Márk Sági-Kazár
GitHub
@@ -23,7 +23,7 @@ import (
|
||||
type apiClient struct {
|
||||
// Embedded gRPC client to talk to the server.
|
||||
api.DexClient
|
||||
// Close releases resources associated with this client, includuing shutting
|
||||
// Close releases resources associated with this client, including shutting
|
||||
// down the background server.
|
||||
Close func()
|
||||
}
|
||||
@@ -226,7 +226,7 @@ func TestCheckCost(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// Attempts to list and revoke an exisiting refresh token.
|
||||
// Attempts to list and revoke an existing refresh token.
|
||||
func TestRefreshToken(t *testing.T) {
|
||||
logger := &logrus.Logger{
|
||||
Out: os.Stderr,
|
||||
|
||||
@@ -855,7 +855,7 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s
|
||||
s.writeAccessToken(w, tokenResponse)
|
||||
}
|
||||
|
||||
func (s *Server) exchangeAuthCode(w http.ResponseWriter, authCode storage.AuthCode, client storage.Client) (*accessTokenReponse, error) {
|
||||
func (s *Server) exchangeAuthCode(w http.ResponseWriter, authCode storage.AuthCode, client storage.Client) (*accessTokenResponse, error) {
|
||||
accessToken, err := s.newAccessToken(client.ID, authCode.Claims, authCode.Scopes, authCode.Nonce, authCode.ConnectorID)
|
||||
if err != nil {
|
||||
s.logger.Errorf("failed to create new access token: %v", err)
|
||||
@@ -1449,7 +1449,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
|
||||
s.writeAccessToken(w, resp)
|
||||
}
|
||||
|
||||
type accessTokenReponse struct {
|
||||
type accessTokenResponse struct {
|
||||
AccessToken string `json:"access_token"`
|
||||
TokenType string `json:"token_type"`
|
||||
ExpiresIn int `json:"expires_in"`
|
||||
@@ -1457,8 +1457,8 @@ type accessTokenReponse struct {
|
||||
IDToken string `json:"id_token"`
|
||||
}
|
||||
|
||||
func (s *Server) toAccessTokenResponse(idToken, accessToken, refreshToken string, expiry time.Time) *accessTokenReponse {
|
||||
return &accessTokenReponse{
|
||||
func (s *Server) toAccessTokenResponse(idToken, accessToken, refreshToken string, expiry time.Time) *accessTokenResponse {
|
||||
return &accessTokenResponse{
|
||||
accessToken,
|
||||
"bearer",
|
||||
int(expiry.Sub(s.now()).Seconds()),
|
||||
@@ -1467,7 +1467,7 @@ func (s *Server) toAccessTokenResponse(idToken, accessToken, refreshToken string
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) writeAccessToken(w http.ResponseWriter, resp *accessTokenReponse) {
|
||||
func (s *Server) writeAccessToken(w http.ResponseWriter, resp *accessTokenResponse) {
|
||||
data, err := json.Marshal(resp)
|
||||
if err != nil {
|
||||
s.logger.Errorf("failed to marshal access token response: %v", err)
|
||||
|
||||
@@ -129,7 +129,7 @@ func TestConnectorLoginDoesNotAllowToChangeConnectorForAuthRequest(t *testing.T)
|
||||
|
||||
templates, err := loadTemplates(webConfig{}, "../web/templates")
|
||||
if err != nil {
|
||||
t.Fatal("failed to load tempalates")
|
||||
t.Fatal("failed to load templates")
|
||||
}
|
||||
|
||||
s := &Server{
|
||||
|
||||
@@ -194,7 +194,7 @@ func signPayload(key *jose.JSONWebKey, alg jose.SignatureAlgorithm, payload []by
|
||||
|
||||
signer, err := jose.NewSigner(signingKey, &jose.SignerOptions{})
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("new signier: %v", err)
|
||||
return "", fmt.Errorf("new signer: %v", err)
|
||||
}
|
||||
signature, err := signer.Sign(payload)
|
||||
if err != nil {
|
||||
|
||||
@@ -25,7 +25,7 @@ type rotationStrategy struct {
|
||||
rotationFrequency time.Duration
|
||||
|
||||
// After being rotated how long should the key be kept around for validating
|
||||
// signatues?
|
||||
// signatures?
