From 15f48fb95e48d740d62c40eda706681cde582889 Mon Sep 17 00:00:00 2001 From: Phil Taprogge Date: Tue, 7 May 2019 10:36:00 +0100 Subject: [PATCH] Don't infer username from email local part if username not set --- oauthproxy_test.go | 9 ++++----- providers/session_state.go | 2 +- providers/session_state_test.go | 8 ++++---- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/oauthproxy_test.go b/oauthproxy_test.go index 359ef4d..8409cd5 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -291,8 +291,7 @@ func TestBasicAuthPassword(t *testing.T) { opts.Validate() providerURL, _ := url.Parse(providerServer.URL) - const emailAddress = "michael.bland@gsa.gov" - const username = "michael.bland" + const emailAddress = "john.doe@example.com" opts.provider = NewTestProvider(providerURL, emailAddress) proxy := NewOAuthProxy(opts, func(email string) bool { @@ -335,7 +334,7 @@ func TestBasicAuthPassword(t *testing.T) { rw = httptest.NewRecorder() proxy.ServeHTTP(rw, req) - expectedHeader := "Basic " + base64.StdEncoding.EncodeToString([]byte(username+":"+opts.BasicAuthPassword)) + expectedHeader := "Basic " + base64.StdEncoding.EncodeToString([]byte(emailAddress+":"+opts.BasicAuthPassword)) assert.Equal(t, expectedHeader, rw.Body.String()) providerServer.Close() } @@ -654,13 +653,13 @@ func (p *ProcessCookieTest) LoadCookiedSession() (*providers.SessionState, time. func TestLoadCookiedSession(t *testing.T) { pcTest := NewProcessCookieTestWithDefaults() - startSession := &providers.SessionState{Email: "michael.bland@gsa.gov", AccessToken: "my_access_token"} + startSession := &providers.SessionState{Email: "john.doe@example.com", AccessToken: "my_access_token"} pcTest.SaveSession(startSession, time.Now()) session, _, err := pcTest.LoadCookiedSession() assert.Equal(t, nil, err) assert.Equal(t, startSession.Email, session.Email) - assert.Equal(t, "michael.bland", session.User) + assert.Equal(t, "john.doe@example.com", session.User) assert.Equal(t, startSession.AccessToken, session.AccessToken) } diff --git a/providers/session_state.go b/providers/session_state.go index 5d4a892..c3402ac 100644 --- a/providers/session_state.go +++ b/providers/session_state.go @@ -218,7 +218,7 @@ func DecodeSessionState(v string, c *cookie.Cipher) (*SessionState, error) { } } if ss.User == "" { - ss.User = strings.Split(ss.Email, "@")[0] + ss.User = ss.Email } return ss, nil } diff --git a/providers/session_state_test.go b/providers/session_state_test.go index dee81bb..78957c6 100644 --- a/providers/session_state_test.go +++ b/providers/session_state_test.go @@ -30,7 +30,7 @@ func TestSessionStateSerialization(t *testing.T) { ss, err := DecodeSessionState(encoded, c) t.Logf("%#v", ss) assert.Equal(t, nil, err) - assert.Equal(t, "user", ss.User) + assert.Equal(t, "user@domain.com", ss.User) assert.Equal(t, s.Email, ss.Email) assert.Equal(t, s.AccessToken, ss.AccessToken) assert.Equal(t, s.IDToken, ss.IDToken) @@ -41,7 +41,7 @@ func TestSessionStateSerialization(t *testing.T) { ss, err = DecodeSessionState(encoded, c2) t.Logf("%#v", ss) assert.Equal(t, nil, err) - assert.NotEqual(t, "user", ss.User) + assert.NotEqual(t, "user@domain.com", ss.User) assert.NotEqual(t, s.Email, ss.Email) assert.Equal(t, s.ExpiresOn.Unix(), ss.ExpiresOn.Unix()) assert.NotEqual(t, s.AccessToken, ss.AccessToken) @@ -97,7 +97,7 @@ func TestSessionStateSerializationNoCipher(t *testing.T) { // only email should have been serialized ss, err := DecodeSessionState(encoded, nil) assert.Equal(t, nil, err) - assert.Equal(t, "user", ss.User) + assert.Equal(t, "user@domain.com", ss.User) assert.Equal(t, s.Email, ss.Email) assert.Equal(t, "", ss.AccessToken) assert.Equal(t, "", ss.RefreshToken) @@ -203,7 +203,7 @@ func TestDecodeSessionState(t *testing.T) { { SessionState: SessionState{ Email: "user@domain.com", - User: "user", + User: "user@domain.com", }, Encoded: `{"Email":"user@domain.com"}`, },