m.nabokikh
@@ -291,7 +291,7 @@ func TestRefreshToken(t *testing.T) {
|
||||
t.Errorf("failed to marshal offline session ID: %v", err)
|
||||
}
|
||||
|
||||
//Testing the api.
|
||||
// Testing the api.
|
||||
listReq := api.ListRefreshReq{
|
||||
UserId: subjectString,
|
||||
}
|
||||
|
||||
@@ -15,17 +15,17 @@ import (
|
||||
)
|
||||
|
||||
type deviceCodeResponse struct {
|
||||
//The unique device code for device authentication
|
||||
// The unique device code for device authentication
|
||||
DeviceCode string `json:"device_code"`
|
||||
//The code the user will exchange via a browser and log in
|
||||
// The code the user will exchange via a browser and log in
|
||||
UserCode string `json:"user_code"`
|
||||
//The url to verify the user code.
|
||||
// The url to verify the user code.
|
||||
VerificationURI string `json:"verification_uri"`
|
||||
//The verification uri with the user code appended for pre-filling form
|
||||
// The verification uri with the user code appended for pre-filling form
|
||||
VerificationURIComplete string `json:"verification_uri_complete"`
|
||||
//The lifetime of the device code
|
||||
// The lifetime of the device code
|
||||
ExpireTime int `json:"expires_in"`
|
||||
//How often the device is allowed to poll to verify that the user login occurred
|
||||
// How often the device is allowed to poll to verify that the user login occurred
|
||||
PollInterval int `json:"interval"`
|
||||
}
|
||||
|
||||
@@ -66,27 +66,27 @@ func (s *Server) handleDeviceCode(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
//Get the client id and scopes from the post
|
||||
// Get the client id and scopes from the post
|
||||
clientID := r.Form.Get("client_id")
|
||||
clientSecret := r.Form.Get("client_secret")
|
||||
scopes := strings.Fields(r.Form.Get("scope"))
|
||||
|
||||
s.logger.Infof("Received device request for client %v with scopes %v", clientID, scopes)
|
||||
|
||||
//Make device code
|
||||
// Make device code
|
||||
deviceCode := storage.NewDeviceCode()
|
||||
|
||||
//make user code
|
||||
// make user code
|
||||
userCode, err := storage.NewUserCode()
|
||||
if err != nil {
|
||||
s.logger.Errorf("Error generating user code: %v", err)
|
||||
s.tokenErrHelper(w, errInvalidRequest, "", http.StatusInternalServerError)
|
||||
}
|
||||
|
||||
//Generate the expire time
|
||||
// Generate the expire time
|
||||
expireTime := time.Now().Add(s.deviceRequestsValidFor)
|
||||
|
||||
//Store the Device Request
|
||||
// Store the Device Request
|
||||
deviceReq := storage.DeviceRequest{
|
||||
UserCode: userCode,
|
||||
DeviceCode: deviceCode,
|
||||
@@ -102,7 +102,7 @@ func (s *Server) handleDeviceCode(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
//Store the device token
|
||||
// Store the device token
|
||||
deviceToken := storage.DeviceToken{
|
||||
DeviceCode: deviceCode,
|
||||
Status: deviceTokenPending,
|
||||
@@ -176,7 +176,7 @@ func (s *Server) handleDeviceToken(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
now := s.now()
|
||||
|
||||
//Grab the device token, check validity
|
||||
// Grab the device token, check validity
|
||||
deviceToken, err := s.storage.GetDeviceToken(deviceCode)
|
||||
if err != nil {
|
||||
if err != storage.ErrNotFound {
|
||||
@@ -189,13 +189,13 @@ func (s *Server) handleDeviceToken(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
//Rate Limiting check
|
||||
// Rate Limiting check
|
||||
slowDown := false
|
||||
pollInterval := deviceToken.PollIntervalSeconds
|
||||
minRequestTime := deviceToken.LastRequestTime.Add(time.Second * time.Duration(pollInterval))
|
||||
if now.Before(minRequestTime) {
|
||||
slowDown = true
|
||||
//Continually increase the poll interval until the user waits the proper time
|
||||
// Continually increase the poll interval until the user waits the proper time
|
||||
pollInterval += 5
|
||||
} else {
|
||||
pollInterval = 5
|
||||
@@ -255,7 +255,7 @@ func (s *Server) handleDeviceCallback(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
//Grab the device request from storage
|
||||
// Grab the device request from storage
|
||||
deviceReq, err := s.storage.GetDeviceRequest(userCode)
|
||||
if err != nil || s.now().After(deviceReq.Expiry) {
|
||||
errCode := http.StatusBadRequest
|
||||
@@ -289,7 +289,7 @@ func (s *Server) handleDeviceCallback(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
//Grab the device token from storage
|
||||
// Grab the device token from storage
|
||||
old, err := s.storage.GetDeviceToken(deviceReq.DeviceCode)
|
||||
if err != nil || s.now().After(old.Expiry) {
|
||||
errCode := http.StatusBadRequest
|
||||
@@ -353,7 +353,7 @@ func (s *Server) verifyUserCode(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
userCode = strings.ToUpper(userCode)
|
||||
|
||||
//Find the user code in the available requests
|
||||
// Find the user code in the available requests
|
||||
deviceRequest, err := s.storage.GetDeviceRequest(userCode)
|
||||
if err != nil || s.now().After(deviceRequest.Expiry) {
|
||||
if err != nil && err != storage.ErrNotFound {
|
||||
@@ -366,7 +366,7 @@ func (s *Server) verifyUserCode(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
//Redirect to Dex Auth Endpoint
|
||||
// Redirect to Dex Auth Endpoint
|
||||
authURL := path.Join(s.issuerURL.Path, "/auth")
|
||||
u, err := url.Parse(authURL)
|
||||
if err != nil {
|
||||
|
||||
@@ -24,7 +24,7 @@ func TestDeviceVerificationURI(t *testing.T) {
|
||||
defer cancel()
|
||||
// Setup a dex server.
