meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

*: rename Url to URL everywhere

Browse Source 
Go coding style says that acronyms should be all lower or all upper. Fix
Url to URL.
This commit is contained in:
Brandon Philips 2015-11-09 00:47:44 +01:00
parent 1b0144ba75
commit 51a2e4e48c
15 changed files with 151 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
oauthproxy.go
View File

@ -34,7 +34,7 @@ type OauthProxy struct {
OauthStartPath string
OauthCallbackPath string
redirectUrl *url.URL // the url to receive requests at
redirectURL *url.URL // the url to receive requests at
provider providers.Provider
ProxyPrefix string
SignInMessage string
@ -88,7 +88,7 @@ func NewFileServer(path string, filesystemPath string) (proxy http.Handler) {
func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
serveMux := http.NewServeMux()
for _, u := range opts.proxyUrls {
for _, u := range opts.proxyURLs {
path := u.Path
switch u.Scheme {
case "http", "https":
@ -116,8 +116,8 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
log.Printf("compiled skip-auth-regex => %q", u)
}
redirectUrl := opts.redirectUrl
redirectUrl.Path = fmt.Sprintf("%s/callback", opts.ProxyPrefix)
redirectURL := opts.redirectURL
redirectURL.Path = fmt.Sprintf("%s/callback", opts.ProxyPrefix)
log.Printf("OauthProxy configured for %s Client ID: %s", opts.provider.Data().ProviderName, opts.ClientID)
domain := opts.CookieDomain
@ -160,7 +160,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
ProxyPrefix: opts.ProxyPrefix,
provider: opts.provider,
serveMux: serveMux,
redirectUrl: redirectUrl,
redirectURL: redirectURL,
skipAuthRegex: opts.SkipAuthRegex,
compiledRegex: opts.CompiledRegex,
PassBasicAuth: opts.PassBasicAuth,
@ -173,11 +173,11 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
func (p *OauthProxy) GetRedirectURI(host string) string {
// default to the request Host if not set
if p.redirectUrl.Host != "" {
return p.redirectUrl.String()
if p.redirectURL.Host != "" {
return p.redirectURL.String()
}
var u url.URL
u = *p.redirectUrl
u = *p.redirectURL
if u.Scheme == "" {
if p.CookieSecure {
u.Scheme = "https"

12
oauthproxy_test.go
View File

@ -124,17 +124,17 @@ func TestBasicAuthPassword(t *testing.T) {
opts.provider = &TestProvider{
ProviderData: &providers.ProviderData{
ProviderName: "Test Provider",
LoginUrl: &url.URL{
LoginURL: &url.URL{
Scheme: "http",
Host: provider_url.Host,
Path: "/oauth/authorize",
},
RedeemUrl: &url.URL{
RedeemURL: &url.URL{
Scheme: "http",
Host: provider_url.Host,
Path: "/oauth/token",
},
ProfileUrl: &url.URL{
ProfileURL: &url.URL{
Scheme: "http",
Host: provider_url.Host,
Path: "/api/v1/profile",
@ -245,17 +245,17 @@ func NewPassAccessTokenTest(opts PassAccessTokenTestOptions) *PassAccessTokenTes
t.opts.provider = &TestProvider{
ProviderData: &providers.ProviderData{
ProviderName: "Test Provider",
LoginUrl: &url.URL{
LoginURL: &url.URL{
Scheme: "http",
Host: provider_url.Host,
Path: "/oauth/authorize",
},
RedeemUrl: &url.URL{
RedeemURL: &url.URL{
Scheme: "http",
Host: provider_url.Host,
Path: "/oauth/token",
},
ProfileUrl: &url.URL{
ProfileURL: &url.URL{
Scheme: "http",
Host: provider_url.Host,
Path: "/api/v1/profile",

