From 6f86efb594721bc577c56b284f5f2499e563c45c Mon Sep 17 00:00:00 2001 From: Patrick O'Doherty Date: Mon, 23 May 2016 17:56:15 +0100 Subject: Don't allow wide-open Google or Github configs Fail loudly if either the google_opts domain value or github_opts organization values are not set in the configuration. The lack of these values means that a) in the Google case any @gmail.com address will be allowed b) the Github case any Github user will be allowed. This was previously documented but left as a foot-gun in the code. Future commits will allow for explicit wildcards to be set. --- server/auth/google/google_test.go | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'server/auth/google/google_test.go') diff --git a/server/auth/google/google_test.go b/server/auth/google/google_test.go index c6a3def..4d41986 100644 --- a/server/auth/google/google_test.go +++ b/server/auth/google/google_test.go @@ -19,7 +19,7 @@ var ( func TestNew(t *testing.T) { a := assert.New(t) - p := newGoogle() + p, _ := newGoogle() g := p.(*Config) a.Equal(g.config.ClientID, oauthClientID) a.Equal(g.config.ClientSecret, oauthClientSecret) @@ -27,10 +27,22 @@ func TestNew(t *testing.T) { a.Equal(g.domain, domain) } +func TestNewWithoutDomain(t *testing.T) { + a := assert.New(t) + + domain = "" + + _, err := newGoogle() + a.EqualError(err, "google_opts domain must not be empty") + + domain = "example.com" +} + func TestStartSession(t *testing.T) { a := assert.New(t) - p := newGoogle() + p, err := newGoogle() + a.NoError(err) s := p.StartSession("test_state") a.Equal(s.State, "test_state") a.Contains(s.AuthURL, "accounts.google.com/o/oauth2/auth") @@ -39,13 +51,12 @@ func TestStartSession(t *testing.T) { a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", oauthClientID)) } -func newGoogle() auth.Provider { +func newGoogle() (auth.Provider, error) { c := &config.Auth{ OauthClientID: oauthClientID, OauthClientSecret: oauthClientSecret, OauthCallbackURL: oauthCallbackURL, ProviderOpts: map[string]string{"domain": domain}, } - c.ProviderOpts["domain"] = domain return New(c) } -- cgit v1.2.3