diff --git a/oauthproxy.go b/oauthproxy.go index 5a12705..7082fb5 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -34,7 +34,7 @@ type OauthProxy struct { OauthStartPath string OauthCallbackPath string - redirectUrl *url.URL // the url to receive requests at + redirectURL *url.URL // the url to receive requests at provider providers.Provider ProxyPrefix string SignInMessage string @@ -88,7 +88,7 @@ func NewFileServer(path string, filesystemPath string) (proxy http.Handler) { func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { serveMux := http.NewServeMux() - for _, u := range opts.proxyUrls { + for _, u := range opts.proxyURLs { path := u.Path switch u.Scheme { case "http", "https": @@ -116,8 +116,8 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { log.Printf("compiled skip-auth-regex => %q", u) } - redirectUrl := opts.redirectUrl - redirectUrl.Path = fmt.Sprintf("%s/callback", opts.ProxyPrefix) + redirectURL := opts.redirectURL + redirectURL.Path = fmt.Sprintf("%s/callback", opts.ProxyPrefix) log.Printf("OauthProxy configured for %s Client ID: %s", opts.provider.Data().ProviderName, opts.ClientID) domain := opts.CookieDomain @@ -160,7 +160,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { ProxyPrefix: opts.ProxyPrefix, provider: opts.provider, serveMux: serveMux, - redirectUrl: redirectUrl, + redirectURL: redirectURL, skipAuthRegex: opts.SkipAuthRegex, compiledRegex: opts.CompiledRegex, PassBasicAuth: opts.PassBasicAuth, @@ -173,11 +173,11 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { func (p *OauthProxy) GetRedirectURI(host string) string { // default to the request Host if not set - if p.redirectUrl.Host != "" { - return p.redirectUrl.String() + if p.redirectURL.Host != "" { + return p.redirectURL.String() } var u url.URL - u = *p.redirectUrl + u = *p.redirectURL if u.Scheme == "" { if p.CookieSecure { u.Scheme = "https" diff --git a/oauthproxy_test.go b/oauthproxy_test.go index ca0b9c4..a109543 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -124,17 +124,17 @@ func TestBasicAuthPassword(t *testing.T) { opts.provider = &TestProvider{ ProviderData: &providers.ProviderData{ ProviderName: "Test Provider", - LoginUrl: &url.URL{ + LoginURL: &url.URL{ Scheme: "http", Host: provider_url.Host, Path: "/oauth/authorize", }, - RedeemUrl: &url.URL{ + RedeemURL: &url.URL{ Scheme: "http", Host: provider_url.Host, Path: "/oauth/token", }, - ProfileUrl: &url.URL{ + ProfileURL: &url.URL{ Scheme: "http", Host: provider_url.Host, Path: "/api/v1/profile", @@ -245,17 +245,17 @@ func NewPassAccessTokenTest(opts PassAccessTokenTestOptions) *PassAccessTokenTes t.opts.provider = &TestProvider{ ProviderData: &providers.ProviderData{ ProviderName: "Test Provider", - LoginUrl: &url.URL{ + LoginURL: &url.URL{ Scheme: "http", Host: provider_url.Host, Path: "/oauth/authorize", }, - RedeemUrl: &url.URL{ + RedeemURL: &url.URL{ Scheme: "http", Host: provider_url.Host, Path: "/oauth/token", }, - ProfileUrl: &url.URL{ + ProfileURL: &url.URL{ Scheme: "http", Host: provider_url.Host, Path: "/api/v1/profile", diff --git a/options.go b/options.go index b4b8afa..945125a 100644 --- a/options.go +++ b/options.go @@ -16,7 +16,7 @@ type Options struct { ProxyPrefix string `flag:"proxy-prefix" cfg:"proxy-prefix"` HttpAddress string `flag:"http-address" cfg:"http_address"` HttpsAddress string `flag:"https-address" cfg:"https_address"` - RedirectUrl string `flag:"redirect-url" cfg:"redirect_url"` + RedirectURL string `flag:"redirect-url" cfg:"redirect_url"` ClientID string `flag:"client-id" cfg:"client_id" env:"OAUTH2_PROXY_CLIENT_ID"` ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"OAUTH2_PROXY_CLIENT_SECRET"` TLSCertFile string `flag:"tls-cert" cfg:"tls_cert_file"` @@ -51,18 +51,18 @@ type Options struct { // These options allow for other providers besides Google, with // potential overrides. Provider string `flag:"provider" cfg:"provider"` - LoginUrl string `flag:"login-url" cfg:"login_url"` - RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"` - ProfileUrl string `flag:"profile-url" cfg:"profile_url"` - ValidateUrl string `flag:"validate-url" cfg:"validate_url"` + LoginURL string `flag:"login-url" cfg:"login_url"` + RedeemURL string `flag:"redeem-url" cfg:"redeem_url"` + ProfileURL string `flag:"profile-url" cfg:"profile_url"` + ValidateURL string `flag:"validate-url" cfg:"validate_url"` Scope string `flag:"scope" cfg:"scope"` ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt"` RequestLogging bool `flag:"request-logging" cfg:"request_logging"` // internal values that are set after config validation - redirectUrl *url.URL - proxyUrls []*url.URL + redirectURL *url.URL + proxyURLs []*url.URL CompiledRegex []*regexp.Regexp provider providers.Provider } @@ -86,7 +86,7 @@ func NewOptions() *Options { } } -func parseUrl(to_parse string, urltype string, msgs []string) (*url.URL, []string) { +func parseURL(to_parse string, urltype string, msgs []string) (*url.URL, []string) { parsed, err := url.Parse(to_parse) if err != nil { return nil, append(msgs, fmt.Sprintf( @@ -113,19 +113,19 @@ func (o *Options) Validate() error { msgs = append(msgs, "missing setting for email validation: email-domain or authenticated-emails-file required.\n use email-domain=* to authorize all email addresses") } - o.redirectUrl, msgs = parseUrl(o.RedirectUrl, "redirect", msgs) + o.redirectURL, msgs = parseURL(o.RedirectURL, "redirect", msgs) for _, u := range o.Upstreams { - upstreamUrl, err := url.Parse(u) + upstreamURL, err := url.Parse(u) if err != nil { msgs = append(msgs, fmt.Sprintf( "error parsing upstream=%q %s", - upstreamUrl, err)) + upstreamURL, err)) } - if upstreamUrl.Path == "" { - upstreamUrl.Path = "/" + if upstreamURL.Path == "" { + upstreamURL.Path = "/" } - o.proxyUrls = append(o.proxyUrls, upstreamUrl) + o.proxyURLs = append(o.proxyURLs, upstreamURL) } for _, u := range o.SkipAuthRegex { @@ -189,10 +189,10 @@ func parseProviderInfo(o *Options, msgs []string) []string { ClientSecret: o.ClientSecret, ApprovalPrompt: o.ApprovalPrompt, } - p.LoginUrl, msgs = parseUrl(o.LoginUrl, "login", msgs) - p.RedeemUrl, msgs = parseUrl(o.RedeemUrl, "redeem", msgs) - p.ProfileUrl, msgs = parseUrl(o.ProfileUrl, "profile", msgs) - p.ValidateUrl, msgs = parseUrl(o.ValidateUrl, "validate", msgs) + p.LoginURL, msgs = parseURL(o.LoginURL, "login", msgs) + p.RedeemURL, msgs = parseURL(o.RedeemURL, "redeem", msgs) + p.ProfileURL, msgs = parseURL(o.ProfileURL, "profile", msgs) + p.ValidateURL, msgs = parseURL(o.ValidateURL, "validate", msgs) o.provider = providers.New(o.Provider, p) switch p := o.provider.