diff --git a/doc.go b/doc.go new file mode 100644 index 0000000..1df929b --- /dev/null +++ b/doc.go @@ -0,0 +1 @@ +package oidc diff --git a/example/go.mod b/example/go.mod index 1226bc4..c520de2 100644 --- a/example/go.mod +++ b/example/go.mod @@ -19,5 +19,6 @@ require ( github.com/caos/oidc/pkg/utils v0.0.0-00010101000000-000000000000 github.com/caos/utils/logging v0.0.0-20191104132131-b318678afbef github.com/google/uuid v1.1.1 - golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f + golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 + gopkg.in/square/go-jose.v2 v2.4.0 ) diff --git a/example/go.sum b/example/go.sum index f942ed2..7aed135 100644 --- a/example/go.sum +++ b/example/go.sum @@ -16,6 +16,7 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -59,12 +60,16 @@ github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f h1:kz4KIr+xcPUsI3VMoqWfPMvtnJ6MGfiVwsWSVzphMO4= golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 h1:anGSYQpPhQwXlwsu5wmfq0nWkCNaMEMUwAv13Y92hd8= +golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -80,9 +85,13 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914 h1:MlY3mEfbnWGmUi4rtHOtNnnnN4UJRGSyLPx+DXA5Sq4= golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 h1:e6HwijUxhDe+hPNjZQQn9bA5PW3vNmnN64U2ZW759Lk= +golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c h1:HjRaKPaiWks0f5tA6ELVF7ZfqSppfPwOEEAvsrKUTO4= +golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -95,6 +104,8 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2 h1:wAW1U21MfVN0sUipAD8952TBjGXMRHFKQugDlQ9RwwE= golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 h1:ZBzSG/7F4eNKz2L3GE9o300RX0Az1Bw5HF7PDraD+qU= +golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -129,5 +140,6 @@ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bl gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3 h1:fvjTMHxHEw/mxHbtzPi3JCcKXQRAnQTBRo6YCJSVHKI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/example/internal/mock/storage.go b/example/internal/mock/storage.go index b9828db..b0064c9 100644 --- a/example/internal/mock/storage.go +++ b/example/internal/mock/storage.go @@ -3,42 +3,91 @@ package mock import ( "errors" + "gopkg.in/square/go-jose.v2" + "github.com/caos/oidc/pkg/oidc" + "github.com/caos/oidc/pkg/op" ) -type Signer struct { -} - -func (s *Signer) Sign(*oidc.IDTokenClaims) (string, error) { - return "sdsa", nil -} - type Storage struct { } -func (s *Storage) CreateAuthRequest(authReq *oidc.AuthRequest) error { - authReq.ID = "id" - return nil +type AuthRequest struct { + ID string + ResponseType oidc.ResponseType + RedirectURI string } -func (s *Storage) GetClientByClientID(id string) (oidc.Client, error) { - if id == "not" { + +func (a *AuthRequest) GetACR() string { + return "" +} + +func (a *AuthRequest) GetAMR() []string { + return []string{} +} + +func (a *AuthRequest) GetAudience() []string { + return []string{} +} + +func (a *AuthRequest) GetClientID() string { + return "" +} + +func (a *AuthRequest) GetID() string { + return a.ID +} + +func (a *AuthRequest) GetNonce() string { + return "" +} + +func (a *AuthRequest) GetRedirectURI() string { + return "" +} + +func (a *AuthRequest) GetResponseType() oidc.ResponseType { + return a.ResponseType +} + +func (a *AuthRequest) GetState() string { + return "" +} + +func (a *AuthRequest) GetSubject() string { + return "" +} + +func (s *Storage) CreateAuthRequest(authReq *oidc.AuthRequest) (op.AuthRequest, error) { + return &AuthRequest{ID: "id"}, nil +} +func (s *Storage) GetClientByClientID(id string) (op.Client, error) { + if id == "none" { return nil, errors.New("not found") } + var appType op.ApplicationType + if id == "web" { + appType = op.ApplicationTypeWeb + } else if id == "native" { + appType = op.ApplicationTypeNative + } else { + appType = op.ApplicationTypeUserAgent + } + return &ConfClient{applicationType: appType}, nil +} +func (s *Storage) AuthRequestByCode(op.Client, string, string) (op.AuthRequest, error) { + return &AuthRequest{ID: "id"}, nil +} +func (s *Storage) AuthorizeClientIDSecret(string, string) (op.Client, error) { return &ConfClient{}, nil } -func (s *Storage) AuthRequestByCode(oidc.Client, string, string) (*oidc.AuthRequest, error) { - return &oidc.AuthRequest{ID: "id"}, nil -} -func (s *Storage) AuthorizeClientIDSecret(string, string) (oidc.Client, error) { - return &ConfClient{}, nil -} -func (s *Storage) AuthorizeClientIDCodeVerifier(string, string) (oidc.Client, error) { +func (s *Storage) AuthorizeClientIDCodeVerifier(string, string) (op.Client, error) { return &ConfClient{}, nil } func (s *Storage) DeleteAuthRequestAndCode(string, string) error { return nil } -func (s *Storage) AuthRequestByID(id string) (*oidc.AuthRequest, error) { +func (s *Storage) AuthRequestByID(id string) (op.AuthRequest, error) { if id == "none" { return nil, errors.New("not found") } @@ -50,13 +99,19 @@ func (s *Storage) AuthRequestByID(id string) (*oidc.AuthRequest, error) { } else { responseType = oidc.ResponseTypeIDToken } - return &oidc.AuthRequest{ + return &AuthRequest{ ResponseType: responseType, RedirectURI: "/callback", }, nil } -type ConfClient struct{} +func (s *Storage) GetSigningKey() (jose.SigningKey, error) { + return jose.SigningKey{Algorithm: jose.HS256, Key: []byte("test")}, nil +} + +type ConfClient struct { + applicationType op.ApplicationType +} func (c *ConfClient) RedirectURIs() []string { return []string{ @@ -70,6 +125,6 @@ func (c *ConfClient) LoginURL(id string) string { return "login?id=" + id } -func (c *ConfClient) ApplicationType() oidc.ApplicationType { - return oidc.ApplicationTypeNative +func (c *ConfClient) ApplicationType() op.ApplicationType { + return c.applicationType } diff --git a/example/server/default/default.go b/example/server/default/default.go index 690b38e..17ea0e9 100644 --- a/example/server/default/default.go +++ b/example/server/default/default.go @@ -5,23 +5,22 @@ import ( "log" "github.com/caos/oidc/example/internal/mock" - server "github.com/caos/oidc/pkg/op" + "github.com/caos/oidc/pkg/op" ) func main() { ctx := context.Background() - config := &server.Config{ + config := &op.Config{ Issuer: "http://localhost:9998/", Port: "9998", } storage := &mock.Storage{} - signer := &mock.Signer{} - handler, err := server.NewDefaultOP(config, storage, signer, server.WithCustomTokenEndpoint("test")) + handler, err := op.NewDefaultOP(config, storage, op.WithCustomTokenEndpoint("test")) if err != nil { log.Fatal(err) } - server.Start(ctx, handler) + op.Start(ctx, handler) <-ctx.Done() } diff --git a/pkg/oidc/go.mod b/pkg/oidc/go.mod index 8508ee6..10608cb 100644 --- a/pkg/oidc/go.mod +++ b/pkg/oidc/go.mod @@ -5,9 +5,9 @@ go 1.13 require ( github.com/golang/protobuf v1.3.2 // indirect github.com/stretchr/testify v1.4.0 // indirect - golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f // indirect - golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914 // indirect - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 + golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 // indirect + golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 // indirect + golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c golang.org/x/text v0.3.2 google.golang.org/appengine v1.6.5 // indirect gopkg.in/square/go-jose.v2 v2.4.0 diff --git a/pkg/oidc/go.sum b/pkg/oidc/go.sum index 2ca842b..bfcda25 100644 --- a/pkg/oidc/go.sum +++ b/pkg/oidc/go.sum @@ -12,18 +12,18 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f h1:kz4KIr+xcPUsI3VMoqWfPMvtnJ6MGfiVwsWSVzphMO4= -golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 h1:anGSYQpPhQwXlwsu5wmfq0nWkCNaMEMUwAv13Y92hd8= +golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e h1:bRhVy7zSSasaqNksaRZiA5EEI+Ei4I1nO5Jh72wfHlg= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914 h1:MlY3mEfbnWGmUi4rtHOtNnnnN4UJRGSyLPx+DXA5Sq4= -golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 h1:e6HwijUxhDe+hPNjZQQn9bA5PW3vNmnN64U2ZW759Lk= +golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c h1:HjRaKPaiWks0f5tA6ELVF7ZfqSppfPwOEEAvsrKUTO4= +golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/pkg/oidc/identity_provider.go b/pkg/oidc/identity_provider.go index 6ebfff0..b5124fe 100644 --- a/pkg/oidc/identity_provider.go +++ b/pkg/oidc/identity_provider.go @@ -1,13 +1,13 @@ package oidc -import "net/http" +// import "net/http" -type IdentityProvider interface { - // Configuration - // Storage() Storage - HandleDiscovery(w http.ResponseWriter, r *http.Request) - HandleAuthorize(w http.ResponseWriter, r *http.Request) - HandleExchange(w http.ResponseWriter, r *http.Request) - HandleUserinfo(w http.ResponseWriter, r *http.Request) - HttpHandler() *http.Server -} +// type IdentityProvider interface { +// // Configuration +// // Storage() Storage +// HandleDiscovery(w http.ResponseWriter, r *http.Request) +// HandleAuthorize(w http.ResponseWriter, r *http.Request) +// HandleExchange(w http.ResponseWriter, r *http.Request) +// HandleUserinfo(w http.ResponseWriter, r *http.Request) +// HttpHandler() *http.Server +// } diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index 5c5ed30..7bf557b 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -11,15 +11,14 @@ import ( "github.com/gorilla/schema" "github.com/caos/oidc/pkg/oidc" - "github.com/caos/oidc/pkg/op/u" str_utils "github.com/caos/utils/strings" ) type Authorizer interface { - Storage() u.Storage + Storage() Storage Decoder() *schema.Decoder Encoder() *schema.Encoder - Signe() u.Signer + Signer() Signer // ErrorHandler() func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error) } @@ -29,7 +28,7 @@ type Authorizer interface { type ValidationAuthorizer interface { Authorizer - ValidateAuthRequest(*oidc.AuthRequest, u.Storage) error + ValidateAuthRequest(*oidc.AuthRequest, Storage) error } // type errorHandler func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error) @@ -73,7 +72,7 @@ func Authorize(w http.ResponseWriter, r *http.Request, authorizer Authorizer) { RedirectToLogin(req, client, w, r) } -func ValidateAuthRequest(authReq *oidc.AuthRequest, storage u.Storage) error { +func ValidateAuthRequest(authReq *oidc.AuthRequest, storage Storage) error { if err := ValidateAuthReqScopes(authReq.Scopes); err != nil { return err } @@ -101,7 +100,7 @@ func ValidateAuthReqScopes(scopes []string) error { return nil } -func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.ResponseType, storage u.Storage) error { +func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.ResponseType, storage Storage) error { if uri == "" { return ErrInvalidRequest("redirect_uri must not be empty") } @@ -116,15 +115,15 @@ func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.Respons return nil } if responseType == oidc.ResponseTypeCode { - if strings.HasPrefix(uri, "http://") && u.IsConfidentialType(client) { + if strings.HasPrefix(uri, "http://") && IsConfidentialType(client) { return nil } - if client.ApplicationType() == u.ApplicationTypeNative { + if client.ApplicationType() == ApplicationTypeNative { return nil } return ErrInvalidRequest("redirect_uri not allowed 2") } else { - if client.ApplicationType() != u.ApplicationTypeNative { + if client.ApplicationType() != ApplicationTypeNative { return ErrInvalidRequest("redirect_uri not allowed 3") } if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) { @@ -134,7 +133,7 @@ func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.Respons return nil } -func RedirectToLogin(authReq u.AuthRequest, client u.Client, w http.ResponseWriter, r *http.Request) { +func RedirectToLogin(authReq AuthRequest, client Client, w http.ResponseWriter, r *http.Request) { login := client.LoginURL(authReq.GetID()) http.Redirect(w, r, login, http.StatusFound) } @@ -151,7 +150,7 @@ func AuthorizeCallback(w http.ResponseWriter, r *http.Request, authorizer Author AuthResponse(authReq, authorizer, w, r) } -func AuthResponse(authReq u.AuthRequest, authorizer Authorizer, w http.ResponseWriter, r *http.Request) { +func AuthResponse(authReq AuthRequest, authorizer Authorizer, w http.ResponseWriter, r *http.Request) { var callback string if authReq.GetResponseType() == oidc.ResponseTypeCode { callback = fmt.Sprintf("%s?code=%s", authReq.GetRedirectURI(), "test") @@ -164,7 +163,7 @@ func AuthResponse(authReq u.AuthRequest, authorizer Authorizer, w http.ResponseW } } - idToken, err := CreateIDToken("", authReq, accessToken, time.Now(), time.Now(), "", authorizer.Signe()) + idToken, err := CreateIDToken("", authReq, accessToken, time.Now(), time.Now(), "", authorizer.Signer()) if err != nil { } diff --git a/pkg/op/authrequest_test.go b/pkg/op/authrequest_test.go index 93d1c54..2cbc665 100644 --- a/pkg/op/authrequest_test.go +++ b/pkg/op/authrequest_test.go @@ -1,4 +1,4 @@ -package op +package op_test import ( "net/http" @@ -7,14 +7,14 @@ import ( "testing" "github.com/caos/oidc/pkg/oidc" + "github.com/caos/oidc/pkg/op" "github.com/caos/oidc/pkg/op/mock" - "github.com/caos/oidc/pkg/op/u" ) func TestValidateAuthRequest(t *testing.T) { type args struct { authRequest *oidc.AuthRequest - storage u.Storage + storage op.Storage } tests := []struct { name string @@ -53,7 +53,7 @@ func TestValidateAuthRequest(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := ValidateAuthRequest(tt.args.authRequest, tt.args.storage); (err != nil) != tt.wantErr { + if err := op.ValidateAuthRequest(tt.args.authRequest, tt.args.storage); (err != nil) != tt.wantErr { t.Errorf("ValidateAuthRequest() error = %v, wantErr %v", err, tt.wantErr) } }) @@ -65,7 +65,7 @@ func TestValidateAuthReqRedirectURI(t *testing.T) { uri string clientID string responseType oidc.ResponseType - storage u.Storage + storage op.Storage } tests := []struct { name string @@ -135,7 +135,7 @@ func TestValidateAuthReqRedirectURI(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := ValidateAuthReqRedirectURI(tt.args.uri, tt.args.clientID, tt.args.responseType, tt.args.storage); (err != nil) != tt.wantErr { + if err := op.ValidateAuthReqRedirectURI(tt.args.uri, tt.args.clientID, tt.args.responseType, tt.args.storage); (err != nil) != tt.wantErr { t.Errorf("ValidateRedirectURI() error = %v, wantErr %v", err.Error(), tt.wantErr) } }) @@ -163,7 +163,7 @@ func TestValidateAuthReqScopes(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := ValidateAuthReqScopes(tt.args.scopes); (err != nil) != tt.wantErr { + if err := op.ValidateAuthReqScopes(tt.args.scopes); (err != nil) != tt.wantErr { t.Errorf("ValidateAuthReqScopes() error = %v, wantErr %v", err, tt.wantErr) } }) @@ -184,7 +184,7 @@ func TestAuthorize(t *testing.T) { type args struct { w http.ResponseWriter r *http.Request - authorizer Authorizer + authorizer op.Authorizer } tests := []struct { name string @@ -218,7 +218,7 @@ func TestAuthorize(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - Authorize(tt.args.w, tt.args.r, tt.args.authorizer) + op.Authorize(tt.args.w, tt.args.r, tt.args.authorizer) }) } } diff --git a/pkg/op/u/client.go b/pkg/op/client.go similarity index 60% rename from pkg/op/u/client.go rename to pkg/op/client.go index ed37927..b584254 100644 --- a/pkg/op/u/client.go +++ b/pkg/op/client.go @@ -1,4 +1,10 @@ -package u +package op + +const ( + ApplicationTypeWeb ApplicationType = iota + ApplicationTypeUserAgent + ApplicationTypeNative +) type Client interface { RedirectURIs() []string @@ -6,25 +12,8 @@ type Client interface { LoginURL(string) string } -// type ClientType int - -// func (c ClientType) IsConvidential() bool { -// return c == ClientTypeConfidential -// } - func IsConfidentialType(c Client) bool { return c.ApplicationType() == ApplicationTypeWeb } type ApplicationType int - -// const (a ApplicationType) - -const ( - // ClientTypeConfidential ClientType = iota - // ClientTypePublic - - ApplicationTypeWeb ApplicationType = iota - ApplicationTypeUserAgent - ApplicationTypeNative -) diff --git a/pkg/op/default_op.go b/pkg/op/default_op.go index 2a6d925..8f1a325 100644 --- a/pkg/op/default_op.go +++ b/pkg/op/default_op.go @@ -6,7 +6,6 @@ import ( "github.com/gorilla/schema" "github.com/caos/oidc/pkg/oidc" - "github.com/caos/oidc/pkg/op/u" ) const ( @@ -29,8 +28,8 @@ type DefaultOP struct { config *Config endpoints *endpoints discoveryConfig *oidc.DiscoveryConfiguration - storage u.Storage - signer u.Signer + storage Storage + signer Signer http *http.Server decoder *schema.Decoder encoder *schema.Encoder @@ -90,18 +89,23 @@ func WithCustomUserinfoEndpoint(endpoint Endpoint) DefaultOPOpts { } } -func NewDefaultOP(config *Config, storage u.Storage, signer u.Signer, opOpts ...DefaultOPOpts) (OpenIDProvider, error) { - if err := ValidateIssuer(config.Issuer); err != nil { +func NewDefaultOP(config *Config, storage Storage, opOpts ...DefaultOPOpts) (OpenIDProvider, error) { + err := ValidateIssuer(config.Issuer) + if err != nil { return nil, err } p := &DefaultOP{ config: config, storage: storage, - signer: signer, endpoints: DefaultEndpoints, } + p.signer, err = NewDefaultSigner(storage) + if err != nil { + return nil, err + } + for _, optFunc := range opOpts { if err := optFunc(p); err != nil { return nil, err @@ -159,11 +163,11 @@ func (p *DefaultOP) Encoder() *schema.Encoder { return p.encoder } -func (p *DefaultOP) Storage() u.Storage { +func (p *DefaultOP) Storage() Storage { return p.storage } -func (p *DefaultOP) Signe() u.Signer { +func (p *DefaultOP) Signer() Signer { return p.signer // return } @@ -174,25 +178,6 @@ func (p *DefaultOP) Signe() u.Signer { func (p *DefaultOP) HandleAuthorize(w http.ResponseWriter, r *http.Request) { Authorize(w, r, p) - // if err != nil { - // http.Error(w, err.Error(), 400) - // } - // authRequest, err := ParseAuthRequest(w, r) - // if err != nil { - // //TODO: return err - // } - // err = ValidateAuthRequest(authRequest, p.storage) - // if err != nil { - // http.Error(w, err.Error(), 400) - // return - // //TODO: return err - // } - // // err = p.storage.CreateAuthRequest(authRequest) - // // if err != nil { - // // //TODO: return err - // // } - // var client oidc.Client - // RedirectToLogin(authRequest, client, w, r) } func (p *DefaultOP) HandleAuthorizeCallback(w http.ResponseWriter, r *http.Request) { @@ -206,25 +191,12 @@ func (p *DefaultOP) HandleExchange(w http.ResponseWriter, r *http.Request) { return } if reqType == string(oidc.GrantTypeCode) { - CodeExchange(w, r, p.storage, p.decoder) + CodeExchange(w, r, p) return } p.handleTokenExchange(w, r) } -// func (p *DefaultOP) handleCodeExchange(w http.ResponseWriter, r *http.Request) { -// tokenRequest, err := ParseAccessTokenRequest(w, r) -// if err != nil { -// //TODO: return err -// } -// err = ValidateAccessTokenRequest(tokenRequest, p.storage) -// if err != nil { -// //TODO: return err -// } -// b, _ := json.Marshal(tokenRequest) -// w.Write(b) -// } - func (p *DefaultOP) handleTokenExchange(w http.ResponseWriter, r *http.Request) { tokenRequest, err := ParseTokenExchangeRequest(w, r) if err != nil { diff --git a/pkg/op/default_op_test.go b/pkg/op/default_op_test.go index 76c1a1f..ed359a5 100644 --- a/pkg/op/default_op_test.go +++ b/pkg/op/default_op_test.go @@ -8,7 +8,6 @@ import ( "github.com/stretchr/testify/require" "github.com/caos/oidc/pkg/oidc" - "github.com/caos/oidc/pkg/op/u" ) func TestDefaultOP_HandleDiscovery(t *testing.T) { @@ -16,7 +15,7 @@ func TestDefaultOP_HandleDiscovery(t *testing.T) { config *Config endpoints *endpoints discoveryConfig *oidc.DiscoveryConfiguration - storage u.Storage + storage Storage http *http.Server } type args struct { diff --git a/pkg/op/error.go b/pkg/op/error.go index 2f7252d..1f7f70a 100644 --- a/pkg/op/error.go +++ b/pkg/op/error.go @@ -3,8 +3,6 @@ package op import ( "net/http" - "github.com/caos/oidc/pkg/op/u" - "github.com/caos/oidc/pkg/oidc" "github.com/caos/oidc/pkg/utils" ) @@ -16,7 +14,13 @@ const ( type errorType string -func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq u.ErrAuthRequest, err error) { +type ErrAuthRequest interface { + GetRedirectURI() string + GetResponseType() oidc.ResponseType + GetState() string +} + +func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq ErrAuthRequest, err error) { if authReq == nil { http.Error(w, err.Error(), http.StatusBadRequest) return @@ -79,7 +83,7 @@ var ( } ) -func (e *OAuthError) AuthRequestResponse(w http.ResponseWriter, r *http.Request, authReq u.AuthRequest) { +func (e *OAuthError) AuthRequestResponse(w http.ResponseWriter, r *http.Request, authReq AuthRequest) { if authReq == nil { http.Error(w, e.Error(), http.StatusBadRequest) return diff --git a/pkg/op/go.mod b/pkg/op/go.mod index 16a68a7..25e4e3d 100644 --- a/pkg/op/go.mod +++ b/pkg/op/go.mod @@ -1,4 +1,4 @@ -module github.com/caos/oidc/pkg/server +module github.com/caos/oidc/pkg/op go 1.13 @@ -10,20 +10,16 @@ replace github.com/caos/oidc/pkg/utils => /Users/livio/workspaces/go/src/github. replace github.com/caos/oidc/pkg/op => /Users/livio/workspaces/go/src/github.com/caos/oidc/pkg/op -replace github.com/caos/oidc/pkg/op/u => /Users/livio/workspaces/go/src/github.com/caos/oidc/pkg/op/u - require ( - github.com/caos/oidc v0.0.0-20191119072320-6412f213450c github.com/caos/oidc/pkg/oidc v0.0.0-00010101000000-000000000000 - github.com/caos/oidc/pkg/op v0.0.0-00010101000000-000000000000 github.com/caos/oidc/pkg/utils v0.0.0-00010101000000-000000000000 github.com/caos/utils v0.0.0-20191104132131-b318678afbef github.com/caos/utils/logging v0.0.0-20191104132131-b318678afbef github.com/golang/mock v1.3.1 - github.com/google/go-querystring v1.0.0 github.com/gorilla/mux v1.7.3 github.com/gorilla/schema v1.1.0 + github.com/stretchr/objx v0.2.0 // indirect github.com/stretchr/testify v1.4.0 - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 gopkg.in/square/go-jose.v2 v2.4.0 + gopkg.in/yaml.v2 v2.2.7 // indirect ) diff --git a/pkg/op/go.sum b/pkg/op/go.sum index afcf798..8d0efd4 100644 --- a/pkg/op/go.sum +++ b/pkg/op/go.sum @@ -19,6 +19,7 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1 