36
options.go
View File

@ -16,7 +16,7 @@ type Options struct {
ProxyPrefix string `flag:"proxy-prefix" cfg:"proxy-prefix"`
HttpAddress string `flag:"http-address" cfg:"http_address"`
HttpsAddress string `flag:"https-address" cfg:"https_address"`
RedirectUrl string `flag:"redirect-url" cfg:"redirect_url"`
RedirectURL string `flag:"redirect-url" cfg:"redirect_url"`
ClientID string `flag:"client-id" cfg:"client_id" env:"OAUTH2_PROXY_CLIENT_ID"`
ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"OAUTH2_PROXY_CLIENT_SECRET"`
TLSCertFile string `flag:"tls-cert" cfg:"tls_cert_file"`
@ -51,18 +51,18 @@ type Options struct {
// These options allow for other providers besides Google, with
// potential overrides.
Provider string `flag:"provider" cfg:"provider"`
LoginUrl string `flag:"login-url" cfg:"login_url"`
RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"`
ProfileUrl string `flag:"profile-url" cfg:"profile_url"`
ValidateUrl string `flag:"validate-url" cfg:"validate_url"`
LoginURL string `flag:"login-url" cfg:"login_url"`
RedeemURL string `flag:"redeem-url" cfg:"redeem_url"`
ProfileURL string `flag:"profile-url" cfg:"profile_url"`
ValidateURL string `flag:"validate-url" cfg:"validate_url"`
Scope string `flag:"scope" cfg:"scope"`
ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt"`
RequestLogging bool `flag:"request-logging" cfg:"request_logging"`
// internal values that are set after config validation
redirectUrl *url.URL
proxyUrls []*url.URL
redirectURL *url.URL
proxyURLs []*url.URL
CompiledRegex []*regexp.Regexp
provider providers.Provider
}
@ -86,7 +86,7 @@ func NewOptions() *Options {
}
}
func parseUrl(to_parse string, urltype string, msgs []string) (*url.URL, []string) {
func parseURL(to_parse string, urltype string, msgs []string) (*url.URL, []string) {
parsed, err := url.Parse(to_parse)
if err != nil {
return nil, append(msgs, fmt.Sprintf(
@ -113,19 +113,19 @@ func (o *Options) Validate() error {
msgs = append(msgs, "missing setting for email validation: email-domain or authenticated-emails-file required.\n use email-domain=* to authorize all email addresses")
}
o.redirectUrl, msgs = parseUrl(o.RedirectUrl, "redirect", msgs)
o.redirectURL, msgs = parseURL(o.RedirectURL, "redirect", msgs)
for _, u := range o.Upstreams {
upstreamUrl, err := url.Parse(u)
upstreamURL, err := url.Parse(u)
if err != nil {
msgs = append(msgs, fmt.Sprintf(
"error parsing upstream=%q %s",
upstreamUrl, err))
upstreamURL, err))
}
if upstreamUrl.Path == "" {
upstreamUrl.Path = "/"
if upstreamURL.Path == "" {
upstreamURL.Path = "/"
}
o.proxyUrls = append(o.proxyUrls, upstreamUrl)
o.proxyURLs = append(o.proxyURLs, upstreamURL)
}
for _, u := range o.SkipAuthRegex {
@ -189,10 +189,10 @@ func parseProviderInfo(o *Options, msgs []string) []string {
ClientSecret: o.ClientSecret,
ApprovalPrompt: o.ApprovalPrompt,
}
p.LoginUrl, msgs = parseUrl(o.LoginUrl, "login", msgs)
p.RedeemUrl, msgs = parseUrl(o.RedeemUrl, "redeem", msgs)
p.ProfileUrl, msgs = parseUrl(o.ProfileUrl, "profile", msgs)
p.ValidateUrl, msgs = parseUrl(o.ValidateUrl, "validate", msgs)
p.LoginURL, msgs = parseURL(o.LoginURL, "login", msgs)
p.RedeemURL, msgs = parseURL(o.RedeemURL, "redeem", msgs)
p.ProfileURL, msgs = parseURL(o.ProfileURL, "profile", msgs)
p.ValidateURL, msgs = parseURL(o.ValidateURL, "validate", msgs)
o.provider = providers.New(o.Provider, p)
switch p := o.provider.(type) {