(type) { diff --git a/options_test.go b/options_test.go index fcb4b58..2984465 100644 --- a/options_test.go +++ b/options_test.go @@ -73,16 +73,16 @@ func TestInitializedOptions(t *testing.T) { // Note that it's not worth testing nonparseable URLs, since url.Parse() // seems to parse damn near anything. -func TestRedirectUrl(t *testing.T) { +func TestRedirectURL(t *testing.T) { o := testOptions() - o.RedirectUrl = "https://myhost.com/oauth2/callback" + o.RedirectURL = "https://myhost.com/oauth2/callback" assert.Equal(t, nil, o.Validate()) expected := &url.URL{ Scheme: "https", Host: "myhost.com", Path: "/oauth2/callback"} - assert.Equal(t, expected, o.redirectUrl) + assert.Equal(t, expected, o.redirectURL) } -func TestProxyUrls(t *testing.T) { +func TestProxyURLs(t *testing.T) { o := testOptions() o.Upstreams = append(o.Upstreams, "http://127.0.0.1:8081") assert.Equal(t, nil, o.Validate()) @@ -91,7 +91,7 @@ func TestProxyUrls(t *testing.T) { // note the '/' was added &url.URL{Scheme: "http", Host: "127.0.0.1:8081", Path: "/"}, } - assert.Equal(t, expected, o.proxyUrls) + assert.Equal(t, expected, o.proxyURLs) } func TestCompiledRegex(t *testing.T) { @@ -125,10 +125,10 @@ func TestDefaultProviderApiSettings(t *testing.T) { assert.Equal(t, nil, o.Validate()) p := o.provider.Data() assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=offline", - p.LoginUrl.String()) + p.LoginURL.String()) assert.Equal(t, "https://www.googleapis.com/oauth2/v3/token", - p.RedeemUrl.String()) - assert.Equal(t, "", p.ProfileUrl.String()) + p.RedeemURL.String()) + assert.Equal(t, "", p.ProfileURL.String()) assert.Equal(t, "profile email", p.Scope) } diff --git a/providers/github.go b/providers/github.go index db0b21a..cf0cfcb 100644 --- a/providers/github.go +++ b/providers/github.go @@ -17,22 +17,22 @@ type GitHubProvider struct { func NewGitHubProvider(p *ProviderData) *GitHubProvider { p.ProviderName = "GitHub" - if p.LoginUrl == nil || p.LoginUrl.String() == "" { - p.LoginUrl = &url.URL{ + if p.LoginURL == nil || p.LoginURL.String() == "" { + p.LoginURL = &url.URL{ Scheme: "https", Host: "github.com", Path: "/login/oauth/authorize", } } - if p.RedeemUrl == nil || p.RedeemUrl.String() == "" { - p.RedeemUrl = &url.URL{ + if p.RedeemURL == nil || p.RedeemURL.String() == "" { + p.RedeemURL = &url.URL{ Scheme: "https", Host: "github.com", Path: "/login/oauth/access_token", } } - if p.ValidateUrl == nil || p.ValidateUrl.String() == "" { - p.ValidateUrl = &url.URL{ + if p.ValidateURL == nil || p.ValidateURL.String() == "" { + p.ValidateURL = &url.URL{ Scheme: "https", Host: "api.github.com", Path: "/user/emails", diff --git a/providers/google.go b/providers/google.go index d71f313..539657b 100644 --- a/providers/google.go +++ b/providers/google.go @@ -21,7 +21,7 @@ import ( type GoogleProvider struct { *ProviderData - RedeemRefreshUrl *url.URL + RedeemRefreshURL *url.URL // GroupValidator is a function that determines if the passed email is in // the configured Google group. GroupValidator func(string) bool @@ -29,21 +29,21 @@ type GoogleProvider struct { func NewGoogleProvider(p *ProviderData) *GoogleProvider { p.ProviderName = "Google" - if p.LoginUrl.String() == "" { - p.LoginUrl = &url.URL{Scheme: "https", + if p.LoginURL.String() == "" { + p.LoginURL = &url.URL{Scheme: "https", Host: "accounts.google.com", Path: "/o/oauth2/auth", // to get a refresh token. see https://developers.google.com/identity/protocols/OAuth2WebServer#offline RawQuery: "access_type=offline", } } - if p.RedeemUrl.String() == "" { - p.RedeemUrl = &url.URL{Scheme: "https", + if p.RedeemURL.String() == "" { + p.RedeemURL = &url.URL{Scheme: "https", Host: "www.googleapis.com", Path: "/oauth2/v3/token"} } - if p.ValidateUrl.String() == "" { - p.ValidateUrl = &url.URL{Scheme: "https", + if p.ValidateURL.String() == "" { + p.ValidateURL = &url.URL{Scheme: "https", Host: "www.googleapis.com", Path: "/oauth2/v1/tokeninfo"} } @@ -96,20 +96,20 @@ func jwtDecodeSegment(seg string) ([]byte, error) { return