h1:G5FRp8JnTd7RQH5kemVNlMeyXQAztQ3mOWV95KxsXH8= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= @@ -29,8 +30,6 @@ github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/schema v1.1.0 h1:CamqUDOFUBqzrvxuz2vEwo8+SUdwsluFh7IlzJh30LY= @@ -44,8 +43,10 @@ github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqC github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -57,14 +58,15 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= +github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f h1:kz4KIr+xcPUsI3VMoqWfPMvtnJ6MGfiVwsWSVzphMO4= -golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20191119213627-4f8c1d86b1ba h1:9bFeDpN3gTqNanMVqNcoR/pJQuP5uroC3t1D7eXozTE= -golang.org/x/crypto v0.0.0-20191119213627-4f8c1d86b1ba/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 h1:anGSYQpPhQwXlwsu5wmfq0nWkCNaMEMUwAv13Y92hd8= +golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -78,11 +80,11 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914 h1:MlY3mEfbnWGmUi4rtHOtNnnnN4UJRGSyLPx+DXA5Sq4= -golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 h1:e6HwijUxhDe+hPNjZQQn9bA5PW3vNmnN64U2ZW759Lk= +golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c h1:HjRaKPaiWks0f5tA6ELVF7ZfqSppfPwOEEAvsrKUTO4= +golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -94,10 +96,8 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed h1:5TJcLJn2a55mJjzYk0yOoqN8X1OdvBDUnaZaKKyQtkY= golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2 h1:wAW1U21MfVN0sUipAD8952TBjGXMRHFKQugDlQ9RwwE= -golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e h1:N7DeIrjYszNmSW409R3frPPwglRwMkXSBzwVbkOjLLA= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 h1:ZBzSG/7F4eNKz2L3GE9o300RX0Az1Bw5HF7PDraD+qU= +golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -106,6 +106,7 @@ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135 h1:5Beo0mZN8dRzgrMMkDp0jc8YXQKx9DiJ2k1dkvGsn5A= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -125,6 +126,7 @@ google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRn google.golang.org/grpc v1.25.1 h1:wdKvqQk7IttEw92GoRyKG2IDrUIpgpj6H6m81yfeMW0= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A= @@ -133,5 +135,7 @@ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bl gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3 h1:fvjTMHxHEw/mxHbtzPi3JCcKXQRAnQTBRo6YCJSVHKI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo= +gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/pkg/op/mock/authorizer.mock.go b/pkg/op/mock/authorizer.mock.go index 5c45d72..d051b71 100644 --- a/pkg/op/mock/authorizer.mock.go +++ b/pkg/op/mock/authorizer.mock.go @@ -5,11 +5,9 @@ package mock import ( - oidc "github.com/caos/oidc/pkg/oidc" - u "github.com/caos/oidc/pkg/op/u" + op "github.com/caos/oidc/pkg/op" gomock "github.com/golang/mock/gomock" schema "github.com/gorilla/schema" - http "net/http" reflect "reflect" ) @@ -64,39 +62,25 @@ func (mr *MockAuthorizerMockRecorder) Encoder() *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Encoder", reflect.TypeOf((*MockAuthorizer)(nil).Encoder)) } -// ErrorHandler mocks base method -func (m *MockAuthorizer) ErrorHandler() func(http.ResponseWriter, *http.Request, *oidc.AuthRequest, error) { +// Signer mocks base method +func (m *MockAuthorizer) Signer() op.Signer { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "ErrorHandler") - ret0, _ := ret[0].(func(http.ResponseWriter, *http.Request, *oidc.AuthRequest, error)) + ret := m.ctrl.Call(m, "Signer") + ret0, _ := ret[0].(op.Signer) return ret0 } -// ErrorHandler indicates an expected call of ErrorHandler -func (mr *MockAuthorizerMockRecorder) ErrorHandler() *gomock.Call { +// Signer indicates an expected call of Signer +func (mr *MockAuthorizerMockRecorder) Signer() *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ErrorHandler", reflect.TypeOf((*MockAuthorizer)(nil).ErrorHandler)) -} - -// Signe mocks base method -func (m *MockAuthorizer) Signe() u.Signer { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Signe") - ret0, _ := ret[0].(u.Signer) - return ret0 -} - -// Signe indicates an expected call of Signe -func (mr *MockAuthorizerMockRecorder) Signe() *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Signe", reflect.TypeOf((*MockAuthorizer)(nil).Signe)) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Signer", reflect.TypeOf((*MockAuthorizer)(nil).Signer)) } // Storage mocks base method -func (m *MockAuthorizer) Storage() u.Storage { +func (m *MockAuthorizer) Storage() op.Storage { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "Storage") - ret0, _ := ret[0].(u.Storage) + ret0, _ := ret[0].(op.Storage) return ret0 } diff --git a/pkg/op/mock/authorizer.mock.impl.go b/pkg/op/mock/authorizer.mock.impl.go index 0275dbf..f7dc58f 100644 --- a/pkg/op/mock/authorizer.mock.impl.go +++ b/pkg/op/mock/authorizer.mock.impl.go @@ -1,17 +1,13 @@ package mock import ( - http "net/http" "testing" - "github.com/stretchr/testify/require" - "github.com/golang/mock/gomock" "github.com/gorilla/schema" oidc "github.com/caos/oidc/pkg/oidc" "github.com/caos/oidc/pkg/op" - u "github.com/caos/oidc/pkg/op/u" ) func NewAuthorizer(t *testing.T) op.Authorizer { @@ -24,7 +20,7 @@ func NewAuthorizerExpectValid(t *testing.T, wantErr bool) op.Authorizer { ExpectEncoder(m) ExpectSigner(m, t) ExpectStorage(m, t) - ExpectErrorHandler(m, t, wantErr) + // ExpectErrorHandler(m, t, wantErr) return m } @@ -50,27 +46,27 @@ func ExpectEncoder(a op.Authorizer) { func ExpectSigner(a op.Authorizer, t *testing.T) { mockA := a.