|
||||
httpServer, s := newTestServer(ctx, t, func(c *Config) {
|
||||
c.Issuer = c.Issuer + "/non-root-path"
|
||||
c.Issuer += "/non-root-path"
|
||||
c.Now = now
|
||||
})
|
||||
defer httpServer.Close()
|
||||
@@ -76,7 +76,7 @@ func TestHandleDeviceCode(t *testing.T) {
|
||||
|
||||
// Setup a dex server.
|
||||
httpServer, s := newTestServer(ctx, t, func(c *Config) {
|
||||
c.Issuer = c.Issuer + "/non-root-path"
|
||||
c.Issuer += "/non-root-path"
|
||||
c.Now = now
|
||||
})
|
||||
defer httpServer.Close()
|
||||
@@ -322,7 +322,7 @@ func TestDeviceCallback(t *testing.T) {
|
||||
|
||||
// Setup a dex server.
|
||||
httpServer, s := newTestServer(ctx, t, func(c *Config) {
|
||||
//c.Issuer = c.Issuer + "/non-root-path"
|
||||
// c.Issuer = c.Issuer + "/non-root-path"
|
||||
c.Now = now
|
||||
})
|
||||
defer httpServer.Close()
|
||||
@@ -506,7 +506,7 @@ func TestDeviceTokenResponse(t *testing.T) {
|
||||
|
||||
// Setup a dex server.
|
||||
httpServer, s := newTestServer(ctx, t, func(c *Config) {
|
||||
c.Issuer = c.Issuer + "/non-root-path"
|
||||
c.Issuer += "/non-root-path"
|
||||
c.Now = now
|
||||
})
|
||||
defer httpServer.Close()
|
||||
@@ -637,7 +637,7 @@ func TestVerifyCodeResponse(t *testing.T) {
|
||||
|
||||
// Setup a dex server.
|
||||
httpServer, s := newTestServer(ctx, t, func(c *Config) {
|
||||
c.Issuer = c.Issuer + "/non-root-path"
|
||||
c.Issuer += "/non-root-path"
|
||||
c.Now = now
|
||||
})
|
||||
defer httpServer.Close()
|
||||
|
||||
@@ -505,7 +505,7 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
|
||||
|
||||
email := claims.Email
|
||||
if !claims.EmailVerified {
|
||||
email = email + " (unverified)"
|
||||
email += " (unverified)"
|
||||
}
|
||||
|
||||
s.logger.Infof("login successful: connector %q, username=%q, preferred_username=%q, email=%q, groups=%q",
|
||||
@@ -518,7 +518,8 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
|
||||
}
|
||||
|
||||
// Try to retrieve an existing OfflineSession object for the corresponding user.
|
||||
if session, err := s.storage.GetOfflineSessions(identity.UserID, authReq.ConnectorID); err != nil {
|
||||
session, err := s.storage.GetOfflineSessions(identity.UserID, authReq.ConnectorID)
|
||||
if err != nil {
|
||||
if err != storage.ErrNotFound {
|
||||
s.logger.Errorf("failed to get offline session: %v", err)
|
||||
return "", err
|
||||
@@ -536,17 +537,19 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
|
||||
s.logger.Errorf("failed to create offline session: %v", err)
|
||||
return "", err
|
||||
}
|
||||
} else {
|
||||
// Update existing OfflineSession obj with new RefreshTokenRef.
