Introduce validate-url flag/config

This commit is contained in:
Mike Bland 2015-05-08 17:13:35 -04:00
parent 8e2d83600c
commit 72857018ee
8 changed files with 40 additions and 5 deletions

View File

@ -56,6 +56,7 @@ func main() {
flagSet.String("login-url", "", "Authentication endpoint") flagSet.String("login-url", "", "Authentication endpoint")
flagSet.String("redeem-url", "", "Token redemption endpoint") flagSet.String("redeem-url", "", "Token redemption endpoint")
flagSet.String("profile-url", "", "Profile access endpoint") flagSet.String("profile-url", "", "Profile access endpoint")
flagSet.String("validate-url", "", "Access token validation endpoint")
flagSet.String("scope", "", "Oauth scope specification") flagSet.String("scope", "", "Oauth scope specification")
flagSet.Parse(os.Args[1:]) flagSet.Parse(os.Args[1:])

View File

@ -40,6 +40,7 @@ type OauthProxy struct {
provider providers.Provider provider providers.Provider
oauthRedemptionUrl *url.URL // endpoint to redeem the code oauthRedemptionUrl *url.URL // endpoint to redeem the code
oauthLoginUrl *url.URL // to redirect the user to oauthLoginUrl *url.URL // to redirect the user to
oauthValidateUrl *url.URL // to validate the access token
oauthScope string oauthScope string
clientID string clientID string
clientSecret string clientSecret string
@ -146,6 +147,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
provider: opts.provider, provider: opts.provider,
oauthRedemptionUrl: opts.provider.Data().RedeemUrl, oauthRedemptionUrl: opts.provider.Data().RedeemUrl,
oauthLoginUrl: opts.provider.Data().LoginUrl, oauthLoginUrl: opts.provider.Data().LoginUrl,
oauthValidateUrl: opts.provider.Data().ValidateUrl,
serveMux: serveMux, serveMux: serveMux,
redirectUrl: redirectUrl, redirectUrl: redirectUrl,
skipAuthRegex: opts.SkipAuthRegex, skipAuthRegex: opts.SkipAuthRegex,

View File

@ -43,6 +43,7 @@ type Options struct {
LoginUrl string `flag:"login-url" cfg:"login_url"` LoginUrl string `flag:"login-url" cfg:"login_url"`
RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"` RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"`
ProfileUrl string `flag:"profile-url" cfg:"profile_url"` ProfileUrl string `flag:"profile-url" cfg:"profile_url"`
ValidateUrl string `flag:"validate-url" cfg:"validate_url"`
Scope string `flag:"scope" cfg:"scope"` Scope string `flag:"scope" cfg:"scope"`
RequestLogging bool `flag:"request-logging" cfg:"request_logging"` RequestLogging bool `flag:"request-logging" cfg:"request_logging"`
@ -148,6 +149,7 @@ func parseProviderInfo(o *Options, msgs []string) []string {
p.LoginUrl, msgs = parseUrl(o.LoginUrl, "login", msgs) p.LoginUrl, msgs = parseUrl(o.LoginUrl, "login", msgs)
p.RedeemUrl, msgs = parseUrl(o.RedeemUrl, "redeem", msgs) p.RedeemUrl, msgs = parseUrl(o.RedeemUrl, "redeem", msgs)
p.ProfileUrl, msgs = parseUrl(o.ProfileUrl, "profile", msgs) p.ProfileUrl, msgs = parseUrl(o.ProfileUrl, "profile", msgs)
p.ValidateUrl, msgs = parseUrl(o.ValidateUrl, "validate", msgs)
o.provider = providers.New(o.Provider, p) o.provider = providers.New(o.Provider, p)
return msgs return msgs
} }

View File

@ -24,6 +24,11 @@ func NewGoogleProvider(p *ProviderData) *GoogleProvider {
Host: "accounts.google.com", Host: "accounts.google.com",
Path: "/o/oauth2/token"} Path: "/o/oauth2/token"}
} }
if p.ValidateUrl.String() == "" {
p.ValidateUrl = &url.URL{Scheme: "https",
Host: "www.googleapis.com",
Path: "/oauth2/v1/tokeninfo"}
}
if p.Scope == "" { if p.Scope == "" {
p.Scope = "profile email" p.Scope = "profile email"
} }