|
||||
idTokenValidFor time.Duration
|
||||
|
||||
// Keys are always RSA keys. Though cryptopasta recommends ECDSA keys, not every
|
||||
@@ -55,7 +55,7 @@ func defaultRotationStrategy(rotationFrequency, idTokenValidFor time.Duration) r
|
||||
}
|
||||
}
|
||||
|
||||
type keyRotater struct {
|
||||
type keyRotator struct {
|
||||
storage.Storage
|
||||
|
||||
strategy rotationStrategy
|
||||
@@ -69,10 +69,10 @@ type keyRotater struct {
|
||||
// The method blocks until after the first attempt to rotate keys has completed. That way
|
||||
// healthy storages will return from this call with valid keys.
|
||||
func (s *Server) startKeyRotation(ctx context.Context, strategy rotationStrategy, now func() time.Time) {
|
||||
rotater := keyRotater{s.storage, strategy, now, s.logger}
|
||||
rotator := keyRotator{s.storage, strategy, now, s.logger}
|
||||
|
||||
// Try to rotate immediately so properly configured storages will have keys.
|
||||
if err := rotater.rotate(); err != nil {
|
||||
if err := rotator.rotate(); err != nil {
|
||||
if err == errAlreadyRotated {
|
||||
s.logger.Infof("Key rotation not needed: %v", err)
|
||||
} else {
|
||||
@@ -86,7 +86,7 @@ func (s *Server) startKeyRotation(ctx context.Context, strategy rotationStrategy
|
||||
case <-ctx.Done():
|
||||
return
|
||||
case <-time.After(time.Second * 30):
|
||||
if err := rotater.rotate(); err != nil {
|
||||
if err := rotator.rotate(); err != nil {
|
||||
s.logger.Errorf("failed to rotate keys: %v", err)
|
||||
}
|
||||
}
|
||||
@@ -94,7 +94,7 @@ func (s *Server) startKeyRotation(ctx context.Context, strategy rotationStrategy
|
||||
}()
|
||||
}
|
||||
|
||||
func (k keyRotater) rotate() error {
|
||||
func (k keyRotator) rotate() error {
|
||||
keys, err := k.GetKeys()
|
||||
if err != nil && err != storage.ErrNotFound {
|
||||
return fmt.Errorf("get keys: %v", err)
|
||||
|
||||
@@ -57,7 +57,7 @@ func slicesEq(s1, s2 []string) bool {
|
||||
return true
|
||||
}
|
||||
|
||||
func TestKeyRotater(t *testing.T) {
|
||||
func TestKeyRotator(t *testing.T) {
|
||||
now := time.Now()
|
||||
|
||||
delta := time.Millisecond
|
||||
@@ -73,7 +73,7 @@ func TestKeyRotater(t *testing.T) {
|
||||
Level: logrus.DebugLevel,
|
||||
}
|
||||
|
||||
r := &keyRotater{
|
||||
r := &keyRotator{
|
||||
Storage: memory.New(l),
|
||||
strategy: defaultRotationStrategy(rotationFrequency, validFor),
|
||||
now: func() time.Time { return now },
|
||||
|
||||
@@ -435,7 +435,7 @@ func makeOAuth2Tests(clientID string, clientSecret string, now func() time.Time)
|
||||
v.Add("client_secret", clientSecret)
|
||||
v.Add("grant_type", "refresh_token")
|
||||
v.Add("refresh_token", token.RefreshToken)
|
||||
// Request a scope that wasn't requestd initially.
|
||||
// Request a scope that wasn't requested initially.
|
||||
v.Add("scope", "oidc email profile")
|
||||
resp, err := http.PostForm(p.Endpoint().TokenURL, v)
|
||||
if err != nil {
|
||||
@@ -721,7 +721,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
||||
|
||||
defer oauth2Client.Close()
|
||||
|
||||
// Regester the client above with dex.
|
||||
// Register the client above with dex.
|
||||
redirectURL := oauth2Client.URL + "/callback"
|
||||
client := storage.Client{
|
||||
ID: clientID,
|
||||
@@ -1560,7 +1560,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
|
||||
}
|
||||
|
||||
// Parse the response
|
||||
var tokenRes accessTokenReponse
|
||||
var tokenRes accessTokenResponse
|
||||
if err := json.Unmarshal(responseBody, &tokenRes); err != nil {
|
||||
t.Errorf("Unexpected Device Access Token Response Format %v", string(responseBody))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user