aboutsummaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authorNiall Sheridan <nsheridan@gmail.com>2017-02-11 20:20:35 +0000
committerNiall Sheridan <nsheridan@gmail.com>2017-02-11 20:20:35 +0000
commit9c344a0a95c44ef9cebade7b8a65ac160d9eb900 (patch)
treeaa3782547656b26a55527295c78aa0b8621f8676 /server
parent376b8f670a9c80e8ae69581a354cb989571c44c2 (diff)
Revert "Remove the oauth_callback_url config option"
Diffstat (limited to 'server')
-rw-r--r--server/auth/github/github.go4
-rw-r--r--server/auth/github/github_test.go10
-rw-r--r--server/auth/gitlab/gitlab.go5
-rw-r--r--server/auth/gitlab/gitlab_test.go13
-rw-r--r--server/auth/google/google.go4
-rw-r--r--server/auth/google/google_test.go9
-rw-r--r--server/auth/provider.go18
-rw-r--r--server/auth/provider_test.go30
-rw-r--r--server/auth/testprovider/testprovider.go3
-rw-r--r--server/config/config.go1
-rw-r--r--server/config/config_test.go1
-rw-r--r--server/config/testdata/test.config1
12 files changed, 25 insertions, 74 deletions
diff --git a/server/auth/github/github.go b/server/auth/github/github.go
index c985eed..46cf76a 100644
--- a/server/auth/github/github.go
+++ b/server/auth/github/github.go
@@ -40,6 +40,7 @@ func New(c *config.Auth) (*Config, error) {
config: &oauth2.Config{
ClientID: c.OauthClientID,
ClientSecret: c.OauthClientSecret,
+ RedirectURL: c.OauthCallbackURL,
Endpoint: github.Endpoint,
Scopes: []string{
string(githubapi.ScopeUser),
@@ -90,8 +91,7 @@ func (c *Config) Revoke(token *oauth2.Token) error {
}
// StartSession retrieves an authentication endpoint from Github.
-func (c *Config) StartSession(state string, r *http.Request) *auth.Session {
- c.config.RedirectURL = auth.Oauth2RedirectURL(r)
+func (c *Config) StartSession(state string) *auth.Session {
return &auth.Session{
AuthURL: c.config.AuthCodeURL(state),
}
diff --git a/server/auth/github/github_test.go b/server/auth/github/github_test.go
index d9d5f00..8c51f4f 100644
--- a/server/auth/github/github_test.go
+++ b/server/auth/github/github_test.go
@@ -2,7 +2,6 @@ package github
import (
"fmt"
- "net/http"
"testing"
"github.com/nsheridan/cashier/server/config"
@@ -23,11 +22,13 @@ func TestNew(t *testing.T) {
p, _ := New(&config.Auth{
OauthClientID: oauthClientID,
OauthClientSecret: oauthClientSecret,
+ OauthCallbackURL: oauthCallbackURL,
ProviderOpts: map[string]string{"organization": organization},
UsersWhitelist: users,
})
a.Equal(p.config.ClientID, oauthClientID)
a.Equal(p.config.ClientSecret, oauthClientSecret)
+ a.Equal(p.config.RedirectURL, oauthCallbackURL)
a.Equal(p.organization, organization)
a.Equal(p.whitelist, map[string]bool{"user": true})
}
@@ -36,6 +37,7 @@ func TestWhitelist(t *testing.T) {
c := &config.Auth{
OauthClientID: oauthClientID,
OauthClientSecret: oauthClientSecret,
+ OauthCallbackURL: oauthCallbackURL,
ProviderOpts: map[string]string{"organization": ""},
UsersWhitelist: []string{},
}
@@ -59,10 +61,7 @@ func TestStartSession(t *testing.T) {
a := assert.New(t)
p, _ := newGithub()
- r := &http.Request{
- Host: oauthCallbackURL,
- }
- s := p.StartSession("test_state", r)
+ s := p.StartSession("test_state")
a.Contains(s.AuthURL, "github.com/login/oauth/authorize")
a.Contains(s.AuthURL, "state=test_state")
a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", oauthClientID))
@@ -72,6 +71,7 @@ func newGithub() (*Config, error) {
c := &config.Auth{
OauthClientID: oauthClientID,
OauthClientSecret: oauthClientSecret,
+ OauthCallbackURL: oauthCallbackURL,
ProviderOpts: map[string]string{"organization": organization},
}
return New(c)
diff --git a/server/auth/gitlab/gitlab.go b/server/auth/gitlab/gitlab.go
index 27edafa..f76b2e8 100644
--- a/server/auth/gitlab/gitlab.go
+++ b/server/auth/gitlab/gitlab.go
@@ -2,7 +2,6 @@ package gitlab
import (
"errors"
- "net/http"
"strconv"
"github.com/nsheridan/cashier/server/auth"
@@ -52,6 +51,7 @@ func New(c *config.Auth) (*Config, error) {
config: &oauth2.Config{
ClientID: c.OauthClientID,
ClientSecret: c.OauthClientSecret,
+ RedirectURL: c.OauthCallbackURL,
Endpoint: oauth2.Endpoint{
AuthURL: siteURL + "oauth/authorize",
TokenURL: siteURL + "oauth/token",
@@ -110,8 +110,7 @@ func (c *Config) Revoke(token *oauth2.Token) error {
}
// StartSession retrieves an authentication endpoint from Gitlab.