(*MockAuthorizer) - mockA.EXPECT().Signe().DoAndReturn( - func() u.Signer { + mockA.EXPECT().Signer().DoAndReturn( + func() op.Signer { return &Sig{} }) } -func ExpectErrorHandler(a op.Authorizer, t *testing.T, wantErr bool) { - mockA := a.(*MockAuthorizer) - mockA.EXPECT().ErrorHandler().AnyTimes(). - Return(func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error) { - if wantErr { - require.Error(t, err) - return - } - require.NoError(t, err) - }) -} +// func ExpectErrorHandler(a op.Authorizer, t *testing.T, wantErr bool) { +// mockA := a.(*MockAuthorizer) +// mockA.EXPECT().ErrorHandler().AnyTimes(). +// Return(func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error) { +// if wantErr { +// require.Error(t, err) +// return +// } +// require.NoError(t, err) +// }) +// } type Sig struct{} -func (s *Sig) Sign(*oidc.IDTokenClaims) (string, error) { +func (s *Sig) SignIDToken(*oidc.IDTokenClaims) (string, error) { return "", nil } diff --git a/pkg/op/mock/generate.go b/pkg/op/mock/generate.go index 0cf748b..330b025 100644 --- a/pkg/op/mock/generate.go +++ b/pkg/op/mock/generate.go @@ -1,4 +1,4 @@ package mock -//go:generate mockgen -package mock -destination ./storage.mock.go github.com/caos/oidc/pkg/op/u Storage +//go:generate mockgen -package mock -destination ./storage.mock.go github.com/caos/oidc/pkg/op Storage //go:generate mockgen -package mock -destination ./authorizer.mock.go github.com/caos/oidc/pkg/op Authorizer diff --git a/pkg/op/mock/storage.mock.go b/pkg/op/mock/storage.mock.go index 32ec1b0..a7f8192 100644 --- a/pkg/op/mock/storage.mock.go +++ b/pkg/op/mock/storage.mock.go @@ -1,11 +1,12 @@ // Code generated by MockGen. DO NOT EDIT. -// Source: github.com/caos/oidc/pkg/op/u (interfaces: Storage) +// Source: github.com/caos/oidc/pkg/op (interfaces: Storage) // Package mock is a generated GoMock package. package mock import ( oidc "github.com/caos/oidc/pkg/oidc" + op "github.com/caos/oidc/pkg/op" gomock "github.com/golang/mock/gomock" reflect "reflect" ) @@ -34,10 +35,10 @@ func (m *MockStorage) EXPECT() *MockStorageMockRecorder { } // AuthRequestByCode mocks base method -func (m *MockStorage) AuthRequestByCode(arg0 oidc.Client, arg1, arg2 string) (*oidc.AuthRequest, error) { +func (m *MockStorage) AuthRequestByCode(arg0 op.Client, arg1, arg2 string) (op.AuthRequest, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "AuthRequestByCode", arg0, arg1, arg2) - ret0, _ := ret[0].(*oidc.AuthRequest) + ret0, _ := ret[0].(op.AuthRequest) ret1, _ := ret[1].(error) return ret0, ret1 } @@ -49,10 +50,10 @@ func (mr *MockStorageMockRecorder) AuthRequestByCode(arg0, arg1, arg2 interface{ } // AuthRequestByID mocks base method -func (m *MockStorage) AuthRequestByID(arg0 string) (*oidc.AuthRequest, error) { +func (m *MockStorage) AuthRequestByID(arg0 string) (op.AuthRequest, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "AuthRequestByID", arg0) - ret0, _ := ret[0].(*oidc.AuthRequest) + ret0, _ := ret[0].(op.AuthRequest) ret1, _ := ret[1].(error) return ret0, ret1 } @@ -64,10 +65,10 @@ func (mr *MockStorageMockRecorder) AuthRequestByID(arg0 interface{}) *gomock.Cal } // AuthorizeClientIDCodeVerifier mocks base method -func (m *MockStorage) AuthorizeClientIDCodeVerifier(arg0, arg1 string) (oidc.Client, error) { +func (m *MockStorage) AuthorizeClientIDCodeVerifier(arg0, arg1 string) (op.Client, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "AuthorizeClientIDCodeVerifier", arg0, arg1) - ret0, _ := ret[0].(oidc.Client) + ret0, _ := ret[0].(op.Client) ret1, _ := ret[1].(error) return ret0, ret1 } @@ -79,10 +80,10 @@ func (mr *MockStorageMockRecorder) AuthorizeClientIDCodeVerifier(arg0, arg1 inte } // AuthorizeClientIDSecret mocks base method -func (m *MockStorage) AuthorizeClientIDSecret(arg0, arg1 string) (oidc.Client, error) { +func (m *MockStorage) AuthorizeClientIDSecret(arg0, arg1 string) (op.Client, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "AuthorizeClientIDSecret", arg0, arg1) - ret0, _ := ret[0].(oidc.Client) + ret0, _ := ret[0].(op.Client) ret1, _ := ret[1].(error) return ret0, ret1 } @@ -94,11 +95,12 @@ func (mr *MockStorageMockRecorder) AuthorizeClientIDSecret(arg0, arg1 interface{ } // CreateAuthRequest mocks base method -func (m *MockStorage) CreateAuthRequest(arg0 *oidc.AuthRequest) error { +func (m *MockStorage) CreateAuthRequest(arg0 *oidc.AuthRequest) (op.AuthRequest, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "CreateAuthRequest", arg0) - ret0, _ := ret[0].(error) - return ret0 + ret0, _ := ret[0].(op.AuthRequest) + ret1, _ := ret[1].(error) + return ret0, ret1 } // CreateAuthRequest indicates an expected call of CreateAuthRequest @@ -122,10 +124,10 @@ func (mr *MockStorageMockRecorder) DeleteAuthRequestAndCode(arg0, arg1 interface } // GetClientByClientID mocks base method -func (m *MockStorage) GetClientByClientID(arg0 string) (oidc.Client, error) { +func (m *MockStorage) GetClientByClientID(arg0 string) (op.Client, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetClientByClientID", arg0) - ret0, _ := ret[0].(oidc.Client) + ret0, _ := ret[0].(op.Client) ret1, _ := ret[1].