/%s/oidc/callback", mount), data)
if err != nil {
summary, detail := parseError(err)
response = errorHTML(summary, detail)
Expand Down
2 changes: 1 addition & 1 deletion path_config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -323,7 +323,7 @@ type jwtConfig struct {
OIDCClientID string `json:"oidc_client_id"`
OIDCClientSecret string `json:"oidc_client_secret"`
OIDCResponseMode string `json:"oidc_response_mode"`
OIDCResponseTypes []string `json:"oidc_response_types`
OIDCResponseTypes []string `json:"oidc_response_types"`
JWKSURL string `json:"jwks_url"`
JWKSCAPEM string `json:"jwks_ca_pem"`
JWTValidationPubKeys []string `json:"jwt_validation_pubkeys"`
Expand Down
26 changes: 12 additions & 14 deletions path_oidc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ type oidcState struct {
nonce string
redirectURI string
code string
id_token string
idToken string
}

func pathOIDC(b *jwtAuthBackend) []*framework.Path {
Expand Down Expand Up @@ -115,7 +115,7 @@ func (b *jwtAuthBackend) pathCallbackPost(ctx context.Context, req *logical.Requ

stateID := d.Get("state").(string)
code := d.Get("code").(string)
id_token := d.Get("id_token").(string)
idToken := d.Get("id_token").(string)

resp := &logical.Response{
Data: map[string]interface{}{
Expand All @@ -125,7 +125,7 @@ func (b *jwtAuthBackend) pathCallbackPost(ctx context.Context, req *logical.Requ
}

// Store the provided code and/or token into state, which must already exist.
state, err := b.amendState(stateID, code, id_token)
state, err := b.amendState(stateID, code, idToken)
if err != nil {
resp.Data[logical.HTTPRawBody] = []byte(errorHTML(errLoginFailed, "Expired or missing OAuth state."))
resp.Data[logical.HTTPStatusCode] = http.StatusBadRequest
Expand Down Expand Up @@ -204,10 +204,10 @@ func (b *jwtAuthBackend) pathCallback(ctx context.Context, req *logical.Request,
}

if code == "" {
if state.id_token == "" {
if state.idToken == "" {
return logical.ErrorResponse(errLoginFailed + " No code or id_token received."), nil
}
rawToken = state.id_token
rawToken = state.idToken
} else {
oauth2Token, err = oauth2Config.Exchange(oidcCtx, code)
if err != nil {
Expand Down Expand Up @@ -440,15 +440,15 @@ func (b *jwtAuthBackend) createState(rolename, redirectURI string) (string, stri
return stateID, nonce, nil
}

func (b *jwtAuthBackend) amendState(stateID, code, id_token string) (*oidcState, error) {
func (b *jwtAuthBackend) amendState(stateID, code, idToken string) (*oidcState, error) {
stateRaw, ok := b.oidcStates.Get(stateID)
if !ok {
return nil, errors.New("OIDC state not found")
}

state := stateRaw.(*oidcState)
state.code = code
state.id_token = id_token
state.idToken = idToken

b.oidcStates.SetDefault(stateID, state)

Expand Down Expand Up @@ -502,12 +502,10 @@ func validRedirect(uri string, allowed []string) bool {

// parseMount attempts to extract the mount path from a redirect URI.
func parseMount(redirectURI string) string {
parts := strings.Split(redirectURI, "/")

for i := 0; i+2 < len(parts); i++ {
if parts[i] == "v1" && parts[i+1] == "auth" {
return parts[i+2]
}
parts := strings.Split(redirectURI, "/v1/auth/")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually...it doesn't work and I restore the old code and revised the test. We only want the immediate next element, not the rest of the path.

if len(parts) != 2 {
// This doesn't look like an auth engine mount.
return ""
}
return ""
return parts[1]
}
9 changes: 9 additions & 0 deletions path_oidc_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -942,3 +942,12 @@ func sampleClaims(nonce string) map[string]interface{} {
"password": "foo",
}
}

func TestParseMount(t *testing.T) {
if result := parseMount("https://example.com/v1/auth/oidc"); result != "oidc" {
t.Fatalf("unexpected result: %s", result)
}
if result := parseMount("https://example.com/v1/auth/oidc/foo"); result != "oidc/foo" {
t.Fatalf("unexpected result: %s", result)
}
}
5 changes: 2 additions & 3 deletions vendor/github.com/golang/protobuf/proto/properties.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 13 additions & 0 deletions vendor/github.com/hashicorp/go-hclog/interceptlogger.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

59 changes: 50 additions & 9 deletions vendor/github.com/hashicorp/go-hclog/intlogger.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 22 additions & 0 deletions vendor/github.com/hashicorp/go-hclog/logger.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions vendor/github.com/hashicorp/go-hclog/nulllogger.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions vendor/github.com/hashicorp/go-kms-wrapping/.gitignore
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading