public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

*: rename Url to URL everywhere 

Go coding style says that acronyms should be all lower or all upper. Fix
Url to URL.
This commit is contained in:
Brandon Philips 2015-11-09 00:47:44 +01:00
parent 1b0144ba75
commit 51a2e4e48c
15 changed files with 151 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
oauthproxy.go
View File

@ -34,7 +34,7 @@ type OauthProxy struct {
OauthStartPath string OauthStartPath string
OauthCallbackPath string OauthCallbackPath string
redirectUrl *url.URL // the url to receive requests at redirectURL *url.URL // the url to receive requests at
provider providers.Provider provider providers.Provider
ProxyPrefix string ProxyPrefix string
SignInMessage string SignInMessage string
@ -88,7 +88,7 @@ func NewFileServer(path string, filesystemPath string) (proxy http.Handler) {
func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
serveMux := http.NewServeMux() serveMux := http.NewServeMux()
for _, u := range opts.proxyUrls { for _, u := range opts.proxyURLs {
path := u.Path path := u.Path
switch u.Scheme { switch u.Scheme {
case "http", "https": case "http", "https":
@ -116,8 +116,8 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
log.Printf("compiled skip-auth-regex => %q", u) log.Printf("compiled skip-auth-regex => %q", u)
} }
redirectUrl := opts.redirectUrl redirectURL := opts.redirectURL
redirectUrl.Path = fmt.Sprintf("%s/callback", opts.ProxyPrefix) redirectURL.Path = fmt.Sprintf("%s/callback", opts.ProxyPrefix)
log.Printf("OauthProxy configured for %s Client ID: %s", opts.provider.Data().ProviderName, opts.ClientID) log.Printf("OauthProxy configured for %s Client ID: %s", opts.provider.Data().ProviderName, opts.ClientID)
domain := opts.CookieDomain domain := opts.CookieDomain
@ -160,7 +160,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
ProxyPrefix: opts.ProxyPrefix, ProxyPrefix: opts.ProxyPrefix,
provider: opts.provider, provider: opts.provider,
serveMux: serveMux, serveMux: serveMux,
redirectUrl: redirectUrl, redirectURL: redirectURL,
skipAuthRegex: opts.SkipAuthRegex, skipAuthRegex: opts.SkipAuthRegex,
compiledRegex: opts.CompiledRegex, compiledRegex: opts.CompiledRegex,
PassBasicAuth: opts.PassBasicAuth, PassBasicAuth: opts.PassBasicAuth,
@ -173,11 +173,11 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
func (p *OauthProxy) GetRedirectURI(host string) string { func (p *OauthProxy) GetRedirectURI(host string) string {
// default to the request Host if not set // default to the request Host if not set
if p.redirectUrl.Host != "" { if p.redirectURL.Host != "" {
return p.redirectUrl.String() return p.redirectURL.String()
} }
var u url.URL var u url.URL
u = *p.redirectUrl u = *p.redirectURL
if u.Scheme == "" { if u.Scheme == "" {
if p.CookieSecure { if p.CookieSecure {
u.Scheme = "https" u.Scheme = "https"

12
oauthproxy_test.go
View File

@ -124,17 +124,17 @@ func TestBasicAuthPassword(t *testing.T) {
opts.provider = &TestProvider{ opts.provider = &TestProvider{
ProviderData: &providers.ProviderData{ ProviderData: &providers.ProviderData{
ProviderName: "Test Provider", ProviderName: "Test Provider",
LoginUrl: &url.URL{ LoginURL: &url.URL{
Scheme: "http", Scheme: "http",
Host: provider_url.Host, Host: provider_url.Host,
Path: "/oauth/authorize", Path: "/oauth/authorize",
}, },
RedeemUrl: &url.URL{ RedeemURL: &url.URL{
Scheme: "http", Scheme: "http",
Host: provider_url.Host, Host: provider_url.Host,
Path: "/oauth/token", Path: "/oauth/token",
}, },
ProfileUrl: &url.URL{ ProfileURL: &url.URL{
Scheme: "http", Scheme: "http",
Host: provider_url.Host, Host: provider_url.Host,
Path: "/api/v1/profile", Path: "/api/v1/profile",
@ -245,17 +245,17 @@ func NewPassAccessTokenTest(opts PassAccessTokenTestOptions) *PassAccessTokenTes
t.opts.provider = &TestProvider{ t.opts.provider = &TestProvider{
ProviderData: &providers.ProviderData{ ProviderData: &providers.ProviderData{
ProviderName: "Test Provider", ProviderName: "Test Provider",
LoginUrl: &url.URL{ LoginURL: &url.URL{
Scheme: "http", Scheme: "http",
Host: provider_url.Host, Host: provider_url.Host,
Path: "/oauth/authorize", Path: "/oauth/authorize",
}, },
RedeemUrl: &url.URL{ RedeemURL: &url.URL{
Scheme: "http", Scheme: "http",
Host: provider_url.Host, Host: provider_url.Host,
Path: "/oauth/token", Path: "/oauth/token",
}, },
ProfileUrl: &url.URL{ ProfileURL: &url.URL{
Scheme: "http", Scheme: "http",
Host: provider_url.Host, Host: provider_url.Host,
Path: "/api/v1/profile", Path: "/api/v1/profile",

36
options.go
View File

@ -16,7 +16,7 @@ type Options struct {
ProxyPrefix string `flag:"proxy-prefix" cfg:"proxy-prefix"` ProxyPrefix string `flag:"proxy-prefix" cfg:"proxy-prefix"`
HttpAddress string `flag:"http-address" cfg:"http_address"` HttpAddress string `flag:"http-address" cfg:"http_address"`
HttpsAddress string `flag:"https-address" cfg:"https_address"` HttpsAddress string `flag:"https-address" cfg:"https_address"`
RedirectUrl string `flag:"redirect-url" cfg:"redirect_url"` RedirectURL string `flag:"redirect-url" cfg:"redirect_url"`
ClientID string `flag:"client-id" cfg:"client_id" env:"OAUTH2_PROXY_CLIENT_ID"` ClientID string `flag:"client-id" cfg:"client_id" env:"OAUTH2_PROXY_CLIENT_ID"`
ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"OAUTH2_PROXY_CLIENT_SECRET"` ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"OAUTH2_PROXY_CLIENT_SECRET"`
TLSCertFile string `flag:"tls-cert" cfg:"tls_cert_file"` TLSCertFile string `flag:"tls-cert" cfg:"tls_cert_file"`
@ -51,18 +51,18 @@ type Options struct {
// These options allow for other providers besides Google, with // These options allow for other providers besides Google, with
// potential overrides. // potential overrides.
Provider string `flag:"provider" cfg:"provider"` Provider string `flag:"provider" cfg:"provider"`
LoginUrl string `flag:"login-url" cfg:"login_url"` LoginURL string `flag:"login-url" cfg:"login_url"`
RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"` RedeemURL string `flag:"redeem-url" cfg:"redeem_url"`
ProfileUrl string `flag:"profile-url" cfg:"profile_url"` ProfileURL string `flag:"profile-url" cfg:"profile_url"`
ValidateUrl string `flag:"validate-url" cfg:"validate_url"` ValidateURL string `flag:"validate-url" cfg:"validate_url"`
Scope string `flag:"scope" cfg:"scope"` Scope string `flag:"scope" cfg:"scope"`
ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt"` ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt"`
RequestLogging bool `flag:"request-logging" cfg:"request_logging"` RequestLogging bool `flag:"request-logging" cfg:"request_logging"`
// internal values that are set after config validation // internal values that are set after config validation
redirectUrl *url.URL redirectURL *url.URL
proxyUrls []*url.URL proxyURLs []*url.URL
CompiledRegex []*regexp.Regexp CompiledRegex []*regexp.Regexp
provider providers.Provider provider providers.Provider
} }
@ -86,7 +86,7 @@ func NewOptions() *Options {
} }
} }
func parseUrl(to_parse string, urltype string, msgs []string) (*url.URL, []string) { func parseURL(to_parse string, urltype string, msgs []string) (*url.URL, []string) {
parsed, err := url.Parse(to_parse) parsed, err := url.Parse(to_parse)
if err != nil { if err != nil {
return nil, append(msgs, fmt.Sprintf( return nil, append(msgs, fmt.Sprintf(
@ -113,19 +113,19 @@ func (o *Options) Validate() error {
msgs = append(msgs, "missing setting for email validation: email-domain or authenticated-emails-file required.\n use email-domain=* to authorize all email addresses") msgs = append(msgs, "missing setting for email validation: email-domain or authenticated-emails-file required.\n use email-domain=* to authorize all email addresses")
} }
o.redirectUrl, msgs = parseUrl(o.RedirectUrl, "redirect", msgs) o.redirectURL, msgs = parseURL(o.RedirectURL, "redirect", msgs)
for _, u := range o.Upstreams { for _, u := range o.Upstreams {
upstreamUrl, err := url.Parse(u) upstreamURL, err := url.Parse(u)
if err != nil { if err != nil {
msgs = append(msgs, fmt.Sprintf( msgs = append(msgs, fmt.Sprintf(
"error parsing upstream=%q %s", "error parsing upstream=%q %s",
upstreamUrl, err)) upstreamURL, err))
} }
if upstreamUrl.Path == "" { if upstreamURL.Path == "" {
upstreamUrl.Path = "/" upstreamURL.Path = "/"
} }
o.proxyUrls = append(o.proxyUrls, upstreamUrl) o.proxyURLs = append(o.proxyURLs, upstreamURL)
} }
for _, u := range o.SkipAuthRegex { for _, u := range o.SkipAuthRegex {
@ -189,10 +189,10 @@ func parseProviderInfo(o *Options, msgs []string) []string {
ClientSecret: o.ClientSecret, ClientSecret: o.ClientSecret,
ApprovalPrompt: o.ApprovalPrompt, ApprovalPrompt: o.ApprovalPrompt,
} }
p.LoginUrl, msgs = parseUrl(o.LoginUrl, "login", msgs) p.LoginURL, msgs = parseURL(o.LoginURL, "login", msgs)
p.RedeemUrl, msgs = parseUrl(o.RedeemUrl, "redeem", msgs) p.RedeemURL, msgs = parseURL(o.RedeemURL, "redeem", msgs)
p.ProfileUrl, msgs = parseUrl(o.ProfileUrl, "profile", msgs) p.ProfileURL, msgs = parseURL(o.ProfileURL, "profile", msgs)
p.ValidateUrl, msgs = parseUrl(o.ValidateUrl, "validate", msgs) p.ValidateURL, msgs = parseURL(o.ValidateURL, "validate", msgs)
o.provider = providers.New(o.Provider, p) o.provider = providers.New(o.Provider, p)
switch p := o.provider.(type) { switch p := o.provider.(type) {

16
options_test.go
View File

@ -73,16 +73,16 @@ func TestInitializedOptions(t *testing.T) {
// Note that it's not worth testing nonparseable URLs, since url.Parse() // Note that it's not worth testing nonparseable URLs, since url.Parse()
// seems to parse damn near anything. // seems to parse damn near anything.
func TestRedirectUrl(t *testing.T) { func TestRedirectURL(t *testing.T) {
o := testOptions() o := testOptions()
o.RedirectUrl = "https://myhost.com/oauth2/callback" o.RedirectURL = "https://myhost.com/oauth2/callback"
assert.Equal(t, nil, o.Validate()) assert.Equal(t, nil, o.Validate())
expected := &url.URL{ expected := &url.URL{
Scheme: "https", Host: "myhost.com", Path: "/oauth2/callback"} Scheme: "https", Host: "myhost.com", Path: "/oauth2/callback"}
assert.Equal(t, expected, o.redirectUrl) assert.Equal(t, expected, o.redirectURL)
} }
func TestProxyUrls(t *testing.T) { func TestProxyURLs(t *testing.T) {
o := testOptions() o := testOptions()
o.Upstreams = append(o.Upstreams, "http://127.0.0.1:8081") o.Upstreams = append(o.Upstreams, "http://127.0.0.1:8081")
assert.Equal(t, nil, o.Validate()) assert.Equal(t, nil, o.Validate())
@ -91,7 +91,7 @@ func TestProxyUrls(t *testing.T) {
// note the '/' was added // note the '/' was added
&url.URL{Scheme: "http", Host: "127.0.0.1:8081", Path: "/"}, &url.URL{Scheme: "http", Host: "127.0.0.1:8081", Path: "/"},
} }
assert.Equal(t, expected, o.proxyUrls) assert.Equal(t, expected, o.proxyURLs)
} }
func TestCompiledRegex(t *testing.T) { func TestCompiledRegex(t *testing.T) {
@ -125,10 +125,10 @@ func TestDefaultProviderApiSettings(t *testing.T) {
assert.Equal(t, nil, o.Validate()) assert.Equal(t, nil, o.Validate())
p := o.provider.Data() p := o.provider.Data()
assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=offline", assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=offline",
p.LoginUrl.String()) p.LoginURL.String())
assert.Equal(t, "https://www.googleapis.com/oauth2/v3/token", assert.Equal(t, "https://www.googleapis.com/oauth2/v3/token",
p.RedeemUrl.String()) p.RedeemURL.String())
assert.Equal(t, "", p.ProfileUrl.String()) assert.Equal(t, "", p.ProfileURL.String())
assert.Equal(t, "profile email", p.Scope) assert.Equal(t, "profile email", p.Scope)
} }

12
providers/github.go
View File

@ -17,22 +17,22 @@ type GitHubProvider struct {
func NewGitHubProvider(p *ProviderData) *GitHubProvider { func NewGitHubProvider(p *ProviderData) *GitHubProvider {
p.ProviderName = "GitHub" p.ProviderName = "GitHub"
if p.LoginUrl == nil || p.LoginUrl.String() == "" { if p.LoginURL == nil || p.LoginURL.String() == "" {
p.LoginUrl = &url.URL{ p.LoginURL = &url.URL{
Scheme: "https", Scheme: "https",
Host: "github.com", Host: "github.com",
Path: "/login/oauth/authorize", Path: "/login/oauth/authorize",
} }
} }
if p.RedeemUrl == nil || p.RedeemUrl.String() == "" { if p.RedeemURL == nil || p.RedeemURL.String() == "" {
p.RedeemUrl = &url.URL{ p.RedeemURL = &url.URL{
Scheme: "https", Scheme: "https",
Host: "github.com", Host: "github.com",
Path: "/login/oauth/access_token", Path: "/login/oauth/access_token",
} }
} }
if p.ValidateUrl == nil || p.ValidateUrl.String() == "" { if p.ValidateURL == nil || p.ValidateURL.String() == "" {
p.ValidateUrl = &url.URL{ p.ValidateURL = &url.URL{
Scheme: "https", Scheme: "https",
Host: "api.github.com", Host: "api.github.com",
Path: "/user/emails", Path: "/user/emails",

26
providers/google.go
View File

@ -21,7 +21,7 @@ import (
type GoogleProvider struct { type GoogleProvider struct {
*ProviderData *ProviderData
RedeemRefreshUrl *url.URL RedeemRefreshURL *url.URL
// GroupValidator is a function that determines if the passed email is in // GroupValidator is a function that determines if the passed email is in
// the configured Google group. // the configured Google group.
GroupValidator func(string) bool GroupValidator func(string) bool
@ -29,21 +29,21 @@ type GoogleProvider struct {
func NewGoogleProvider(p *ProviderData) *GoogleProvider { func NewGoogleProvider(p *ProviderData) *GoogleProvider {
p.ProviderName = "Google" p.ProviderName = "Google"
if p.LoginUrl.String() == "" { if p.LoginURL.String() == "" {
p.LoginUrl = &url.URL{Scheme: "https", p.LoginURL = &url.URL{Scheme: "https",
Host: "accounts.google.com", Host: "accounts.google.com",
Path: "/o/oauth2/auth", Path: "/o/oauth2/auth",
// to get a refresh token. see https://developers.google.com/identity/protocols/OAuth2WebServer#offline // to get a refresh token. see https://developers.google.com/identity/protocols/OAuth2WebServer#offline
RawQuery: "access_type=offline", RawQuery: "access_type=offline",
} }
} }
if p.RedeemUrl.String() == "" { if p.RedeemURL.String() == "" {
p.RedeemUrl = &url.URL{Scheme: "https", p.RedeemURL = &url.URL{Scheme: "https",
Host: "www.googleapis.com", Host: "www.googleapis.com",
Path: "/oauth2/v3/token"} Path: "/oauth2/v3/token"}
} }
if p.ValidateUrl.String() == "" { if p.ValidateURL.String() == "" {
p.ValidateUrl = &url.URL{Scheme: "https", p.ValidateURL = &url.URL{Scheme: "https",
Host: "www.googleapis.com", Host: "www.googleapis.com",
Path: "/oauth2/v1/tokeninfo"} Path: "/oauth2/v1/tokeninfo"}
} }
@ -96,20 +96,20 @@ func jwtDecodeSegment(seg string) ([]byte, error) {
return base64.URLEncoding.DecodeString(seg) return base64.URLEncoding.DecodeString(seg)
} }
func (p *GoogleProvider) Redeem(redirectUrl, code string) (s *SessionState, err error) { func (p *GoogleProvider) Redeem(redirectURL, code string) (s *SessionState, err error) {
if code == "" { if code == "" {
err = errors.New("missing code") err = errors.New("missing code")
return return
} }
params := url.Values{} params := url.Values{}
params.Add("redirect_uri", redirectUrl) params.Add("redirect_uri", redirectURL)
params.Add("client_id", p.ClientID) params.Add("client_id", p.ClientID)
params.Add("client_secret", p.ClientSecret) params.Add("client_secret", p.ClientSecret)
params.Add("code", code) params.Add("code", code)
params.Add("grant_type", "authorization_code") params.Add("grant_type", "authorization_code")
var req *http.Request var req *http.Request
req, err = http.NewRequest("POST", p.RedeemUrl.String(), bytes.NewBufferString(params.Encode())) req, err = http.NewRequest("POST", p.RedeemURL.String(), bytes.NewBufferString(params.Encode()))
if err != nil { if err != nil {
return return
} }
@ -127,7 +127,7 @@ func (p *GoogleProvider) Redeem(redirectUrl, code string) (s *SessionState, err
} }
if resp.StatusCode != 200 { if resp.StatusCode != 200 {
err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemUrl.String(), body) err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemURL.String(), body)
return return
} }
@ -281,7 +281,7 @@ func (p *GoogleProvider) redeemRefreshToken(refreshToken string) (token string,
params.Add("refresh_token", refreshToken) params.Add("refresh_token", refreshToken)
params.Add("grant_type", "refresh_token") params.Add("grant_type", "refresh_token")
var req *http.Request var req *http.Request
req, err = http.NewRequest("POST", p.RedeemUrl.String(), bytes.NewBufferString(params.Encode())) req, err = http.NewRequest("POST", p.RedeemURL.String(), bytes.NewBufferString(params.Encode()))
if err != nil { if err != nil {
return return
} }
@ -299,7 +299,7 @@ func (p *GoogleProvider) redeemRefreshToken(refreshToken string) (token string,
} }
if resp.StatusCode != 200 { if resp.StatusCode != 200 {
err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemUrl.String(), body) err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemURL.String(), body)
return return
} }

40
providers/google_test.go
View File

@ -23,10 +23,10 @@ func newGoogleProvider() *GoogleProvider {
return NewGoogleProvider( return NewGoogleProvider(
&ProviderData{ &ProviderData{
ProviderName: "", ProviderName: "",
LoginUrl: &url.URL{}, LoginURL: &url.URL{},
RedeemUrl: &url.URL{}, RedeemURL: &url.URL{},
ProfileUrl: &url.URL{}, ProfileURL: &url.URL{},
ValidateUrl: &url.URL{}, ValidateURL: &url.URL{},
Scope: ""}) Scope: ""})
} }
@ -35,31 +35,31 @@ func TestGoogleProviderDefaults(t *testing.T) {
assert.NotEqual(t, nil, p) assert.NotEqual(t, nil, p)
assert.Equal(t, "Google", p.Data().ProviderName) assert.Equal(t, "Google", p.Data().ProviderName)
assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=offline", assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=offline",
p.Data().LoginUrl.String()) p.Data().LoginURL.String())
assert.Equal(t, "https://www.googleapis.com/oauth2/v3/token", assert.Equal(t, "https://www.googleapis.com/oauth2/v3/token",
p.Data().RedeemUrl.String()) p.Data().RedeemURL.String())
assert.Equal(t, "https://www.googleapis.com/oauth2/v1/tokeninfo", assert.Equal(t, "https://www.googleapis.com/oauth2/v1/tokeninfo",
p.Data().ValidateUrl.String()) p.Data().ValidateURL.String())
assert.Equal(t, "", p.Data().ProfileUrl.String()) assert.Equal(t, "", p.Data().ProfileURL.String())
assert.Equal(t, "profile email", p.Data().Scope) assert.Equal(t, "profile email", p.Data().Scope)
} }
func TestGoogleProviderOverrides(t *testing.T) { func TestGoogleProviderOverrides(t *testing.T) {
p := NewGoogleProvider( p := NewGoogleProvider(
&ProviderData{ &ProviderData{
LoginUrl: &url.URL{ LoginURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/auth"}, Path: "/oauth/auth"},
RedeemUrl: &url.URL{ RedeemURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/token"}, Path: "/oauth/token"},
ProfileUrl: &url.URL{ ProfileURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/profile"}, Path: "/oauth/profile"},
ValidateUrl: &url.URL{ ValidateURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/tokeninfo"}, Path: "/oauth/tokeninfo"},
@ -67,13 +67,13 @@ func TestGoogleProviderOverrides(t *testing.T) {
assert.NotEqual(t, nil, p) assert.NotEqual(t, nil, p)
assert.Equal(t, "Google", p.Data().ProviderName) assert.Equal(t, "Google", p.Data().ProviderName)
assert.Equal(t, "https://example.com/oauth/auth", assert.Equal(t, "https://example.com/oauth/auth",
p.Data().LoginUrl.String()) p.Data().LoginURL.String())
assert.Equal(t, "https://example.com/oauth/token", assert.Equal(t, "https://example.com/oauth/token",
p.Data().RedeemUrl.String()) p.Data().RedeemURL.String())
assert.Equal(t, "https://example.com/oauth/profile", assert.Equal(t, "https://example.com/oauth/profile",
p.Data().ProfileUrl.String()) p.Data().ProfileURL.String())
assert.Equal(t, "https://example.com/oauth/tokeninfo", assert.Equal(t, "https://example.com/oauth/tokeninfo",
p.Data().ValidateUrl.String()) p.Data().ValidateURL.String())
assert.Equal(t, "profile", p.Data().Scope) assert.Equal(t, "profile", p.Data().Scope)
} }
@ -94,7 +94,7 @@ func TestGoogleProviderGetEmailAddress(t *testing.T) {
}) })
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
var server *httptest.Server var server *httptest.Server
p.RedeemUrl, server = newRedeemServer(body) p.RedeemURL, server = newRedeemServer(body)
defer server.Close() defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234") session, err := p.Redeem("http://redirect/", "code1234")
@ -131,7 +131,7 @@ func TestGoogleProviderGetEmailAddressInvalidEncoding(t *testing.T) {
}) })
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
var server *httptest.Server var server *httptest.Server
p.RedeemUrl, server = newRedeemServer(body) p.RedeemURL, server = newRedeemServer(body)
defer server.Close() defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234") session, err := p.Redeem("http://redirect/", "code1234")
@ -150,7 +150,7 @@ func TestGoogleProviderGetEmailAddressInvalidJson(t *testing.T) {
}) })
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
var server *httptest.Server var server *httptest.Server
p.RedeemUrl, server = newRedeemServer(body) p.RedeemURL, server = newRedeemServer(body)
defer server.Close() defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234") session, err := p.Redeem("http://redirect/", "code1234")
@ -169,7 +169,7 @@ func TestGoogleProviderGetEmailAddressEmailMissing(t *testing.T) {
}) })
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
var server *httptest.Server var server *httptest.Server
p.RedeemUrl, server = newRedeemServer(body) p.RedeemURL, server = newRedeemServer(body)
defer server.Close() defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234") session, err := p.Redeem("http://redirect/", "code1234")

4
providers/internal_util.go
View File

@ -11,10 +11,10 @@ import (
// validateToken returns true if token is valid // validateToken returns true if token is valid
func validateToken(p Provider, access_token string, header http.Header) bool { func validateToken(p Provider, access_token string, header http.Header) bool {
if access_token == "" || p.Data().ValidateUrl == nil { if access_token == "" || p.Data().ValidateURL == nil {
return false return false
} }
endpoint := p.Data().ValidateUrl.String() endpoint := p.Data().ValidateURL.String()
if len(header) == 0 { if len(header) == 0 {
params := url.Values{"access_token": {access_token}} params := url.Values{"access_token": {access_token}}
endpoint = endpoint + "?" + params.Encode() endpoint = endpoint + "?" + params.Encode()

6
providers/internal_util_test.go
View File

@ -63,7 +63,7 @@ func NewValidateSessionStateTest() *ValidateSessionStateTest {
backend_url, _ := url.Parse(vt_test.backend.URL) backend_url, _ := url.Parse(vt_test.backend.URL)
vt_test.provider = &ValidateSessionStateTestProvider{ vt_test.provider = &ValidateSessionStateTestProvider{
ProviderData: &ProviderData{ ProviderData: &ProviderData{
ValidateUrl: &url.URL{ ValidateURL: &url.URL{
Scheme: "http", Scheme: "http",
Host: backend_url.Host, Host: backend_url.Host,
Path: "/oauth/tokeninfo", Path: "/oauth/tokeninfo",
@ -99,10 +99,10 @@ func TestValidateSessionStateEmptyToken(t *testing.T) {
assert.Equal(t, false, validateToken(vt_test.provider, "", nil)) assert.Equal(t, false, validateToken(vt_test.provider, "", nil))
} }
func TestValidateSessionStateEmptyValidateUrl(t *testing.T) { func TestValidateSessionStateEmptyValidateURL(t *testing.T) {
vt_test := NewValidateSessionStateTest() vt_test := NewValidateSessionStateTest()
defer vt_test.Close() defer vt_test.Close()
vt_test.provider.Data().ValidateUrl = nil vt_test.provider.Data().ValidateURL = nil
assert.Equal(t, false, validateToken(vt_test.provider, "foobar", nil)) assert.Equal(t, false, validateToken(vt_test.provider, "foobar", nil))
} }

18
providers/linkedin.go
View File

@ -15,23 +15,23 @@ type LinkedInProvider struct {
func NewLinkedInProvider(p *ProviderData) *LinkedInProvider { func NewLinkedInProvider(p *ProviderData) *LinkedInProvider {
p.ProviderName = "LinkedIn" p.ProviderName = "LinkedIn"
if p.LoginUrl.String() == "" { if p.LoginURL.String() == "" {
p.LoginUrl = &url.URL{Scheme: "https", p.LoginURL = &url.URL{Scheme: "https",
Host: "www.linkedin.com", Host: "www.linkedin.com",
Path: "/uas/oauth2/authorization"} Path: "/uas/oauth2/authorization"}
} }
if p.RedeemUrl.String() == "" { if p.RedeemURL.String() == "" {
p.RedeemUrl = &url.URL{Scheme: "https", p.RedeemURL = &url.URL{Scheme: "https",
Host: "www.linkedin.com", Host: "www.linkedin.com",
Path: "/uas/oauth2/accessToken"} Path: "/uas/oauth2/accessToken"}
} }
if p.ProfileUrl.String() == "" { if p.ProfileURL.String() == "" {
p.ProfileUrl = &url.URL{Scheme: "https", p.ProfileURL = &url.URL{Scheme: "https",
Host: "www.linkedin.com", Host: "www.linkedin.com",
Path: "/v1/people/~/email-address"} Path: "/v1/people/~/email-address"}
} }
if p.ValidateUrl.String() == "" { if p.ValidateURL.String() == "" {
p.ValidateUrl = p.ProfileUrl p.ValidateURL = p.ProfileURL
} }
if p.Scope == "" { if p.Scope == "" {
p.Scope = "r_emailaddress r_basicprofile" p.Scope = "r_emailaddress r_basicprofile"
@ -51,7 +51,7 @@ func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error) {
if s.AccessToken == "" { if s.AccessToken == "" {
return "", errors.New("missing access token") return "", errors.New("missing access token")
} }
req, err := http.NewRequest("GET", p.ProfileUrl.String()+"?format=json", nil) req, err := http.NewRequest("GET", p.ProfileURL.String()+"?format=json", nil)
if err != nil { if err != nil {
return "", err return "", err
} }

38
providers/linkedin_test.go
View File

@ -12,15 +12,15 @@ func testLinkedInProvider(hostname string) *LinkedInProvider {
p := NewLinkedInProvider( p := NewLinkedInProvider(
&ProviderData{ &ProviderData{
ProviderName: "", ProviderName: "",
LoginUrl: &url.URL{}, LoginURL: &url.URL{},
RedeemUrl: &url.URL{}, RedeemURL: &url.URL{},
ProfileUrl: &url.URL{}, ProfileURL: &url.URL{},
ValidateUrl: &url.URL{}, ValidateURL: &url.URL{},
Scope: ""}) Scope: ""})
if hostname != "" { if hostname != "" {
updateUrl(p.Data().LoginUrl, hostname) updateURL(p.Data().LoginURL, hostname)
updateUrl(p.Data().RedeemUrl, hostname) updateURL(p.Data().RedeemURL, hostname)
updateUrl(p.Data().ProfileUrl, hostname) updateURL(p.Data().ProfileURL, hostname)
} }
return p return p
} }
@ -47,32 +47,32 @@ func TestLinkedInProviderDefaults(t *testing.T) {
assert.NotEqual(t, nil, p) assert.NotEqual(t, nil, p)
assert.Equal(t, "LinkedIn", p.Data().ProviderName) assert.Equal(t, "LinkedIn", p.Data().ProviderName)
assert.Equal(t, "https://www.linkedin.com/uas/oauth2/authorization", assert.Equal(t, "https://www.linkedin.com/uas/oauth2/authorization",
p.Data().LoginUrl.String()) p.Data().LoginURL.String())
assert.Equal(t, "https://www.linkedin.com/uas/oauth2/accessToken", assert.Equal(t, "https://www.linkedin.com/uas/oauth2/accessToken",
p.Data().RedeemUrl.String()) p.Data().RedeemURL.String())
assert.Equal(t, "https://www.linkedin.com/v1/people/~/email-address", assert.Equal(t, "https://www.linkedin.com/v1/people/~/email-address",
p.Data().ProfileUrl.String()) p.Data().ProfileURL.String())
assert.Equal(t, "https://www.linkedin.com/v1/people/~/email-address", assert.Equal(t, "https://www.linkedin.com/v1/people/~/email-address",
p.Data().ValidateUrl.String()) p.Data().ValidateURL.String())
assert.Equal(t, "r_emailaddress r_basicprofile", p.Data().Scope) assert.Equal(t, "r_emailaddress r_basicprofile", p.Data().Scope)
} }
func TestLinkedInProviderOverrides(t *testing.T) { func TestLinkedInProviderOverrides(t *testing.T) {
p := NewLinkedInProvider( p := NewLinkedInProvider(
&ProviderData{ &ProviderData{
LoginUrl: &url.URL{ LoginURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/auth"}, Path: "/oauth/auth"},
RedeemUrl: &url.URL{ RedeemURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/token"}, Path: "/oauth/token"},
ProfileUrl: &url.URL{ ProfileURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/profile"}, Path: "/oauth/profile"},
ValidateUrl: &url.URL{ ValidateURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/tokeninfo"}, Path: "/oauth/tokeninfo"},
@ -80,13 +80,13 @@ func TestLinkedInProviderOverrides(t *testing.T) {
assert.NotEqual(t, nil, p) assert.NotEqual(t, nil, p)
assert.Equal(t, "LinkedIn", p.Data().ProviderName) assert.Equal(t, "LinkedIn", p.Data().ProviderName)
assert.Equal(t, "https://example.com/oauth/auth", assert.Equal(t, "https://example.com/oauth/auth",
p.Data().LoginUrl.String()) p.Data().LoginURL.String())
assert.Equal(t, "https://example.com/oauth/token", assert.Equal(t, "https://example.com/oauth/token",
p.Data().RedeemUrl.String()) p.Data().RedeemURL.String())
assert.Equal(t, "https://example.com/oauth/profile", assert.Equal(t, "https://example.com/oauth/profile",
p.Data().ProfileUrl.String()) p.Data().ProfileURL.String())
assert.Equal(t, "https://example.com/oauth/tokeninfo", assert.Equal(t, "https://example.com/oauth/tokeninfo",
p.Data().ValidateUrl.String()) p.Data().ValidateURL.String())
assert.Equal(t, "profile", p.Data().Scope) assert.Equal(t, "profile", p.Data().Scope)
} }

18
providers/myusa.go
View File

@ -16,23 +16,23 @@ func NewMyUsaProvider(p *ProviderData) *MyUsaProvider {
const myUsaHost string = "alpha.my.usa.gov" const myUsaHost string = "alpha.my.usa.gov"
p.ProviderName = "MyUSA" p.ProviderName = "MyUSA"
if p.LoginUrl.String() == "" { if p.LoginURL.String() == "" {
p.LoginUrl = &url.URL{Scheme: "https", p.LoginURL = &url.URL{Scheme: "https",
Host: myUsaHost, Host: myUsaHost,
Path: "/oauth/authorize"} Path: "/oauth/authorize"}
} }
if p.RedeemUrl.String() == "" { if p.RedeemURL.String() == "" {
p.RedeemUrl = &url.URL{Scheme: "https", p.RedeemURL = &url.URL{Scheme: "https",
Host: myUsaHost, Host: myUsaHost,
Path: "/oauth/token"} Path: "/oauth/token"}
} }
if p.ProfileUrl.String() == "" { if p.ProfileURL.String() == "" {
p.ProfileUrl = &url.URL{Scheme: "https", p.ProfileURL = &url.URL{Scheme: "https",
Host: myUsaHost, Host: myUsaHost,
Path: "/api/v1/profile"} Path: "/api/v1/profile"}
} }
if p.ValidateUrl.String() == "" { if p.ValidateURL.String() == "" {
p.ValidateUrl = &url.URL{Scheme: "https", p.ValidateURL = &url.URL{Scheme: "https",
Host: myUsaHost, Host: myUsaHost,
Path: "/api/v1/tokeninfo"} Path: "/api/v1/tokeninfo"}
} }
@ -44,7 +44,7 @@ func NewMyUsaProvider(p *ProviderData) *MyUsaProvider {
func (p *MyUsaProvider) GetEmailAddress(s *SessionState) (string, error) { func (p *MyUsaProvider) GetEmailAddress(s *SessionState) (string, error) {
req, err := http.NewRequest("GET", req, err := http.NewRequest("GET",
p.ProfileUrl.String()+"?access_token="+s.AccessToken, nil) p.ProfileURL.String()+"?access_token="+s.AccessToken, nil)
if err != nil { if err != nil {
log.Printf("failed building request %s", err) log.Printf("failed building request %s", err)
return "", err return "", err