base64.URLEncoding.DecodeString(seg) } -func (p *GoogleProvider) Redeem(redirectUrl, code string) (s *SessionState, err error) { +func (p *GoogleProvider) Redeem(redirectURL, code string) (s *SessionState, err error) { if code == "" { err = errors.New("missing code") return } params := url.Values{} - params.Add("redirect_uri", redirectUrl) + params.Add("redirect_uri", redirectURL) params.Add("client_id", p.ClientID) params.Add("client_secret", p.ClientSecret) params.Add("code", code) params.Add("grant_type", "authorization_code") var req *http.Request - req, err = http.NewRequest("POST", p.RedeemUrl.String(), bytes.NewBufferString(params.Encode())) + req, err = http.NewRequest("POST", p.RedeemURL.String(), bytes.NewBufferString(params.Encode())) if err != nil { return } @@ -127,7 +127,7 @@ func (p *GoogleProvider) Redeem(redirectUrl, code string) (s *SessionState, err } if resp.StatusCode != 200 { - err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemUrl.String(), body) + err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemURL.String(), body) return } @@ -281,7 +281,7 @@ func (p *GoogleProvider) redeemRefreshToken(refreshToken string) (token string, params.Add("refresh_token", refreshToken) params.Add("grant_type", "refresh_token") var req *http.Request - req, err = http.NewRequest("POST", p.RedeemUrl.String(), bytes.NewBufferString(params.Encode())) + req, err = http.NewRequest("POST", p.RedeemURL.String(), bytes.NewBufferString(params.Encode())) if err != nil { return } @@ -299,7 +299,7 @@ func (p *GoogleProvider) redeemRefreshToken(refreshToken string) (token string, } if resp.StatusCode != 200 { - err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemUrl.String(), body) + err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemURL.String(), body) return } diff --git a/providers/google_test.go b/providers/google_test.go index 8f0d29b..8f9b054 100644 --- a/providers/google_test.go +++ b/providers/google_test.go @@ -23,10 +23,10 @@ func newGoogleProvider() *GoogleProvider { return NewGoogleProvider( &ProviderData{ ProviderName: "", - LoginUrl: &url.URL{}, - RedeemUrl: &url.URL{}, - ProfileUrl: &url.URL{}, - ValidateUrl: &url.URL{}, + LoginURL: &url.URL{}, + RedeemURL: &url.URL{}, + ProfileURL: &url.URL{}, + ValidateURL: &url.URL{}, Scope: ""}) } @@ -35,31 +35,31 @@ func TestGoogleProviderDefaults(t *testing.T) { assert.NotEqual(t, nil, p) assert.Equal(t, "Google", p.Data().ProviderName) assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=offline", - p.Data().LoginUrl.String()) + p.Data().LoginURL.String()) assert.Equal(t, "https://www.googleapis.com/oauth2/v3/token", - p.Data().RedeemUrl.String()) + p.Data().RedeemURL.String()) assert.Equal(t, "https://www.googleapis.com/oauth2/v1/tokeninfo", - p.Data().ValidateUrl.String()) - assert.Equal(t, "", p.Data().ProfileUrl.String()) + p.Data().ValidateURL.String()) + assert.Equal(t, "", p.Data().ProfileURL.String()) assert.Equal(t, "profile email", p.Data().Scope) } func TestGoogleProviderOverrides(t *testing.T) { p := NewGoogleProvider( &ProviderData{ - LoginUrl: &url.URL{ + LoginURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/auth"}, - RedeemUrl: &url.URL{ + RedeemURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/token"}, - ProfileUrl: &url.URL{ + ProfileURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/profile"}, - ValidateUrl: &url.URL{ + ValidateURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/tokeninfo"}, @@ -67,13 +67,13 @@ func TestGoogleProviderOverrides(t *testing.T) { assert.NotEqual(t, nil, p) assert.Equal(t, "Google", p.Data().ProviderName) assert.Equal(t, "https://example.com/oauth/auth", - p.Data().LoginUrl.String()) + p.Data().LoginURL.String()) assert.Equal(t, "https://example.com/oauth/token", - p.Data().RedeemUrl.String()) + p.Data().RedeemURL.String()) assert.Equal(t, "https://example.com/oauth/profile", - p.Data().ProfileUrl.String()) + p.Data().ProfileURL.String()) assert.Equal(t, "https://example.com/oauth/tokeninfo", - p.Data().ValidateUrl.String()) + p.Data().ValidateURL.String()) assert.Equal(t, "profile", p.Data().Scope) } @@ -94,7 +94,7 @@ func TestGoogleProviderGetEmailAddress(t *testing.T) { }) assert.Equal(t, nil, err) var server *httptest.Server - p.RedeemUrl, server = newRedeemServer(body) + p.RedeemURL, server = newRedeemServer(body) defer server.Close() session, err := p.Redeem("http://redirect/", "code1234") @@ -131,7 +131,7 @@ func TestGoogleProviderGetEmailAddressInvalidEncoding(t *testing.T) { }) assert.Equal(t, nil, err) var server *httptest.Server - p.RedeemUrl, server = newRedeemServer(body) + p.RedeemURL, server = newRedeemServer(body) defer server.Close() session, err := p.Redeem("http://redirect/", "code1234") @@ -150,7 +150,7 @@ func TestGoogleProviderGetEmailAddressInvalidJson(t *testing.T) { }) assert.Equal(t, nil, err) var server *httptest.Server - p.RedeemUrl, server = newRedeemServer(body) + p.RedeemURL, server = newRedeemServer(body) defer server.Close() session, err := p.Redeem("http://redirect/", "code1234") @@ -169,7 +169,7 @@ func TestGoogleProviderGetEmailAddressEmailMissing(t *testing.T) { }) assert.Equal(t, nil, err) var server *httptest.Server - p.RedeemUrl, server = newRedeemServer(body) + p.RedeemURL, server = newRedeemServer(body) defer server.Close() session, err := p.Redeem("http://redirect/", "code1234") diff --git a/providers/internal_util.go b/providers/internal_util.go index ff0cafa..436744c 100644 --- a/providers/internal_util.go +++ b/providers/internal_util.go @@ -11,10 +11,10 @@ import ( // validateToken returns true if token is valid func validateToken(p Provider, access_token string, header http.Header) bool { - if access_token == "" || p.Data().ValidateUrl == nil { + if access_token == "" || p.Data().ValidateURL == nil { return false } - endpoint := p.Data().ValidateUrl.String() + endpoint := p.Data().ValidateURL.String() if len(header) == 0 { params := url.Values{"access_token": {access_token}} endpoint = endpoint + "?" + params.Encode() diff --git a/providers/internal_util_test.go b/providers/internal_util_test.go index bace76d..ad42bf1 100644 --- a/providers/internal_util_test.go +++ b/providers/internal_util_test.go @@ -63,7 +63,7 @@ func NewValidateSessionStateTest() *ValidateSessionStateTest { backend_url, _ := url.Parse(vt_test.backend.URL) vt_test.provider = &ValidateSessionStateTestProvider{ ProviderData: &ProviderData{ - ValidateUrl: &url.URL{ + ValidateURL: &url.URL{ Scheme: "http", Host: backend_url.Host, Path: "/oauth/tokeninfo", @@ -99,10 +99,10 @@ func TestValidateSessionStateEmptyToken(t *testing.T) { assert.Equal(t, false, validateToken(vt_test.provider, "", nil)) } -func TestValidateSessionStateEmptyValidateUrl(t *testing.T) { +func TestValidateSessionStateEmptyValidateURL(t *testing.T) { vt_test := NewValidateSessionStateTest() defer vt_test.Close() - vt_test.provider.Data().ValidateUrl = nil + vt_test.provider.Data().ValidateURL = nil assert.Equal(t, false, validateToken(vt_test.provider, "foobar", nil)) } diff --git a/providers/linkedin.go