-func (c *Config) StartSession(state string, r *http.Request) *auth.Session {
- c.config.RedirectURL = auth.Oauth2RedirectURL(r)
+func (c *Config) StartSession(state string) *auth.Session {
return &auth.Session{
AuthURL: c.config.AuthCodeURL(state),
}
diff --git a/server/auth/gitlab/gitlab_test.go b/server/auth/gitlab/gitlab_test.go
index 676cda2..39c2701 100644
--- a/server/auth/gitlab/gitlab_test.go
+++ b/server/auth/gitlab/gitlab_test.go
@@ -2,7 +2,6 @@ package gitlab
import (
"fmt"
- "net/http"
"testing"
"github.com/nsheridan/cashier/server/auth"
@@ -26,6 +25,7 @@ func TestNew(t *testing.T) {
g := p.(*Config)
a.Equal(g.config.ClientID, oauthClientID)
a.Equal(g.config.ClientSecret, oauthClientSecret)
+ a.Equal(g.config.RedirectURL, oauthCallbackURL)
}
func TestNewBrokenSiteURL(t *testing.T) {
@@ -55,10 +55,7 @@ func TestGoodAllUsers(t *testing.T) {
a := assert.New(t)
p, _ := newGitlab()
- r := &http.Request{
- Host: oauthCallbackURL,
- }
- s := p.StartSession("test_state", r)
+ s := p.StartSession("test_state")
a.Contains(s.AuthURL, "exampleorg/oauth/authorize")
a.Contains(s.AuthURL, "state=test_state")
a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", oauthClientID))
@@ -80,10 +77,7 @@ func TestStartSession(t *testing.T) {
a := assert.New(t)
p, _ := newGitlab()
- r := &http.Request{
- Host: oauthCallbackURL,
- }
- s := p.StartSession("test_state", r)
+ s := p.StartSession("test_state")
a.Contains(s.AuthURL, "exampleorg/oauth/authorize")
a.Contains(s.AuthURL, "state=test_state")
a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", oauthClientID))
@@ -93,6 +87,7 @@ func newGitlab() (auth.Provider, error) {
c := &config.Auth{
OauthClientID: oauthClientID,
OauthClientSecret: oauthClientSecret,
+ OauthCallbackURL: oauthCallbackURL,
ProviderOpts: map[string]string{
"group": group,
"siteurl": siteurl,
diff --git a/server/auth/google/google.go b/server/auth/google/google.go
index 305b6f4..8c6f53b 100644
--- a/server/auth/google/google.go
+++ b/server/auth/google/google.go
@@ -43,6 +43,7 @@ func New(c *config.Auth) (*Config, error) {
config: &oauth2.Config{
ClientID: c.OauthClientID,
ClientSecret: c.OauthClientSecret,
+ RedirectURL: c.OauthCallbackURL,
Endpoint: google.Endpoint,
Scopes: []string{googleapi.UserinfoEmailScope, googleapi.UserinfoProfileScope},
},
@@ -100,8 +101,7 @@ func (c *Config) Revoke(token *oauth2.Token) error {
}
// StartSession retrieves an authentication endpoint from Google.
-func (c *Config) StartSession(state string, r *http.Request) *auth.Session {
- c.config.RedirectURL = auth.Oauth2RedirectURL(r)
+func (c *Config) StartSession(state string) *auth.Session {
return &auth.Session{
AuthURL: c.config.AuthCodeURL(state, oauth2.SetAuthURLParam("hd", c.domain)),
}
diff --git a/server/auth/google/google_test.go b/server/auth/google/google_test.go
index 4d6191b..b3d2633 100644
--- a/server/auth/google/google_test.go
+++ b/server/auth/google/google_test.go
@@ -2,7 +2,6 @@ package google
import (
"fmt"
- "net/http"
"testing"
"github.com/nsheridan/cashier/server/config"
@@ -23,6 +22,7 @@ func TestNew(t *testing.T) {
a.NoError(err)
a.Equal(p.config.ClientID, oauthClientID)
a.Equal(p.config.ClientSecret, oauthClientSecret)
+ a.Equal(p.config.RedirectURL, oauthCallbackURL)
a.Equal(p.domain, domain)
a.Equal(p.whitelist, map[string]bool{"user": true})
}
@@ -31,6 +31,7 @@ func TestWhitelist(t *testing.T) {
c := &config.Auth{
OauthClientID: oauthClientID,
OauthClientSecret: oauthClientSecret,
+ OauthCallbackURL: oauthCallbackURL,
ProviderOpts: map[string]string{"domain": ""},
UsersWhitelist: []string{},
}
@@ -55,10 +56,7 @@ func TestStartSession(t *testing.T) {
p, err := newGoogle()
a.NoError(err)
- r := &http.Request{
- Host: oauthCallbackURL,
- }
- s := p.StartSession("test_state", r)
+ s := p.StartSession("test_state")
a.Contains(s.AuthURL, "accounts.google.com/o/oauth2/auth")
a.Contains(s.AuthURL, "state=test_state")
a.Contains(s.AuthURL, fmt.Sprintf("hd=%s", domain))
@@ -69,6 +67,7 @@ func newGoogle() (*Config, error) {
c := &config.Auth{
OauthClientID: oauthClientID,
OauthClientSecret: oauthClientSecret,
+ OauthCallbackURL: oauthCallbackURL,
ProviderOpts: map[string]string{"domain": domain},
UsersWhitelist: users,
}
diff --git a/server/auth/provider.go b/server/auth/provider.go
index d4a8e58..06dc1c9 100644
--- a/server/auth/provider.go
+++ b/server/auth/provider.go
@@ -1,16 +1,11 @@
package auth
-import (
- "fmt"
- "net/http"
-
- "golang.org/x/oauth2"
-)
+import "golang.org/x/oauth2"
// Provider is an abstraction of different auth methods.