|
||||
if err := s.storage.UpdateOfflineSessions(session.UserID, session.ConnID, func(old storage.OfflineSessions) (storage.OfflineSessions, error) {
|
||||
if len(identity.ConnectorData) > 0 {
|
||||
old.ConnectorData = identity.ConnectorData
|
||||
}
|
||||
return old, nil
|
||||
}); err != nil {
|
||||
s.logger.Errorf("failed to update offline session: %v", err)
|
||||
return "", err
|
||||
|
||||
return returnURL, nil
|
||||
}
|
||||
|
||||
// Update existing OfflineSession obj with new RefreshTokenRef.
|
||||
if err := s.storage.UpdateOfflineSessions(session.UserID, session.ConnID, func(old storage.OfflineSessions) (storage.OfflineSessions, error) {
|
||||
if len(identity.ConnectorData) > 0 {
|
||||
old.ConnectorData = identity.ConnectorData
|
||||
}
|
||||
return old, nil
|
||||
}); err != nil {
|
||||
s.logger.Errorf("failed to update offline session: %v", err)
|
||||
return "", err
|
||||
}
|
||||
|
||||
return returnURL, nil
|
||||
@@ -1017,15 +1020,18 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
|
||||
}
|
||||
|
||||
var connectorData []byte
|
||||
if session, err := s.storage.GetOfflineSessions(refresh.Claims.UserID, refresh.ConnectorID); err != nil {
|
||||
|
||||
session, err := s.storage.GetOfflineSessions(refresh.Claims.UserID, refresh.ConnectorID)
|
||||
switch {
|
||||
case err != nil:
|
||||
if err != storage.ErrNotFound {
|
||||
s.logger.Errorf("failed to get offline session: %v", err)
|
||||
return
|
||||
}
|
||||
} else if len(refresh.ConnectorData) > 0 {
|
||||
case len(refresh.ConnectorData) > 0:
|
||||
// Use the old connector data if it exists, should be deleted once used
|
||||
connectorData = refresh.ConnectorData
|
||||
} else {
|
||||
default:
|
||||
connectorData = session.ConnectorData
|
||||
}
|
||||
|
||||
|
||||
@@ -305,7 +305,7 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
|
||||
}
|
||||
r.Handle(path.Join(issuerURL.Path, p), instrumentHandlerCounter(p, handler))
|
||||
}
|
||||
r.NotFoundHandler = http.HandlerFunc(http.NotFound)
|
||||
r.NotFoundHandler = http.NotFoundHandler()
|
||||
|
||||
discoveryHandler, err := s.discoveryHandler()
|
||||
if err != nil {
|
||||
|
||||
@@ -177,7 +177,7 @@ func TestDiscovery(t *testing.T) {
|
||||
defer cancel()
|
||||
|
||||
httpServer, _ := newTestServer(ctx, t, func(c *Config) {
|
||||
c.Issuer = c.Issuer + "/non-root-path"
|
||||
c.Issuer += "/non-root-path"
|
||||
})
|
||||
defer httpServer.Close()
|
||||
|
||||
@@ -504,7 +504,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
||||
|
||||
// Setup a dex server.
|
||||
httpServer, s := newTestServer(ctx, t, func(c *Config) {
|
||||
c.Issuer = c.Issuer + "/non-root-path"
|
||||
c.Issuer += "/non-root-path"
|
||||
c.Now = now
|
||||
c.IDTokensValidFor = idTokensValidFor
|
||||
})
|
||||
@@ -766,7 +766,7 @@ func TestCrossClientScopes(t *testing.T) {
|
||||
defer cancel()
|
||||
|
||||
httpServer, s := newTestServer(ctx, t, func(c *Config) {
|
||||
c.Issuer = c.Issuer + "/non-root-path"
|
||||
c.Issuer += "/non-root-path"
|
||||
})
|
||||
defer httpServer.Close()
|
||||
|
||||
@@ -889,7 +889,7 @@ func TestCrossClientScopesWithAzpInAudienceByDefault(t *testing.T) {
|
||||
defer cancel()
|
||||
|
||||
httpServer, s := newTestServer(ctx, t, func(c *Config) {
|
||||
c.Issuer = c.Issuer + "/non-root-path"
|
||||
c.Issuer += "/non-root-path"
|
||||
})
|
||||
defer httpServer.Close()
|
||||
|
||||
@@ -1180,7 +1180,7 @@ type oauth2Client struct {
|
||||
// that only valid refresh tokens can be used to refresh an expired token.
|
||||
func TestRefreshTokenFlow(t *testing.T) {
|
||||
state := "state"
|
||||
now := func() time.Time { return time.Now() }
|
||||
now := time.Now
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
defer cancel()
|
||||
|
||||
@@ -1300,7 +1300,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
|
||||
|
||||
// Setup a dex server.