16
options_test.go
View File

@ -73,16 +73,16 @@ func TestInitializedOptions(t *testing.T) {
// Note that it's not worth testing nonparseable URLs, since url.Parse()
// seems to parse damn near anything.
func TestRedirectUrl(t *testing.T) {
func TestRedirectURL(t *testing.T) {
o := testOptions()
o.RedirectUrl = "https://myhost.com/oauth2/callback"
o.RedirectURL = "https://myhost.com/oauth2/callback"
assert.Equal(t, nil, o.Validate())
expected := &url.URL{
Scheme: "https", Host: "myhost.com", Path: "/oauth2/callback"}
assert.Equal(t, expected, o.redirectUrl)
assert.Equal(t, expected, o.redirectURL)
}
func TestProxyUrls(t *testing.T) {
func TestProxyURLs(t *testing.T) {
o := testOptions()
o.Upstreams = append(o.Upstreams, "http://127.0.0.1:8081")
assert.Equal(t, nil, o.Validate())
@ -91,7 +91,7 @@ func TestProxyUrls(t *testing.T) {
// note the '/' was added
&url.URL{Scheme: "http", Host: "127.0.0.1:8081", Path: "/"},
}
assert.Equal(t, expected, o.proxyUrls)
assert.Equal(t, expected, o.proxyURLs)
}
func TestCompiledRegex(t *testing.T) {
@ -125,10 +125,10 @@ func TestDefaultProviderApiSettings(t *testing.T) {
assert.Equal(t, nil, o.Validate())
p := o.provider.Data()
assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=offline",
p.LoginUrl.String())
p.LoginURL.String())
assert.Equal(t, "https://www.googleapis.com/oauth2/v3/token",
p.RedeemUrl.String())
assert.Equal(t, "", p.ProfileUrl.String())
p.RedeemURL.String())
assert.Equal(t, "", p.ProfileURL.String())
assert.Equal(t, "profile email", p.Scope)
}

12
providers/github.go
View File

@ -17,22 +17,22 @@ type GitHubProvider struct {
func NewGitHubProvider(p *ProviderData) *GitHubProvider {
p.ProviderName = "GitHub"
if p.LoginUrl == nil || p.LoginUrl.String() == "" {
p.LoginUrl = &url.URL{
if p.LoginURL == nil || p.LoginURL.String() == "" {
p.LoginURL = &url.URL{
Scheme: "https",
Host: "github.com",
Path: "/login/oauth/authorize",
}
}
if p.RedeemUrl == nil || p.RedeemUrl.String() == "" {
p.RedeemUrl = &url.URL{
if p.RedeemURL == nil || p.RedeemURL.String() == "" {
p.RedeemURL = &url.URL{
Scheme: "https",
Host: "github.com",
Path: "/login/oauth/access_token",
}
}
if p.ValidateUrl == nil || p.ValidateUrl.String() == "" {
p.ValidateUrl = &url.URL{
if p.ValidateURL == nil || p.ValidateURL.String() == "" {
p.ValidateURL = &url.URL{
Scheme: "https",
Host: "api.github.com",
Path: "/user/emails",