42
providers/myusa_test.go
View File

@ -9,7 +9,7 @@ import (
"github.com/bmizerany/assert" "github.com/bmizerany/assert"
) )
func updateUrl(url *url.URL, hostname string) { func updateURL(url *url.URL, hostname string) {
url.Scheme = "http" url.Scheme = "http"
url.Host = hostname url.Host = hostname
} }
@ -18,16 +18,16 @@ func testMyUsaProvider(hostname string) *MyUsaProvider {
p := NewMyUsaProvider( p := NewMyUsaProvider(
&ProviderData{ &ProviderData{
ProviderName: "", ProviderName: "",
LoginUrl: &url.URL{}, LoginURL: &url.URL{},
RedeemUrl: &url.URL{}, RedeemURL: &url.URL{},
ProfileUrl: &url.URL{}, ProfileURL: &url.URL{},
ValidateUrl: &url.URL{}, ValidateURL: &url.URL{},
Scope: ""}) Scope: ""})
if hostname != "" { if hostname != "" {
updateUrl(p.Data().LoginUrl, hostname) updateURL(p.Data().LoginURL, hostname)
updateUrl(p.Data().RedeemUrl, hostname) updateURL(p.Data().RedeemURL, hostname)
updateUrl(p.Data().ProfileUrl, hostname) updateURL(p.Data().ProfileURL, hostname)
updateUrl(p.Data().ValidateUrl, hostname) updateURL(p.Data().ValidateURL, hostname)
} }
return p return p
} }
@ -53,32 +53,32 @@ func TestMyUsaProviderDefaults(t *testing.T) {
assert.NotEqual(t, nil, p) assert.NotEqual(t, nil, p)
assert.Equal(t, "MyUSA", p.Data().ProviderName) assert.Equal(t, "MyUSA", p.Data().ProviderName)
assert.Equal(t, "https://alpha.my.usa.gov/oauth/authorize", assert.Equal(t, "https://alpha.my.usa.gov/oauth/authorize",
p.Data().LoginUrl.String()) p.Data().LoginURL.String())
assert.Equal(t, "https://alpha.my.usa.gov/oauth/token", assert.Equal(t, "https://alpha.my.usa.gov/oauth/token",
p.Data().RedeemUrl.String()) p.Data().RedeemURL.String())
assert.Equal(t, "https://alpha.my.usa.gov/api/v1/profile", assert.Equal(t, "https://alpha.my.usa.gov/api/v1/profile",
p.Data().ProfileUrl.String()) p.Data().ProfileURL.String())
assert.Equal(t, "https://alpha.my.usa.gov/api/v1/tokeninfo", assert.Equal(t, "https://alpha.my.usa.gov/api/v1/tokeninfo",
p.Data().ValidateUrl.String()) p.Data().ValidateURL.String())
assert.Equal(t, "profile.email", p.Data().Scope) assert.Equal(t, "profile.email", p.Data().Scope)
} }
func TestMyUsaProviderOverrides(t *testing.T) { func TestMyUsaProviderOverrides(t *testing.T) {
p := NewMyUsaProvider( p := NewMyUsaProvider(
&ProviderData{ &ProviderData{
LoginUrl: &url.URL{ LoginURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/auth"}, Path: "/oauth/auth"},
RedeemUrl: &url.URL{ RedeemURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/token"}, Path: "/oauth/token"},
ProfileUrl: &url.URL{ ProfileURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/profile"}, Path: "/oauth/profile"},
ValidateUrl: &url.URL{ ValidateURL: &url.URL{
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/tokeninfo"}, Path: "/oauth/tokeninfo"},
@ -86,13 +86,13 @@ func TestMyUsaProviderOverrides(t *testing.T) {
assert.NotEqual(t, nil, p) assert.NotEqual(t, nil, p)
assert.Equal(t, "MyUSA", p.Data().ProviderName) assert.Equal(t, "MyUSA", p.Data().ProviderName)
assert.Equal(t, "https://example.com/oauth/auth", assert.Equal(t, "https://example.com/oauth/auth",
p.Data().LoginUrl.String()) p.Data().LoginURL.String())
assert.Equal(t, "https://example.com/oauth/token", assert.Equal(t, "https://example.com/oauth/token",
p.Data().RedeemUrl.String()) p.Data().RedeemURL.String())
assert.Equal(t, "https://example.com/oauth/profile", assert.Equal(t, "https://example.com/oauth/profile",
p.Data().ProfileUrl.String()) p.Data().ProfileURL.String())
assert.Equal(t, "https://example.com/oauth/tokeninfo", assert.Equal(t, "https://example.com/oauth/tokeninfo",
p.Data().ValidateUrl.String()) p.Data().ValidateURL.String())
assert.Equal(t, "profile", p.Data().Scope) assert.Equal(t, "profile", p.Data().Scope)
} }

8
providers/provider_data.go
View File

@ -8,10 +8,10 @@ type ProviderData struct {
ProviderName string ProviderName string
ClientID string ClientID string
ClientSecret string ClientSecret string
LoginUrl *url.URL LoginURL *url.URL
RedeemUrl *url.URL RedeemURL *url.URL
ProfileUrl *url.URL ProfileURL *url.URL
ValidateUrl *url.URL ValidateURL *url.URL
Scope string Scope string
ApprovalPrompt string ApprovalPrompt string
} }

10
providers/provider_default.go
View File

@ -13,20 +13,20 @@ import (
"github.com/bitly/oauth2_proxy/cookie" "github.com/bitly/oauth2_proxy/cookie"
) )
func (p *ProviderData) Redeem(redirectUrl, code string) (s *SessionState, err error) { func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error) {
if code == "" { if code == "" {
err = errors.New("missing code") err = errors.New("missing code")
return return
} }
params := url.Values{} params := url.Values{}
params.Add("redirect_uri", redirectUrl) params.Add("redirect_uri", redirectURL)
params.Add("client_id", p.ClientID) params.Add("client_id", p.ClientID)
params.Add("client_secret", p.ClientSecret) params.Add("client_secret", p.ClientSecret)
params.Add("code", code) params.Add("code", code)
params.Add("grant_type", "authorization_code") params.Add("grant_type", "authorization_code")
var req *http.Request var req *http.Request
req, err = http.NewRequest("POST", p.RedeemUrl.String(), bytes.NewBufferString(params.Encode())) req, err = http.NewRequest("POST", p.RedeemURL.String(), bytes.NewBufferString(params.Encode()))
if err != nil { if err != nil {
return return
} }
@ -45,7 +45,7 @@ func (p *ProviderData) Redeem(redirectUrl, code string) (s *SessionState, err er
} }
if resp.StatusCode != 200 { if resp.StatusCode != 200 {
err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemUrl.String(), body) err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemURL.String(), body)
return return
} }
@ -77,7 +77,7 @@ func (p *ProviderData) Redeem(redirectUrl, code string) (s *SessionState, err er
// GetLoginURL with typical oauth parameters // GetLoginURL with typical oauth parameters
func (p *ProviderData) GetLoginURL(redirectURI, finalRedirect string) string { func (p *ProviderData) GetLoginURL(redirectURI, finalRedirect string) string {
var a url.URL var a url.URL
a = *p.LoginUrl a = *p.LoginURL
params, _ := url.ParseQuery(a.RawQuery) params, _ := url.ParseQuery(a.RawQuery)
params.Set("redirect_uri", redirectURI) params.Set("redirect_uri", redirectURI)
params.Set("approval_prompt", p.ApprovalPrompt) params.Set("approval_prompt", p.ApprovalPrompt)