b/providers/linkedin.go index 2151229..971734c 100644 --- a/providers/linkedin.go +++ b/providers/linkedin.go @@ -15,23 +15,23 @@ type LinkedInProvider struct { func NewLinkedInProvider(p *ProviderData) *LinkedInProvider { p.ProviderName = "LinkedIn" - if p.LoginUrl.String() == "" { - p.LoginUrl = &url.URL{Scheme: "https", + if p.LoginURL.String() == "" { + p.LoginURL = &url.URL{Scheme: "https", Host: "www.linkedin.com", Path: "/uas/oauth2/authorization"} } - if p.RedeemUrl.String() == "" { - p.RedeemUrl = &url.URL{Scheme: "https", + if p.RedeemURL.String() == "" { + p.RedeemURL = &url.URL{Scheme: "https", Host: "www.linkedin.com", Path: "/uas/oauth2/accessToken"} } - if p.ProfileUrl.String() == "" { - p.ProfileUrl = &url.URL{Scheme: "https", + if p.ProfileURL.String() == "" { + p.ProfileURL = &url.URL{Scheme: "https", Host: "www.linkedin.com", Path: "/v1/people/~/email-address"} } - if p.ValidateUrl.String() == "" { - p.ValidateUrl = p.ProfileUrl + if p.ValidateURL.String() == "" { + p.ValidateURL = p.ProfileURL } if p.Scope == "" { p.Scope = "r_emailaddress r_basicprofile" @@ -51,7 +51,7 @@ func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error) { if s.AccessToken == "" { return "", errors.New("missing access token") } - req, err := http.NewRequest("GET", p.ProfileUrl.String()+"?format=json", nil) + req, err := http.NewRequest("GET", p.ProfileURL.String()+"?format=json", nil) if err != nil { return "", err } diff --git a/providers/linkedin_test.go b/providers/linkedin_test.go index c75a4a8..f43c96b 100644 --- a/providers/linkedin_test.go +++ b/providers/linkedin_test.go @@ -12,15 +12,15 @@ func testLinkedInProvider(hostname string) *LinkedInProvider { p := NewLinkedInProvider( &ProviderData{ ProviderName: "", - LoginUrl: &url.URL{}, - RedeemUrl: &url.URL{}, - ProfileUrl: &url.URL{}, - ValidateUrl: &url.URL{}, + LoginURL: &url.URL{}, + RedeemURL: &url.URL{}, + ProfileURL: &url.URL{}, + ValidateURL: &url.URL{}, Scope: ""}) if hostname != "" { - updateUrl(p.Data().LoginUrl, hostname) - updateUrl(p.Data().RedeemUrl, hostname) - updateUrl(p.Data().ProfileUrl, hostname) + updateURL(p.Data().LoginURL, hostname) + updateURL(p.Data().RedeemURL, hostname) + updateURL(p.Data().ProfileURL, hostname) } return p } @@ -47,32 +47,32 @@ func TestLinkedInProviderDefaults(t *testing.T) { assert.NotEqual(t, nil, p) assert.Equal(t, "LinkedIn", p.Data().ProviderName) assert.Equal(t, "https://www.linkedin.com/uas/oauth2/authorization", - p.Data().LoginUrl.String()) + p.Data().LoginURL.String()) assert.Equal(t, "https://www.linkedin.com/uas/oauth2/accessToken", - p.Data().RedeemUrl.String()) + p.Data().RedeemURL.String()) assert.Equal(t, "https://www.linkedin.com/v1/people/~/email-address", - p.Data().ProfileUrl.String()) + p.Data().ProfileURL.String()) assert.Equal(t, "https://www.linkedin.com/v1/people/~/email-address", - p.Data().ValidateUrl.String()) + p.Data().ValidateURL.String()) assert.Equal(t, "r_emailaddress r_basicprofile", p.Data().Scope) } func TestLinkedInProviderOverrides(t *testing.T) { p := NewLinkedInProvider( &ProviderData{ - LoginUrl: &url.URL{ + LoginURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/auth"}, - RedeemUrl: &url.URL{ + RedeemURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/token"}, - ProfileUrl: &url.URL{ + ProfileURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/profile"}, - ValidateUrl: &url.URL{ + ValidateURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/tokeninfo"}, @@ -80,13 +80,13 @@ func TestLinkedInProviderOverrides(t *testing.T) { assert.NotEqual(t, nil, p) assert.Equal(t, "LinkedIn", p.Data().ProviderName) assert.Equal(t, "https://example.com/oauth/auth", - p.Data().LoginUrl.String()) + p.Data().LoginURL.String()) assert.Equal(t, "https://example.com/oauth/token", - p.Data().RedeemUrl.String()) + p.Data().RedeemURL.String()) assert.Equal(t, "https://example.com/oauth/profile", - p.Data().ProfileUrl.String()) + p.Data().ProfileURL.String()) assert.Equal(t, "https://example.com/oauth/tokeninfo", - p.Data().ValidateUrl.String()) + p.Data().ValidateURL.String()) assert.Equal(t, "profile", p.Data().Scope) } diff --git a/providers/myusa.go b/providers/myusa.go index c244ed0..ae76d34 100644 --- a/providers/myusa.go +++ b/providers/myusa.go @@ -16,23 +16,23 @@ func NewMyUsaProvider(p *ProviderData) *MyUsaProvider { const myUsaHost string = "alpha.my.usa.gov" p.ProviderName = "MyUSA" - if p.LoginUrl.String() == "" { - p.LoginUrl = &url.URL{Scheme: "https", + if p.LoginURL.String() == "" { + p.LoginURL = &url.URL{Scheme: "https", Host: myUsaHost, Path: "/oauth/authorize"} } - if p.RedeemUrl.String() == "" { - p.RedeemUrl = &url.URL{Scheme: "https", + if p.RedeemURL.String() == "" { + p.RedeemURL = &url.URL{Scheme: "https", Host: myUsaHost, Path: "/oauth/token"} } - if p.ProfileUrl.String() == "" { - p.ProfileUrl = &url.URL{Scheme: "https", + if p.ProfileURL.String() == "" { + p.ProfileURL = &url.URL{Scheme: "https", Host: myUsaHost, Path: "/api/v1/profile"} } - if p.ValidateUrl.String() == "" { - p.ValidateUrl = &url.URL{Scheme: "https", + if p.ValidateURL.String() == "" { + p.ValidateURL = &url.URL{Scheme: "https", Host: myUsaHost, Path: "/api/v1/tokeninfo"} } @@ -44,7 +44,7 @@ func NewMyUsaProvider(p *ProviderData) *MyUsaProvider { func (p *MyUsaProvider) GetEmailAddress(s *SessionState) (string, error) { req, err := http.NewRequest("GET", - p.ProfileUrl.String()+"?access_token="+s.AccessToken, nil) + p.ProfileURL.String()+"?access_token="+s.AccessToken, nil) if err != nil { log.Printf("failed building request %s", err) return "", err diff --git a/providers/myusa_test.go b/providers/myusa_test.go index b4bdb30..d058845 100644 --- a/providers/myusa_test.go +++ b/providers/myusa_test.go @@ -9,7 +9,7 @@ import ( "github.com/bmizerany/assert" ) -func updateUrl(url *url.URL, hostname string) { +func updateURL(url *url.URL, hostname string) { url.Scheme = "http" url.Host = hostname } @@ -18,16 +18,16 @@ func testMyUsaProvider(hostname string) *MyUsaProvider { p := NewMyUsaProvider( &ProviderData{ ProviderName: "", - LoginUrl: &url.URL{}, - RedeemUrl: &url.URL{}, - ProfileUrl: &url.URL{}, - ValidateUrl: &url.URL{}, + LoginURL: &url.URL{}, + RedeemURL: &url.URL{}, + ProfileURL: &url.URL{}, + ValidateURL: &url.URL{}, Scope: ""}) if hostname != "" { - updateUrl(p.Data().LoginUrl, hostname) - updateUrl(p.Data().RedeemUrl, hostname) - updateUrl(p.Data().ProfileUrl, hostname) - updateUrl(p.Data().ValidateUrl, hostname) + updateURL(p.Data().LoginURL, hostname) + updateURL(p.Data().RedeemURL, hostname) + updateURL(p.Data().ProfileURL, hostname) + updateURL(p.Data().ValidateURL, hostname) } return p } @@ -53,32 +53,32 @@ func TestMyUsaProviderDefaults(t *testing.T) { assert.NotEqual(t, nil, p) assert.Equal(t, "MyUSA", p.Data().ProviderName) assert.Equal(t, "https://alpha.my.usa.gov/oauth/authorize", - p.Data().LoginUrl.String()) + p.Data().LoginURL.String()) assert.Equal(t, "https://alpha.my.usa.gov/oauth/token", - p.Data().RedeemUrl.String()) + p.Data().RedeemURL.String()) assert.Equal(t, "https://alpha.my.usa.gov/api/v1/profile", - p.Data().ProfileUrl.String()) + p.Data().ProfileURL.String()) assert.Equal(t, "https://alpha.my.usa.gov/api/v1/tokeninfo", - p.Data().ValidateUrl.String()) + p.Data().ValidateURL.String()) assert.Equal(t, "profile.email", p.Data().Scope) } func