26
providers/google.go
View File

@ -21,7 +21,7 @@ import (
type GoogleProvider struct {
*ProviderData
RedeemRefreshUrl *url.URL
RedeemRefreshURL *url.URL
// GroupValidator is a function that determines if the passed email is in
// the configured Google group.
GroupValidator func(string) bool
@ -29,21 +29,21 @@ type GoogleProvider struct {
func NewGoogleProvider(p *ProviderData) *GoogleProvider {
p.ProviderName = "Google"
if p.LoginUrl.String() == "" {
p.LoginUrl = &url.URL{Scheme: "https",
if p.LoginURL.String() == "" {
p.LoginURL = &url.URL{Scheme: "https",
Host: "accounts.google.com",
Path: "/o/oauth2/auth",
// to get a refresh token. see https://developers.google.com/identity/protocols/OAuth2WebServer#offline
RawQuery: "access_type=offline",
}
}
if p.RedeemUrl.String() == "" {
p.RedeemUrl = &url.URL{Scheme: "https",
if p.RedeemURL.String() == "" {
p.RedeemURL = &url.URL{Scheme: "https",
Host: "www.googleapis.com",
Path: "/oauth2/v3/token"}
}
if p.ValidateUrl.String() == "" {
p.ValidateUrl = &url.URL{Scheme: "https",
if p.ValidateURL.String() == "" {
p.ValidateURL = &url.URL{Scheme: "https",
Host: "www.googleapis.com",
Path: "/oauth2/v1/tokeninfo"}
}
@ -96,20 +96,20 @@ func jwtDecodeSegment(seg string) ([]byte, error) {
return base64.URLEncoding.DecodeString(seg)
}
func (p *GoogleProvider) Redeem(redirectUrl, code string) (s *SessionState, err error) {
func (p *GoogleProvider) Redeem(redirectURL, code string) (s *SessionState, err error) {
if code == "" {
err = errors.New("missing code")
return
}
params := url.Values{}
params.Add("redirect_uri", redirectUrl)
params.Add("redirect_uri", redirectURL)
params.Add("client_id", p.ClientID)
params.Add("client_secret", p.ClientSecret)
params.Add("code", code)
params.Add("grant_type", "authorization_code")
var req *http.Request
req, err = http.NewRequest("POST", p.RedeemUrl.String(), bytes.NewBufferString(params.Encode()))
req, err = http.NewRequest("POST", p.RedeemURL.String(), bytes.NewBufferString(params.Encode()))
if err != nil {
return
}
@ -127,7 +127,7 @@ func (p *GoogleProvider) Redeem(redirectUrl, code string) (s *SessionState, err
}
if resp.StatusCode != 200 {
err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemUrl.String(), body)
err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemURL.String(), body)
return
}
@ -281,7 +281,7 @@ func (p *GoogleProvider) redeemRefreshToken(refreshToken string) (token string,
params.Add("refresh_token", refreshToken)
params.Add("grant_type", "refresh_token")
var req *http.Request
req, err = http.NewRequest("POST", p.RedeemUrl.String(), bytes.NewBufferString(params.Encode()))
req, err = http.NewRequest("POST", p.RedeemURL.String(), bytes.NewBufferString(params.Encode()))
if err != nil {
return
}
@ -299,7 +299,7 @@ func (p *GoogleProvider) redeemRefreshToken(refreshToken string) (token string,
}
if resp.StatusCode != 200 {
err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemUrl.String(), body)
err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemURL.String(), body)
return
}