|
||||
httpServer, s := newTestServer(ctx, t, func(c *Config) {
|
||||
c.Issuer = c.Issuer + "/non-root-path"
|
||||
c.Issuer += "/non-root-path"
|
||||
c.Now = now
|
||||
c.IDTokensValidFor = idTokensValidFor
|
||||
})
|
||||
@@ -1314,7 +1314,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
|
||||
t.Fatalf("failed to get provider: %v", err)
|
||||
}
|
||||
|
||||
//Add the Clients to the test server
|
||||
// Add the Clients to the test server
|
||||
client := storage.Client{
|
||||
ID: clientID,
|
||||
RedirectURIs: []string{deviceCallbackURI},
|
||||
@@ -1324,13 +1324,13 @@ func TestOAuth2DeviceFlow(t *testing.T) {
|
||||
t.Fatalf("failed to create client: %v", err)
|
||||
}
|
||||
|
||||
//Grab the issuer that we'll reuse for the different endpoints to hit
|
||||
// Grab the issuer that we'll reuse for the different endpoints to hit
|
||||
issuer, err := url.Parse(s.issuerURL.String())
|
||||
if err != nil {
|
||||
t.Errorf("Could not parse issuer URL %v", err)
|
||||
}
|
||||
|
||||
//Send a new Device Request
|
||||
// Send a new Device Request
|
||||
codeURL, _ := url.Parse(issuer.String())
|
||||
codeURL.Path = path.Join(codeURL.Path, "device/code")
|
||||
|
||||
@@ -1350,13 +1350,13 @@ func TestOAuth2DeviceFlow(t *testing.T) {
|
||||
t.Errorf("%v - Unexpected Response Type. Expected 200 got %v. Response: %v", tc.name, resp.StatusCode, string(responseBody))
|
||||
}
|
||||
|
||||
//Parse the code response
|
||||
// Parse the code response
|
||||
var deviceCode deviceCodeResponse
|
||||
if err := json.Unmarshal(responseBody, &deviceCode); err != nil {
|
||||
t.Errorf("Unexpected Device Code Response Format %v", string(responseBody))
|
||||
}
|
||||
|
||||
//Mock the user hitting the verification URI and posting the form
|
||||
// Mock the user hitting the verification URI and posting the form
|
||||
verifyURL, _ := url.Parse(issuer.String())
|
||||
verifyURL.Path = path.Join(verifyURL.Path, "/device/auth/verify_code")
|
||||
urlData := url.Values{}
|
||||
@@ -1374,7 +1374,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
|
||||
t.Errorf("%v - Unexpected Response Type. Expected 200 got %v. Response: %v", tc.name, resp.StatusCode, string(responseBody))
|
||||
}
|
||||
|
||||
//Hit the Token Endpoint, and try and get an access token
|
||||
// Hit the Token Endpoint, and try and get an access token
|
||||
tokenURL, _ := url.Parse(issuer.String())
|
||||
tokenURL.Path = path.Join(tokenURL.Path, "/device/token")
|
||||
v := url.Values{}
|
||||
@@ -1393,7 +1393,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
|
||||
t.Errorf("%v - Unexpected Token Response Type. Expected 200 got %v. Response: %v", tc.name, resp.StatusCode, string(responseBody))
|
||||
}
|
||||
|
||||
//Parse the response
|
||||
// Parse the response
|
||||
var tokenRes accessTokenReponse
|
||||
if err := json.Unmarshal(responseBody, &tokenRes); err != nil {
|
||||
t.Errorf("Unexpected Device Access Token Response Format %v", string(responseBody))
|
||||
@@ -1411,7 +1411,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
|
||||
token.Expiry = time.Now().Add(time.Duration(secs) * time.Second)
|
||||
}
|
||||
|
||||
//Run token tests to validate info is correct
|
||||
// Run token tests to validate info is correct
|
||||
// Create the OAuth2 config.
|
||||
oauth2Config := &oauth2.Config{
|
||||
ClientID: client.ID,
|
||||
|
||||
@@ -178,11 +178,11 @@ func loadTemplates(c webConfig, templatesDir string) (*templates, error) {
|
||||
// 3. For each part of reqPath remaining(minus one), go up one level (..)
|
||||
// 4. For each part of assetPath remaining, append it to result
|
||||
//
|
||||
//eg
|
||||
//server listens at localhost/dex so serverPath is dex
|
||||
//reqPath is /dex/auth
|
||||
//assetPath is static/main.css
|
||||
//relativeURL("/dex", "/dex/auth", "static/main.css") = "../static/main.css"
|
||||
// eg
|
||||
// server listens at localhost/dex so serverPath is dex
|
||||
// reqPath is /dex/auth
|
||||
// assetPath is static/main.css
|
||||
// relativeURL("/dex", "/dex/auth", "static/main.css") = "../static/main.css"
|
||||
func relativeURL(serverPath, reqPath, assetPath string) string {
|
||||
if u, err := url.ParseRequestURI(assetPath); err == nil && u.Scheme != "" {
|
||||
// assetPath points to the external URL, no changes needed
|
||||
|
||||
Reference in New Issue
Block a user