View File

@ -15,6 +15,7 @@ func newGoogleProvider() *GoogleProvider {
LoginUrl: &url.URL{}, LoginUrl: &url.URL{},
RedeemUrl: &url.URL{}, RedeemUrl: &url.URL{},
ProfileUrl: &url.URL{}, ProfileUrl: &url.URL{},
ValidateUrl: &url.URL{},
Scope: ""}) Scope: ""})
} }
@ -26,6 +27,8 @@ func TestGoogleProviderDefaults(t *testing.T) {
p.Data().LoginUrl.String()) p.Data().LoginUrl.String())
assert.Equal(t, "https://accounts.google.com/o/oauth2/token", assert.Equal(t, "https://accounts.google.com/o/oauth2/token",
p.Data().RedeemUrl.String()) p.Data().RedeemUrl.String())
assert.Equal(t, "https://www.googleapis.com/oauth2/v1/tokeninfo",
p.Data().ValidateUrl.String())
assert.Equal(t, "", p.Data().ProfileUrl.String()) assert.Equal(t, "", p.Data().ProfileUrl.String())
assert.Equal(t, "profile email", p.Data().Scope) assert.Equal(t, "profile email", p.Data().Scope)
} }
@ -45,6 +48,10 @@ func TestGoogleProviderOverrides(t *testing.T) {
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/profile"}, Path: "/oauth/profile"},
ValidateUrl: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/tokeninfo"},
Scope: "profile"}) Scope: "profile"})
assert.NotEqual(t, nil, p) assert.NotEqual(t, nil, p)
assert.Equal(t, "Google", p.Data().ProviderName) assert.Equal(t, "Google", p.Data().ProviderName)
@ -54,6 +61,8 @@ func TestGoogleProviderOverrides(t *testing.T) {
p.Data().RedeemUrl.String()) p.Data().RedeemUrl.String())
assert.Equal(t, "https://example.com/oauth/profile", assert.Equal(t, "https://example.com/oauth/profile",
p.Data().ProfileUrl.String()) p.Data().ProfileUrl.String())
assert.Equal(t, "https://example.com/oauth/tokeninfo",
p.Data().ValidateUrl.String())
assert.Equal(t, "profile", p.Data().Scope) assert.Equal(t, "profile", p.Data().Scope)
} }

View File

@ -32,6 +32,11 @@ func NewMyUsaProvider(p *ProviderData) *MyUsaProvider {
Host: myUsaHost, Host: myUsaHost,
Path: "/api/v1/profile"} Path: "/api/v1/profile"}
} }
if p.ValidateUrl.String() == "" {
p.ValidateUrl = &url.URL{Scheme: "https",
Host: myUsaHost,
Path: "/api/v1/tokeninfo"}
}
if p.Scope == "" { if p.Scope == "" {
p.Scope = "profile.email" p.Scope = "profile.email"
} }

View File

@ -21,11 +21,13 @@ func testMyUsaProvider(hostname string) *MyUsaProvider {
LoginUrl: &url.URL{}, LoginUrl: &url.URL{},
RedeemUrl: &url.URL{}, RedeemUrl: &url.URL{},
ProfileUrl: &url.URL{}, ProfileUrl: &url.URL{},
ValidateUrl: &url.URL{},
Scope: ""}) Scope: ""})
if hostname != "" { if hostname != "" {
updateUrl(p.Data().LoginUrl, hostname) updateUrl(p.Data().LoginUrl, hostname)
updateUrl(p.Data().RedeemUrl, hostname) updateUrl(p.Data().RedeemUrl, hostname)
updateUrl(p.Data().ProfileUrl, hostname) updateUrl(p.Data().ProfileUrl, hostname)
updateUrl(p.Data().ValidateUrl, hostname)
} }
return p return p
} }
@ -56,6 +58,8 @@ func TestMyUsaProviderDefaults(t *testing.T) {
p.Data().RedeemUrl.String()) p.Data().RedeemUrl.String())
assert.Equal(t, "https://alpha.my.usa.gov/api/v1/profile", assert.Equal(t, "https://alpha.my.usa.gov/api/v1/profile",
p.Data().ProfileUrl.String()) p.Data().ProfileUrl.String())
assert.Equal(t, "https://alpha.my.usa.gov/api/v1/tokeninfo",
p.Data().ValidateUrl.String())
assert.Equal(t, "profile.email", p.Data().Scope) assert.Equal(t, "profile.email", p.Data().Scope)
} }
@ -74,6 +78,10 @@ func TestMyUsaProviderOverrides(t *testing.T) {
Scheme: "https", Scheme: "https",
Host: "example.com", Host: "example.com",
Path: "/oauth/profile"}, Path: "/oauth/profile"},
ValidateUrl: &url.URL{
Scheme: "https",
Host: "example.com",
Path: "/oauth/tokeninfo"},
Scope: "profile"}) Scope: "profile"})
assert.NotEqual(t, nil, p) assert.NotEqual(t, nil, p)
assert.Equal(t, "MyUSA", p.Data().ProviderName) assert.Equal(t, "MyUSA", p.Data().ProviderName)
@ -83,6 +91,8 @@ func TestMyUsaProviderOverrides(t *testing.T) {
p.Data().RedeemUrl.String()) p.Data().RedeemUrl.String())
assert.Equal(t, "https://example.com/oauth/profile", assert.Equal(t, "https://example.com/oauth/profile",
p.Data().ProfileUrl.String()) p.Data().ProfileUrl.String())
assert.Equal(t, "https://example.com/oauth/tokeninfo",
p.Data().ValidateUrl.String())
assert.Equal(t, "profile", p.Data().Scope) assert.Equal(t, "profile", p.Data().Scope)
} }

View File

@ -9,6 +9,7 @@ type ProviderData struct {
LoginUrl *url.URL LoginUrl *url.URL
RedeemUrl *url.URL RedeemUrl *url.URL
ProfileUrl *url.URL ProfileUrl *url.URL
ValidateUrl *url.URL
Scope string Scope string
} }