40
providers/google_test.go
View File

@ -23,10 +23,10 @@ func newGoogleProvider() *GoogleProvider {
return NewGoogleProvider(
&ProviderData{
ProviderName: "",
LoginUrl: &url.URL{},
RedeemUrl: &url.URL{},
ProfileUrl: &url.URL{},
ValidateUrl: &url.URL{},
LoginURL: &url.URL{},
RedeemURL: &url.URL{},
ProfileURL: &url.URL{},
ValidateURL: &url.URL{},
Scope: ""})
}
@ -35,31 +35,31 @@ func TestGoogleProviderDefaults(t *testing.T) {
assert.NotEqual(t, nil, p)
assert.Equal(t, "Google", p.Data().ProviderName)
assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=offline",
p.Data().LoginUrl.String())
p.Data().LoginURL.String())
assert.Equal(t, "https://www.googleapis.com/oauth2/v3/token",
p.Data().RedeemUrl.String())
p.Data().RedeemURL.String())
assert.Equal(t, "https://www.googleapis.com/oauth2/v1/tokeninfo",
p.Data().ValidateUrl.String())
assert.Equal(t, "", p.Data().ProfileUrl.String())
p.Data().ValidateURL.String())
assert.Equal(t, "", p.Data().ProfileURL.String())
assert.Equal(t, "profile email", p.Data().Scope)
}
func TestGoogleProviderOverrides(t *testing.T) {
p := NewGoogleProvider(
&ProviderData{
LoginUrl: &url.URL{
LoginURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/auth"},
RedeemUrl: &url.URL{
RedeemURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/token"},
ProfileUrl: &url.URL{
ProfileURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/profile"},
ValidateUrl: &url.URL{
ValidateURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/tokeninfo"},
@ -67,13 +67,13 @@ func TestGoogleProviderOverrides(t *testing.T) {
assert.NotEqual(t, nil, p)
assert.Equal(t, "Google", p.Data().ProviderName)
assert.Equal(t, "https://example.com/oauth/auth",
p.Data().LoginUrl.String())
p.Data().LoginURL.String())
assert.Equal(t, "https://example.com/oauth/token",
p.Data().RedeemUrl.String())
p.Data().RedeemURL.String())
assert.Equal(t, "https://example.com/oauth/profile",
p.Data().ProfileUrl.String())
p.Data().ProfileURL.String())
assert.Equal(t, "https://example.com/oauth/tokeninfo",
p.Data().ValidateUrl.String())
p.Data().ValidateURL.String())
assert.Equal(t, "profile", p.Data().Scope)
}
@ -94,7 +94,7 @@ func TestGoogleProviderGetEmailAddress(t *testing.T) {
})
assert.Equal(t, nil, err)
var server *httptest.Server
p.RedeemUrl, server = newRedeemServer(body)
p.RedeemURL, server = newRedeemServer(body)
defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234")
@ -131,7 +131,7 @@ func TestGoogleProviderGetEmailAddressInvalidEncoding(t *testing.T) {
})
assert.Equal(t, nil, err)
var server *httptest.Server
p.RedeemUrl, server = newRedeemServer(body)
p.RedeemURL, server = newRedeemServer(body)
defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234")
@ -150,7 +150,7 @@ func TestGoogleProviderGetEmailAddressInvalidJson(t *testing.T) {
})
assert.Equal(t, nil, err)
var server *httptest.Server
p.RedeemUrl, server = newRedeemServer(body)
p.RedeemURL, server = newRedeemServer(body)
defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234")
@ -169,7 +169,7 @@ func TestGoogleProviderGetEmailAddressEmailMissing(t *testing.T) {
})
assert.Equal(t, nil, err)
var server *httptest.Server
p.RedeemUrl, server = newRedeemServer(body)
p.RedeemURL, server = newRedeemServer(body)
defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234")

4
providers/internal_util.go
View File

@ -11,10 +11,10 @@ import (
// validateToken returns true if token is valid
func validateToken(p Provider, access_token string, header http.Header) bool {
if access_token == "" || p.Data().ValidateUrl == nil {
if access_token == "" || p.Data().ValidateURL == nil {
return false
}
endpoint := p.Data().ValidateUrl.String()
endpoint := p.Data().ValidateURL.String()
if len(header) == 0 {
params := url.Values{"access_token": {access_token}}
endpoint = endpoint + "?" + params.Encode()

6
providers/internal_util_test.go
View File

@ -63,7 +63,7 @@ func NewValidateSessionStateTest() *ValidateSessionStateTest {
backend_url, _ := url.Parse(vt_test.backend.URL)
vt_test.provider = &ValidateSessionStateTestProvider{
ProviderData: &ProviderData{
ValidateUrl: &url.URL{
ValidateURL: &url.URL{
Scheme: "http",
Host: backend_url.Host,
Path: "/oauth/tokeninfo",
@ -99,10 +99,10 @@ func TestValidateSessionStateEmptyToken(t *testing.T) {
assert.Equal(t, false, validateToken(vt_test.provider, "", nil))
}
func TestValidateSessionStateEmptyValidateUrl(t *testing.T) {
func TestValidateSessionStateEmptyValidateURL(t *testing.T) {
vt_test := NewValidateSessionStateTest()
defer vt_test.Close()
vt_test.provider.Data().ValidateUrl = nil
vt_test.provider.Data().ValidateURL = nil
assert.Equal(t, false, validateToken(vt_test.provider, "foobar", nil))
}