type Provider interface {
Name() string
- StartSession(string, *http.Request) *Session
+ StartSession(string) *Session
Exchange(string) (*oauth2.Token, error)
Username(*oauth2.Token) string
Valid(*oauth2.Token) bool
@@ -33,12 +28,3 @@ func (s *Session) Authorize(provider Provider, code string) error {
s.Token = t
return nil
}
-
-// Oauth2RedirectURL returns an OAuth redirect_uri for this request.
-func Oauth2RedirectURL(r *http.Request) string {
- protocol := "http"
- if r.TLS != nil {
- protocol = "https"
- }
- return fmt.Sprintf("%s://%s/auth/callback", protocol, r.Host)
-}
diff --git a/server/auth/provider_test.go b/server/auth/provider_test.go
deleted file mode 100644
index e35dcea..0000000
--- a/server/auth/provider_test.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package auth
-
-import (
- "crypto/tls"
- "net/http"
- "testing"
-)
-
-func TestHTTP(t *testing.T) {
- want := "http://example.com/auth/callback"
- r := &http.Request{
- Host: "example.com",
- }
- ret := Oauth2RedirectURL(r)
- if want != ret {
- t.Errorf("Wanted %s, got %s", want, ret)
- }
-}
-
-func TestHTTPS(t *testing.T) {
- want := "https://example.com/auth/callback"
- r := &http.Request{
- Host: "example.com",
- TLS: &tls.ConnectionState{},
- }
- ret := Oauth2RedirectURL(r)
- if want != ret {
- t.Errorf("Wanted %s, got %s", want, ret)
- }
-}
diff --git a/server/auth/testprovider/testprovider.go b/server/auth/testprovider/testprovider.go
index 0bc2397..e30b04a 100644
--- a/server/auth/testprovider/testprovider.go
+++ b/server/auth/testprovider/testprovider.go
@@ -1,7 +1,6 @@
package testprovider
import (
- "net/http"
"time"
"github.com/nsheridan/cashier/server/auth"
@@ -39,7 +38,7 @@ func (c *Config) Revoke(token *oauth2.Token) error {
}
// StartSession retrieves an authentication endpoint.
-func (c *Config) StartSession(state string, r *http.Request) *auth.Session {
+func (c *Config) StartSession(state string) *auth.Session {
return &auth.Session{
AuthURL: "https://www.example.com/auth",
}
diff --git a/server/config/config.go b/server/config/config.go
index 794ba8a..422a135 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -43,6 +43,7 @@ type Server struct {
type Auth struct {
OauthClientID string `hcl:"oauth_client_id"`
OauthClientSecret string `hcl:"oauth_client_secret"`
+ OauthCallbackURL string `hcl:"oauth_callback_url"`
Provider string `hcl:"provider"`
ProviderOpts map[string]string `hcl:"provider_opts"`
UsersWhitelist []string `hcl:"users_whitelist"`
diff --git a/server/config/config_test.go b/server/config/config_test.go
index e247917..5536a4e 100644
--- a/server/config/config_test.go
+++ b/server/config/config_test.go
@@ -23,6 +23,7 @@ var (
Auth: &Auth{
OauthClientID: "client_id",
OauthClientSecret: "secret",
+ OauthCallbackURL: "https://sshca.example.com/auth/callback",
Provider: "google",
ProviderOpts: map[string]string{"domain": "example.com"},
UsersWhitelist: []string{"a_user"},
diff --git a/server/config/testdata/test.config b/server/config/testdata/test.config
index 6584add..96899e7 100644
--- a/server/config/testdata/test.config
+++ b/server/config/testdata/test.config
@@ -19,6 +19,7 @@ auth {
provider = "google"
oauth_client_id = "client_id"
oauth_client_secret = "secret"
+ oauth_callback_url = "https://sshca.example.com/auth/callback"
provider_opts {
domain = "example.com"
}