From 9c344a0a95c44ef9cebade7b8a65ac160d9eb900 Mon Sep 17 00:00:00 2001 From: Niall Sheridan Date: Sat, 11 Feb 2017 20:20:35 +0000 Subject: Revert "Remove the oauth_callback_url config option" --- server/auth/github/github.go | 4 ++-- server/auth/github/github_test.go | 10 +++++----- server/auth/gitlab/gitlab.go | 5 ++--- server/auth/gitlab/gitlab_test.go | 13 ++++--------- server/auth/google/google.go | 4 ++-- server/auth/google/google_test.go | 9 ++++----- server/auth/provider.go | 18 ++---------------- server/auth/provider_test.go | 30 ------------------------------ server/auth/testprovider/testprovider.go | 3 +-- server/config/config.go | 1 + server/config/config_test.go | 1 + server/config/testdata/test.config | 1 + 12 files changed, 25 insertions(+), 74 deletions(-) delete mode 100644 server/auth/provider_test.go (limited to 'server') diff --git a/server/auth/github/github.go b/server/auth/github/github.go index c985eed..46cf76a 100644 --- a/server/auth/github/github.go +++ b/server/auth/github/github.go @@ -40,6 +40,7 @@ func New(c *config.Auth) (*Config, error) { config: &oauth2.Config{ ClientID: c.OauthClientID, ClientSecret: c.OauthClientSecret, + RedirectURL: c.OauthCallbackURL, Endpoint: github.Endpoint, Scopes: []string{ string(githubapi.ScopeUser), @@ -90,8 +91,7 @@ func (c *Config) Revoke(token *oauth2.Token) error { } // StartSession retrieves an authentication endpoint from Github. -func (c *Config) StartSession(state string, r *http.Request) *auth.Session { - c.config.RedirectURL = auth.Oauth2RedirectURL(r) +func (c *Config) StartSession(state string) *auth.Session { return &auth.Session{ AuthURL: c.config.AuthCodeURL(state), } diff --git a/server/auth/github/github_test.go b/server/auth/github/github_test.go index d9d5f00..8c51f4f 100644 --- a/server/auth/github/github_test.go +++ b/server/auth/github/github_test.go @@ -2,7 +2,6 @@ package github import ( "fmt" - "net/http" "testing" "github.com/nsheridan/cashier/server/config" @@ -23,11 +22,13 @@ func TestNew(t *testing.T) { p, _ := New(&config.Auth{ OauthClientID: oauthClientID, OauthClientSecret: oauthClientSecret, + OauthCallbackURL: oauthCallbackURL, ProviderOpts: map[string]string{"organization": organization}, UsersWhitelist: users, }) a.Equal(p.config.ClientID, oauthClientID) a.Equal(p.config.ClientSecret, oauthClientSecret) + a.Equal(p.config.RedirectURL, oauthCallbackURL) a.Equal(p.organization, organization) a.Equal(p.whitelist, map[string]bool{"user": true}) } @@ -36,6 +37,7 @@ func TestWhitelist(t *testing.T) { c := &config.Auth{ OauthClientID: oauthClientID, OauthClientSecret: oauthClientSecret, + OauthCallbackURL: oauthCallbackURL, ProviderOpts: map[string]string{"organization": ""}, UsersWhitelist: []string{}, } @@ -59,10 +61,7 @@ func TestStartSession(t *testing.T) { a := assert.New(t) p, _ := newGithub() - r := &http.Request{ - Host: oauthCallbackURL, - } - s := p.StartSession("test_state", r) + s := p.StartSession("test_state") a.Contains(s.AuthURL, "github.com/login/oauth/authorize") a.Contains(s.AuthURL, "state=test_state") a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", oauthClientID)) @@ -72,6 +71,7 @@ func newGithub() (*Config, error) { c := &config.Auth{ OauthClientID: oauthClientID, OauthClientSecret: oauthClientSecret, + OauthCallbackURL: oauthCallbackURL, ProviderOpts: map[string]string{"organization": organization}, } return New(c) diff --git a/server/auth/gitlab/gitlab.go b/server/auth/gitlab/gitlab.go index 27edafa..f76b2e8 100644 --- a/server/auth/gitlab/gitlab.go +++ b/server/auth/gitlab/gitlab.go @@ -2,7 +2,6 @@ package gitlab import ( "errors" - "net/http" "strconv" "github.com/nsheridan/cashier/server/auth" @@ -52,6 +51,7 @@ func New(c *config.Auth) (*Config, error) { config: &oauth2.Config{ ClientID: c.OauthClientID, ClientSecret: c.OauthClientSecret, + RedirectURL: c.OauthCallbackURL, Endpoint: oauth2.Endpoint{ AuthURL: siteURL + "oauth/authorize", TokenURL: siteURL + "oauth/token", @@ -110,8 +110,7 @@ func (c *Config) Revoke(token *oauth2.Token) error { } // StartSession retrieves an authentication endpoint from Gitlab. -func (c *Config) StartSession(state string, r *http.Request) *auth.Session { - c.config.RedirectURL = auth.Oauth2RedirectURL(r) +func (c *Config) StartSession(state string) *auth.Session { return &auth.Session{ AuthURL: c.config.AuthCodeURL(state), } diff --git a/server/auth/gitlab/gitlab_test.go b/server/auth/gitlab/gitlab_test.go index 676cda2..39c2701 100644 --- a/server/auth/gitlab/gitlab_test.go +++ b/server/auth/gitlab/gitlab_test.go @@ -2,7 +2,6 @@ package gitlab import ( "fmt" - "net/http" "testing" "github.com/nsheridan/cashier/server/auth" @@ -26,6 +25,7 @@ func TestNew(t *testing.T) { g := p.(*Config) a.Equal(g.config.ClientID, oauthClientID) a.Equal(g.config.ClientSecret, oauthClientSecret) + a.Equal(g.config.RedirectURL, oauthCallbackURL) } func TestNewBrokenSiteURL(t *testing.T) { @@ -55,10 +55,7 @@ func TestGoodAllUsers(t *testing.T) { a := assert.New(t) p, _ := newGitlab() - r := &http.Request{ - Host: oauthCallbackURL, - } - s := p.StartSession("test_state", r) + s := p.StartSession("test_state") a.Contains(s.AuthURL, "exampleorg/oauth/authorize") a.Contains(s.AuthURL, "state=test_state") a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", oauthClientID)) @@ -80,10 +77,7 @@ func TestStartSession(t *testing.T) { a := assert.New(t) p, _ := newGitlab() - r := &http.Request{ - Host: oauthCallbackURL, - } - s := p.StartSession("test_state", r) + s := p.StartSession("test_state") a.Contains(s.AuthURL, "exampleorg/oauth/authorize") a.Contains(s.AuthURL, "state=test_state") a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", oauthClientID)) @@ -93,6 +87,7 @@ func newGitlab() (auth.Provider, error) { c := &config.Auth{ OauthClientID: oauthClientID, OauthClientSecret: oauthClientSecret, + OauthCallbackURL: oauthCallbackURL, ProviderOpts: map[string]string{ "group": group, "siteurl": siteurl, diff --git a/server/auth/google/google.go b/server/auth/google/google.go index 305b6f4..8c6f53b 100644 --- a/server/auth/google/google.go +++ b/server/auth/google/google.go @@ -43,6 +43,7 @@ func New(c *config.Auth) (*Config, error) { config: &oauth2.Config{ ClientID: c.OauthClientID, ClientSecret: c.OauthClientSecret, + RedirectURL: c.OauthCallbackURL, Endpoint: google.Endpoint, Scopes: []string{googleapi.UserinfoEmailScope, googleapi.UserinfoProfileScope}, }, @@ -100,8 +101,7 @@ func (c *Config) Revoke(token *oauth2.Token) error { } // StartSession retrieves an authentication endpoint from Google. -func (c *Config) StartSession(state string, r *http.Request) *auth.Session { - c.config.RedirectURL = auth.Oauth2RedirectURL(r) +func (c *Config) StartSession(state string) *auth.Session { return &auth.Session{ AuthURL: c.config.AuthCodeURL(state, oauth2.SetAuthURLParam("hd", c.domain)), } diff --git a/server/auth/google/google_test.go b/server/auth/google/google_test.go index 4d6191b..b3d2633 100644 --- a/server/auth/google/google_test.go +++ b/server/auth/google/google_test.go @@ -2,7 +2,6 @@ package google import ( "fmt" - "net/http" "testing" "github.com/nsheridan/cashier/server/config" @@ -23,6 +22,7 @@ func TestNew(t *testing.T) { a.NoError(err) a.Equal(p.config.ClientID, oauthClientID) a.Equal(p.config.ClientSecret, oauthClientSecret) + a.Equal(p.config.RedirectURL, oauthCallbackURL) a.Equal(p.domain, domain) a.Equal(p.whitelist, map[string]bool{"user": true}) } @@ -31,6 +31,7 @@ func TestWhitelist(t *testing.T) { c := &config.Auth{ OauthClientID: oauthClientID, OauthClientSecret: oauthClientSecret, + OauthCallbackURL: oauthCallbackURL, ProviderOpts: map[string]string{"domain": ""}, UsersWhitelist: []string{}, } @@ -55,10 +56,7 @@ func TestStartSession(t *testing.T) { p, err := newGoogle() a.NoError(err) - r := &http.Request{ - Host: oauthCallbackURL, - } - s := p.StartSession("test_state", r) + s := p.StartSession("test_state") a.Contains(s.AuthURL, "accounts.google.com/o/oauth2/auth") a.Contains(s.AuthURL, "state=test_state") a.Contains(s.AuthURL, fmt.Sprintf("hd=%s", domain)) @@ -69,6 +67,7 @@ func newGoogle() (*Config, error) { c := &config.Auth{ OauthClientID: oauthClientID, OauthClientSecret: oauthClientSecret, + OauthCallbackURL: oauthCallbackURL, ProviderOpts: map[string]string{"domain": domain}, UsersWhitelist: users, } diff --git a/server/auth/provider.go b/server/auth/provider.go index d4a8e58..06dc1c9 100644 --- a/server/auth/provider.go +++ b/server/auth/provider.go @@ -1,16 +1,11 @@ package auth -import ( - "fmt" - "net/http" - - "golang.org/x/oauth2" -) +import "golang.org/x/oauth2" // Provider is an abstraction of different auth methods. type Provider interface { Name() string - StartSession(string, *http.Request) *Session + StartSession(string) *Session Exchange(string) (*oauth2.Token, error) Username(*oauth2.Token) string Valid(*oauth2.Token) bool @@ -33,12 +28,3 @@ func (s *Session) Authorize(provider Provider, code string) error { s.Token = t return nil } - -// Oauth2RedirectURL returns an OAuth redirect_uri for this request. -func Oauth2RedirectURL(r *http.Request) string { - protocol := "http" - if r.TLS != nil { - protocol = "https" - } - return fmt.Sprintf("%s://%s/auth/callback", protocol, r.Host) -} diff --git a/server/auth/provider_test.go b/server/auth/provider_test.go deleted file mode 100644 index e35dcea..0000000 --- a/server/auth/provider_test.go +++ /dev/null @@ -1,30 +0,0 @@ -package auth - -import ( - "crypto/tls" - "net/http" - "testing" -) - -func TestHTTP(t *testing.T) { - want := "http://example.com/auth/callback" - r := &http.Request{ - Host: "example.com", - } - ret := Oauth2RedirectURL(r) - if want != ret { - t.Errorf("Wanted %s, got %s", want, ret) - } -} - -func TestHTTPS(t *testing.T) { - want := "https://example.com/auth/callback" - r := &http.Request{ - Host: "example.com", - TLS: &tls.ConnectionState{}, - } - ret := Oauth2RedirectURL(r) - if want != ret { - t.Errorf("Wanted %s, got %s", want, ret) - } -} diff --git a/server/auth/testprovider/testprovider.go b/server/auth/testprovider/testprovider.go index 0bc2397..e30b04a 100644 --- a/server/auth/testprovider/testprovider.go +++ b/server/auth/testprovider/testprovider.go @@ -1,7 +1,6 @@ package testprovider import ( - "net/http" "time" "github.com/nsheridan/cashier/server/auth" @@ -39,7 +38,7 @@ func (c *Config) Revoke(token *oauth2.Token) error { } // StartSession retrieves an authentication endpoint. -func (c *Config) StartSession(state string, r *http.Request) *auth.Session { +func (c *Config) StartSession(state string) *auth.Session { return &auth.Session{ AuthURL: "https://www.example.com/auth", } diff --git a/server/config/config.go b/server/config/config.go index 794ba8a..422a135 100644 --- a/server/config/config.go +++ b/server/config/config.go @@ -43,6 +43,7 @@ type Server struct { type Auth struct { OauthClientID string `hcl:"oauth_client_id"` OauthClientSecret string `hcl:"oauth_client_secret"` + OauthCallbackURL string `hcl:"oauth_callback_url"` Provider string `hcl:"provider"` ProviderOpts map[string]string `hcl:"provider_opts"` UsersWhitelist []string `hcl:"users_whitelist"` diff --git a/server/config/config_test.go b/server/config/config_test.go index e247917..5536a4e 100644 --- a/server/config/config_test.go +++ b/server/config/config_test.go @@ -23,6 +23,7 @@ var ( Auth: &Auth{ OauthClientID: "client_id", OauthClientSecret: "secret", + OauthCallbackURL: "https://sshca.example.com/auth/callback", Provider: "google", ProviderOpts: map[string]string{"domain": "example.com"}, UsersWhitelist: []string{"a_user"}, diff --git a/server/config/testdata/test.config b/server/config/testdata/test.config index 6584add..96899e7 100644 --- a/server/config/testdata/test.config +++ b/server/config/testdata/test.config @@ -19,6 +19,7 @@ auth { provider = "google" oauth_client_id = "client_id" oauth_client_secret = "secret" + oauth_callback_url = "https://sshca.example.com/auth/callback" provider_opts { domain = "example.com" } -- cgit v1.2.3