18
providers/linkedin.go
View File

@ -15,23 +15,23 @@ type LinkedInProvider struct {
func NewLinkedInProvider(p *ProviderData) *LinkedInProvider {
p.ProviderName = "LinkedIn"
if p.LoginUrl.String() == "" {
p.LoginUrl = &url.URL{Scheme: "https",
if p.LoginURL.String() == "" {
p.LoginURL = &url.URL{Scheme: "https",
Host: "www.linkedin.com",
Path: "/uas/oauth2/authorization"}
}
if p.RedeemUrl.String() == "" {
p.RedeemUrl = &url.URL{Scheme: "https",
if p.RedeemURL.String() == "" {
p.RedeemURL = &url.URL{Scheme: "https",
Host: "www.linkedin.com",
Path: "/uas/oauth2/accessToken"}
}
if p.ProfileUrl.String() == "" {
p.ProfileUrl = &url.URL{Scheme: "https",
if p.ProfileURL.String() == "" {
p.ProfileURL = &url.URL{Scheme: "https",
Host: "www.linkedin.com",
Path: "/v1/people/~/email-address"}
}
if p.ValidateUrl.String() == "" {
p.ValidateUrl = p.ProfileUrl
if p.ValidateURL.String() == "" {
p.ValidateURL = p.ProfileURL
}
if p.Scope == "" {
p.Scope = "r_emailaddress r_basicprofile"
@ -51,7 +51,7 @@ func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error) {
if s.AccessToken == "" {
return "", errors.New("missing access token")
}
req, err := http.NewRequest("GET", p.ProfileUrl.String()+"?format=json", nil)
req, err := http.NewRequest("GET", p.ProfileURL.String()+"?format=json", nil)
if err != nil {
return "", err
}

38
providers/linkedin_test.go
View File

@ -12,15 +12,15 @@ func testLinkedInProvider(hostname string) *LinkedInProvider {
p := NewLinkedInProvider(
&ProviderData{
ProviderName: "",
LoginUrl: &url.URL{},
RedeemUrl: &url.URL{},
ProfileUrl: &url.URL{},
ValidateUrl: &url.URL{},
LoginURL: &url.URL{},
RedeemURL: &url.URL{},
ProfileURL: &url.URL{},
ValidateURL: &url.URL{},
Scope: ""})
if hostname != "" {
updateUrl(p.Data().LoginUrl, hostname)
updateUrl(p.Data().RedeemUrl, hostname)
updateUrl(p.Data().ProfileUrl, hostname)
updateURL(p.Data().LoginURL, hostname)
updateURL(p.Data().RedeemURL, hostname)
updateURL(p.Data().ProfileURL, hostname)
}
return p
}
@ -47,32 +47,32 @@ func TestLinkedInProviderDefaults(t *testing.T) {
assert.NotEqual(t, nil, p)
assert.Equal(t, "LinkedIn", p.Data().ProviderName)
assert.Equal(t, "https://www.linkedin.com/uas/oauth2/authorization",
p.Data().LoginUrl.String())
p.Data().LoginURL.String())
assert.Equal(t, "https://www.linkedin.com/uas/oauth2/accessToken",
p.Data().RedeemUrl.String())
p.Data().RedeemURL.String())
assert.Equal(t, "https://www.linkedin.com/v1/people/~/email-address",
p.Data().ProfileUrl.String())
p.Data().ProfileURL.String())
assert.Equal(t, "https://www.linkedin.com/v1/people/~/email-address",
p.Data().ValidateUrl.String())
p.Data().ValidateURL.String())
assert.Equal(t, "r_emailaddress r_basicprofile", p.Data().Scope)
}
func TestLinkedInProviderOverrides(t *testing.T) {
p := NewLinkedInProvider(
&ProviderData{
LoginUrl: &url.URL{
LoginURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/auth"},
RedeemUrl: &url.URL{
RedeemURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/token"},
ProfileUrl: &url.URL{
ProfileURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/profile"},
ValidateUrl: &url.URL{
ValidateURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/tokeninfo"},
@ -80,13 +80,13 @@ func TestLinkedInProviderOverrides(t *testing.T) {
assert.NotEqual(t, nil, p)
assert.Equal(t, "LinkedIn", p.Data().ProviderName)
assert.Equal(t, "https://example.com/oauth/auth",
p.Data().LoginUrl.String())
p.Data().LoginURL.String())
assert.Equal(t, "https://example.com/oauth/token",
p.Data().RedeemUrl.String())
p.Data().RedeemURL.String())
assert.Equal(t, "https://example.com/oauth/profile",
p.Data().ProfileUrl.String())
p.Data().ProfileURL.String())
assert.Equal(t, "https://example.com/oauth/tokeninfo",
p.Data().ValidateUrl.String())
p.Data().ValidateURL.String())
assert.Equal(t, "profile", p.Data().Scope)
}