TestMyUsaProviderOverrides(t *testing.T) { p := NewMyUsaProvider( &ProviderData{ - LoginUrl: &url.URL{ + LoginURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/auth"}, - RedeemUrl: &url.URL{ + RedeemURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/token"}, - ProfileUrl: &url.URL{ + ProfileURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/profile"}, - ValidateUrl: &url.URL{ + ValidateURL: &url.URL{ Scheme: "https", Host: "example.com", Path: "/oauth/tokeninfo"}, @@ -86,13 +86,13 @@ func TestMyUsaProviderOverrides(t *testing.T) { assert.NotEqual(t, nil, p) assert.Equal(t, "MyUSA", p.Data().ProviderName) assert.Equal(t, "https://example.com/oauth/auth", - p.Data().LoginUrl.String()) + p.Data().LoginURL.String()) assert.Equal(t, "https://example.com/oauth/token", - p.Data().RedeemUrl.String()) + p.Data().RedeemURL.String()) assert.Equal(t, "https://example.com/oauth/profile", - p.Data().ProfileUrl.String()) + p.Data().ProfileURL.String()) assert.Equal(t, "https://example.com/oauth/tokeninfo", - p.Data().ValidateUrl.String()) + p.Data().ValidateURL.String()) assert.Equal(t, "profile", p.Data().Scope) } diff --git a/providers/provider_data.go b/providers/provider_data.go index 6ddfed1..a13ed8e 100644 --- a/providers/provider_data.go +++ b/providers/provider_data.go @@ -8,10 +8,10 @@ type ProviderData struct { ProviderName string ClientID string ClientSecret string - LoginUrl *url.URL - RedeemUrl *url.URL - ProfileUrl *url.URL - ValidateUrl *url.URL + LoginURL *url.URL + RedeemURL *url.URL + ProfileURL *url.URL + ValidateURL *url.URL Scope string ApprovalPrompt string } diff --git a/providers/provider_default.go b/providers/provider_default.go index 1a2e7f7..77b3dfd 100644 --- a/providers/provider_default.go +++ b/providers/provider_default.go @@ -13,20 +13,20 @@ import ( "github.com/bitly/oauth2_proxy/cookie" ) -func (p *ProviderData) Redeem(redirectUrl, code string) (s *SessionState, err error) { +func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error) { if code == "" { err = errors.New("missing code") return } params := url.Values{} - params.Add("redirect_uri", redirectUrl) + params.Add("redirect_uri", redirectURL) params.Add("client_id", p.ClientID) params.Add("client_secret", p.ClientSecret) params.Add("code", code) params.Add("grant_type", "authorization_code") var req *http.Request - req, err = http.NewRequest("POST", p.RedeemUrl.String(), bytes.NewBufferString(params.Encode())) + req, err = http.NewRequest("POST", p.RedeemURL.String(), bytes.NewBufferString(params.Encode())) if err != nil { return } @@ -45,7 +45,7 @@ func (p *ProviderData) Redeem(redirectUrl, code string) (s *SessionState, err er } if resp.StatusCode != 200 { - err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemUrl.String(), body) + err = fmt.Errorf("got %d from %q %s", resp.StatusCode, p.RedeemURL.String(), body) return } @@ -77,7 +77,7 @@ func (p *ProviderData) Redeem(redirectUrl, code string) (s *SessionState, err er // GetLoginURL with typical oauth parameters func (p *ProviderData) GetLoginURL(redirectURI, finalRedirect string) string { var a url.URL - a = *p.LoginUrl + a = *p.LoginURL params, _ := url.ParseQuery(a.RawQuery) params.Set("redirect_uri", redirectURI) params.Set("approval_prompt", p.ApprovalPrompt)