18
providers/myusa.go
View File

@ -16,23 +16,23 @@ func NewMyUsaProvider(p *ProviderData) *MyUsaProvider {
const myUsaHost string = "alpha.my.usa.gov"
p.ProviderName = "MyUSA"
if p.LoginUrl.String() == "" {
p.LoginUrl = &url.URL{Scheme: "https",
if p.LoginURL.String() == "" {
p.LoginURL = &url.URL{Scheme: "https",
Host: myUsaHost,
Path: "/oauth/authorize"}
}
if p.RedeemUrl.String() == "" {
p.RedeemUrl = &url.URL{Scheme: "https",
if p.RedeemURL.String() == "" {
p.RedeemURL = &url.URL{Scheme: "https",
Host: myUsaHost,
Path: "/oauth/token"}
}
if p.ProfileUrl.String() == "" {
p.ProfileUrl = &url.URL{Scheme: "https",
if p.ProfileURL.String() == "" {
p.ProfileURL = &url.URL{Scheme: "https",
Host: myUsaHost,
Path: "/api/v1/profile"}
}
if p.ValidateUrl.String() == "" {
p.ValidateUrl = &url.URL{Scheme: "https",
if p.ValidateURL.String() == "" {
p.ValidateURL = &url.URL{Scheme: "https",
Host: myUsaHost,
Path: "/api/v1/tokeninfo"}
}
@ -44,7 +44,7 @@ func NewMyUsaProvider(p *ProviderData) *MyUsaProvider {
func (p *MyUsaProvider) GetEmailAddress(s *SessionState) (string, error) {
req, err := http.NewRequest("GET",
p.ProfileUrl.String()+"?access_token="+s.AccessToken, nil)
p.ProfileURL.String()+"?access_token="+s.AccessToken, nil)
if err != nil {
log.Printf("failed building request %s", err)
return "", err

42
providers/myusa_test.go
View File

@ -9,7 +9,7 @@ import (
"github.com/bmizerany/assert"
)
func updateUrl(url *url.URL, hostname string) {
func updateURL(url *url.URL, hostname string) {
url.Scheme = "http"
url.Host = hostname
}
@ -18,16 +18,16 @@ func testMyUsaProvider(hostname string) *MyUsaProvider {
p := NewMyUsaProvider(
&ProviderData{
ProviderName: "",
LoginUrl: &url.URL{},
RedeemUrl: &url.URL{},
ProfileUrl: &url.URL{},
ValidateUrl: &url.URL{},
LoginURL: &url.URL{},
RedeemURL: &url.URL{},
ProfileURL: &url.URL{},
ValidateURL: &url.URL{},
Scope: ""})
if hostname != "" {
updateUrl(p.Data().LoginUrl, hostname)
updateUrl(p.Data().RedeemUrl, hostname)
updateUrl(p.Data().ProfileUrl, hostname)
updateUrl(p.Data().ValidateUrl, hostname)
updateURL(p.Data().LoginURL, hostname)
updateURL(p.Data().RedeemURL, hostname)
updateURL(p.Data().ProfileURL, hostname)
updateURL(p.Data().ValidateURL, hostname)
}
return p
}
@ -53,32 +53,32 @@ func TestMyUsaProviderDefaults(t *testing.T) {
assert.NotEqual(t, nil, p)
assert.Equal(t, "MyUSA", p.Data().ProviderName)
assert.Equal(t, "https://alpha.my.usa.gov/oauth/authorize",
p.Data().LoginUrl.String())
p.Data().LoginURL.String())
assert.Equal(t, "https://alpha.my.usa.gov/oauth/token",
p.Data().RedeemUrl.String())
p.Data().RedeemURL.String())
assert.Equal(t, "https://alpha.my.usa.gov/api/v1/profile",
p.Data().ProfileUrl.String())
p.Data().ProfileURL.String())
assert.Equal(t, "https://alpha.my.usa.gov/api/v1/tokeninfo",
p.Data().ValidateUrl.String())
p.Data().ValidateURL.String())
assert.Equal(t, "profile.email", p.Data().Scope)
}
func TestMyUsaProviderOverrides(t *testing.T) {
p := NewMyUsaProvider(
&ProviderData{
LoginUrl: &url.URL{
LoginURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/auth"},
RedeemUrl: &url.URL{
RedeemURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/token"},
ProfileUrl: &url.URL{
ProfileURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/profile"},
ValidateUrl: &url.URL{
ValidateURL: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/tokeninfo"},
@ -86,13 +86,13 @@ func TestMyUsaProviderOverrides(t *testing.T) {
assert.NotEqual(t, nil, p)
assert.Equal(t, "MyUSA", p.Data().ProviderName)
assert.Equal(t, "https://example.com/oauth/auth",
p.Data().LoginUrl.String())
p.Data().LoginURL.String())
assert.Equal(t, "https://example.com/oauth/token",
p.Data().RedeemUrl.String())
p.Data().RedeemURL.String())
assert.Equal(t, "https://example.com/oauth/profile",
p.Data().ProfileUrl.String())
p.Data().ProfileURL.String())
assert.Equal(t, "https://example.com/oauth/tokeninfo",
p.Data().ValidateUrl.String())
p.Data().ValidateURL.String())
assert.Equal(t, "profile", p.Data().Scope)
}

8
providers/provider_data.go
View File

@ -8,10 +8,10 @@ type ProviderData struct {
ProviderName string
ClientID string
ClientSecret string
LoginUrl *url.URL
RedeemUrl *url.URL
ProfileUrl *url.URL
ValidateUrl *url.URL
LoginURL *url.URL
RedeemURL *url.URL
ProfileURL *url.URL
ValidateURL *url.URL
Scope string
ApprovalPrompt string
}

10
providers/provider_default.go
View File

@ -13,20 +13,20 @@ import (
"github.com/bitly/oauth2_proxy/cookie"
)
func (p *ProviderData) Redeem(redirectUrl, code string) (s *SessionState, err error) {
func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error) {
if code == "" {
err = errors.New("missing code")
return
}
params := url.Values{}
params.Add("redirect_uri", redirectUrl)
params.Add("redirect_uri", redirectURL)
params.Add("client_id", p.ClientID)
params.Add("client_secret", p.ClientSecret)
params.Add("code", code)
params.Add("grant_type", "authorization_code")
var req *http.Request
req, err = http.NewRequest("POST", p.RedeemUrl.String(), bytes.NewBufferString(params.Encode()))
req, err = http.NewRequest("POST", p.RedeemURL.String(), bytes.NewBufferString(params.Encode()))
if err != nil {
return
}
@ -45,7 +45,7 @@ func (p *ProviderData) Redeem(redirectUrl, code string) (s *SessionState, err er
}
if resp.StatusCode != 200 {
err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemUrl.String(), body)
err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemURL.String(), body)
return
}
@ -77,7 +77,7 @@ func (p *ProviderData) Redeem(redirectUrl, code string) (s *SessionState, err er
// GetLoginURL with typical oauth parameters
func (p *ProviderData) GetLoginURL(redirectURI, finalRedirect string) string {
var a url.URL
a = *p.LoginUrl
a = *p.LoginURL
params, _ := url.ParseQuery(a.RawQuery)
params.Set("redirect_uri", redirectURI)
params.Set("approval_prompt", p.ApprovalPrompt)