(error) return ret0, ret1 } diff --git a/pkg/op/mock/storage.mock.impl.go b/pkg/op/mock/storage.mock.impl.go index 811b6e0..4d790c7 100644 --- a/pkg/op/mock/storage.mock.impl.go +++ b/pkg/op/mock/storage.mock.impl.go @@ -6,27 +6,27 @@ import ( "github.com/golang/mock/gomock" - "github.com/caos/oidc/pkg/oidc" - u "github.com/caos/oidc/pkg/op/u" + "github.com/caos/oidc/pkg/op" + op2 "github.com/caos/oidc/pkg/op" ) -func NewStorage(t *testing.T) u.Storage { +func NewStorage(t *testing.T) op2.Storage { return NewMockStorage(gomock.NewController(t)) } -func NewMockStorageExpectValidClientID(t *testing.T) u.Storage { +func NewMockStorageExpectValidClientID(t *testing.T) op2.Storage { m := NewStorage(t) ExpectValidClientID(m) return m } -func NewMockStorageExpectInvalidClientID(t *testing.T) u.Storage { +func NewMockStorageExpectInvalidClientID(t *testing.T) op2.Storage { m := NewStorage(t) ExpectInvalidClientID(m) return m } -func NewMockStorageAny(t *testing.T) u.Storage { +func NewMockStorageAny(t *testing.T) op2.Storage { m := NewStorage(t) mockS := m.(*MockStorage) mockS.EXPECT().GetClientByClientID(gomock.Any()).AnyTimes().Return(&ConfClient{}, nil) @@ -34,30 +34,30 @@ func NewMockStorageAny(t *testing.T) u.Storage { return m } -func ExpectInvalidClientID(s u.Storage) { +func ExpectInvalidClientID(s op2.Storage) { mockS := s.(*MockStorage) mockS.EXPECT().GetClientByClientID(gomock.Any()).Return(nil, errors.New("client not found")) } -func ExpectValidClientID(s u.Storage) { +func ExpectValidClientID(s op2.Storage) { mockS := s.(*MockStorage) mockS.EXPECT().GetClientByClientID(gomock.Any()).DoAndReturn( - func(id string) (oidc.Client, error) { - var appType oidc.ApplicationType + func(id string) (op.Client, error) { + var appType op.ApplicationType switch id { case "web_client": - appType = oidc.ApplicationTypeWeb + appType = op.ApplicationTypeWeb case "native_client": - appType = oidc.ApplicationTypeNative + appType = op.ApplicationTypeNative case "useragent_client": - appType = oidc.ApplicationTypeUserAgent + appType = op.ApplicationTypeUserAgent } return &ConfClient{appType: appType}, nil }) } type ConfClient struct { - appType oidc.ApplicationType + appType op.ApplicationType } func (c *ConfClient) RedirectURIs() []string { @@ -73,6 +73,6 @@ func (c *ConfClient) LoginURL(id string) string { return "login?id=" + id } -func (c *ConfClient) ApplicationType() oidc.ApplicationType { +func (c *ConfClient) ApplicationType() op.ApplicationType { return c.appType } diff --git a/pkg/op/signer.go b/pkg/op/signer.go new file mode 100644 index 0000000..f94412b --- /dev/null +++ b/pkg/op/signer.go @@ -0,0 +1,55 @@ +package op + +import ( + "encoding/json" + + "gopkg.in/square/go-jose.v2" + + "github.com/caos/oidc/pkg/oidc" +) + +type Signer interface { + SignIDToken(claims *oidc.IDTokenClaims) (string, error) +} + +type idTokenSigner struct { + signer jose.Signer + storage Storage +} + +func NewDefaultSigner(storage Storage) (Signer, error) { + s := &idTokenSigner{ + storage: storage, + } + if err := s.initialize(); err != nil { + return nil, err + } + return s, nil +} + +func (s *idTokenSigner) initialize() error { + key, err := s.storage.GetSigningKey() + if err != nil { + return err + } + s.signer, err = jose.NewSigner(key, &jose.SignerOptions{}) + if err != nil { + return err + } + return nil +} + +func (s *idTokenSigner) SignIDToken(claims *oidc.IDTokenClaims) (string, error) { + payload, err := json.Marshal(claims) + if err != nil { + return "", err + } + return s.Sign(payload) +} +func (s *idTokenSigner) Sign(payload []byte) (string, error) { + result, err := s.signer.Sign(payload) + if err != nil { + return "", err + } + return result.CompactSerialize() +} diff --git a/pkg/op/u/storage.go b/pkg/op/storage.go similarity index 80% rename from pkg/op/u/storage.go rename to pkg/op/storage.go index ed7bfdf..105306e 100644 --- a/pkg/op/u/storage.go +++ b/pkg/op/storage.go @@ -1,6 +1,10 @@ -package u +package op -import "github.com/caos/oidc/pkg/oidc" +import ( + "gopkg.in/square/go-jose.v2" + + "github.com/caos/oidc/pkg/oidc" +) type Storage interface { CreateAuthRequest(*oidc.AuthRequest) (AuthRequest, error) @@ -10,12 +14,7 @@ type Storage interface { AuthorizeClientIDSecret(string, string) (Client, error) AuthorizeClientIDCodeVerifier(string, string) (Client, error) DeleteAuthRequestAndCode(string, string) error -} - -type ErrAuthRequest interface { - GetRedirectURI() string - GetResponseType() oidc.ResponseType - GetState() string + GetSigningKey() (jose.SigningKey, error) } type AuthRequest interface { diff --git a/pkg/op/tokenrequest.go b/pkg/op/tokenrequest.go index 570a97e..c4e1c3f 100644 --- a/pkg/op/tokenrequest.go +++ b/pkg/op/tokenrequest.go @@ -7,7 +7,6 @@ import ( "gopkg.in/square/go-jose.v2" - "github.com/caos/oidc/pkg/op/u" "github.com/caos/oidc/pkg/utils" "github.com/gorilla/schema" @@ -26,7 +25,13 @@ import ( // return ParseTokenExchangeRequest(w, r) // } -func CodeExchange(w http.ResponseWriter, r *http.Request, storage u.Storage, decoder *schema.Decoder) { +type Exchanger interface { + Storage() Storage + Decoder() *schema.Decoder + Signer() Signer +} + +func CodeExchange(w http.ResponseWriter, r *http.Request, exchanger Exchanger) { err := r.ParseForm() if err != nil { ExchangeRequestError(w, r, ErrInvalidRequest("error parsing form")) @@ -34,7 +39,7 @@ func CodeExchange(w http.ResponseWriter, r *http.Request, storage u.Storage, dec } tokenReq := new(oidc.AccessTokenRequest) - err = decoder.Decode(tokenReq, r.Form) + err = exchanger.Decoder().Decode(tokenReq, r.Form) if err != nil { ExchangeRequestError(w, r, ErrInvalidRequest("error decoding form")) return @@ -44,17 +49,17 @@ func CodeExchange(w http.ResponseWriter, r *http.Request, storage u.Storage, dec return } - client, err := AuthorizeClient(r, tokenReq, storage) + client, err := AuthorizeClient(r, tokenReq, exchanger.Storage()) if err != nil { ExchangeRequestError(w, r, err) return } - authReq, err := storage.AuthRequestByCode(client, tokenReq.Code, tokenReq.RedirectURI) + authReq, err := exchanger.Storage().AuthRequestByCode(client, tokenReq.Code, tokenReq.RedirectURI) if err != nil { ExchangeRequestError(w, r, err) return } - err = storage.DeleteAuthRequestAndCode(authReq.GetID(), tokenReq.Code) + err = exchanger.Storage().DeleteAuthRequestAndCode(authReq.GetID(), tokenReq.Code) if err != nil { ExchangeRequestError(w, r, err) return @@ -64,7 +69,7 @@ func CodeExchange(w http.ResponseWriter, r *http.Request, storage u.Storage, dec ExchangeRequestError(w, r, err) return } - idToken, err := CreateIDToken("", authReq, "", time.Now(), time.Now(), "", nil) + idToken, err := CreateIDToken("", authReq, "", time.Now(), time.Now(), "", exchanger.Signer()) if err != nil { ExchangeRequestError(w, r, err) return @@ -81,7 +86,7 @@ func CreateAccessToken() (string, error) { return "accessToken", nil } -func CreateIDToken(issuer string, authReq u.AuthRequest, sub string, exp, authTime time.Time, accessToken string, signer u.Signer) (string, error) { +func CreateIDToken(issuer string, authReq AuthRequest, sub string, exp, authTime time.Time, accessToken string, signer Signer) (string, error) { var err error claims := &oidc.IDTokenClaims{ Issuer: issuer, @@ -102,10 +107,23 @@ func CreateIDToken(issuer string, authReq u.AuthRequest, sub string, exp, authTi return "", err } } - return signer.Sign(claims) + + return signer.SignIDToken(claims) } -func AuthorizeClient(r *http.Request, tokenReq *oidc.AccessTokenRequest, storage u.Storage) (u.Client, error) { +type Signe struct { + signer jose.Signer +} + +func (s *Signe) Sign(payload []byte) (string, error) { + result, err := s.signer.Sign(payload) + if err != nil { + return "", err + } + return result.CompactSerialize() +} + +func AuthorizeClient(r *http.Request, tokenReq *oidc.AccessTokenRequest, storage Storage) (Client, error) { if tokenReq.ClientID == "" { clientID, clientSecret, ok := r.BasicAuth() if ok { @@ -126,7 +144,7 @@ func ParseTokenExchangeRequest(w http.ResponseWriter, r *http.Request) (oidc.Tok return nil, errors.New("Unimplemented") //TODO: impl } -func ValidateTokenExchangeRequest(tokenReq oidc.TokenRequest, storage u.Storage) error { +func ValidateTokenExchangeRequest(tokenReq oidc.TokenRequest, storage Storage) error { return errors.New("Unimplemented") //TODO: impl } diff --git a/pkg/op/u/signer.go b/pkg/op/u/signer.go deleted file mode 100644 index 516d768..0000000 --- a/pkg/op/u/signer.go +++ /dev/null @@ -1,9 +0,0 @@ -package u - -import ( - "github.com/caos/oidc/pkg/oidc" -) - -type Signer interface { - Sign(claims *oidc.IDTokenClaims) (string, error) -} diff --git a/pkg/rp/go.mod b/pkg/rp/go.mod index bbae794..2d09fa9 100644 --- a/pkg/rp/go.mod +++ b/pkg/rp/go.mod @@ -4,10 +4,9 @@ go 1.13 require ( github.com/caos/oidc/pkg/oidc v0.0.0-00010101000000-000000000000 - github.com/caos/oidc/pkg/rp v0.0.0-00010101000000-000000000000 github.com/caos/oidc/pkg/utils v0.0.0-00010101000000-000000000000 github.com/caos/utils v0.0.0-20191104132131-b318678afbef - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 + golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c gopkg.in/square/go-jose.v2 v2.4.0 ) diff --git a/pkg/rp/go.sum b/pkg/rp/go.sum index 7fdb44f..1d920aa 100644 --- a/pkg/rp/go.sum +++ b/pkg/rp/go.sum @@ -13,10 +13,12 @@ github.com/caos/utils/pairs v0.0.0-20191104132131-b318678afbef/go.mod h1:UZHeoVF github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM= @@ -33,10 +35,14 @@ github.com/grpc-ecosystem/grpc-gateway v1.11.3/go.mod h1:vNeuVxBJEsws4ogUvrchl83 github.com/grpc-ecosystem/grpc-gateway v1.12.1 h1:zCy2xE9ablevUOrUZc3Dl72Dt+ya2FNAvC2yLYMHzi4= github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= @@ -46,10 +52,11 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f h1:kz4KIr+xcPUsI3VMoqWfPMvtnJ6MGfiVwsWSVzphMO4= -golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 h1:anGSYQpPhQwXlwsu5wmfq0nWkCNaMEMUwAv13Y92hd8= +golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -64,11 +71,11 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914 h1:MlY3mEfbnWGmUi4rtHOtNnnnN4UJRGSyLPx+DXA5Sq4= -golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 h1:e6HwijUxhDe+hPNjZQQn9bA5PW3vNmnN64U2ZW759Lk= +golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c h1:HjRaKPaiWks0f5tA6ELVF7ZfqSppfPwOEEAvsrKUTO4= +golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -79,8 +86,8 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2 h1:wAW1U21MfVN0sUipAD8952TBjGXMRHFKQugDlQ9RwwE= -golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 h1:ZBzSG/7F4eNKz2L3GE9o300RX0Az1Bw5HF7PDraD+qU= +golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -106,12 +113,14 @@ google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRn google.golang.org/grpc v1.25.1 h1:wdKvqQk7IttEw92GoRyKG2IDrUIpgpj6H6m81yfeMW0= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A= gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.3 h1:fvjTMHxHEw/mxHbtzPi3JCcKXQRAnQTBRo6YCJSVHKI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/pkg/utils/go.mod b/pkg/utils/go.mod index 8dc62d1..a4cbd60 100644 --- a/pkg/utils/go.mod +++ b/pkg/utils/go.mod @@ -8,7 +8,7 @@ require ( github.com/gorilla/schema v1.1.0 github.com/gorilla/securecookie v1.1.1 github.com/grpc-ecosystem/grpc-gateway v1.12.1 // indirect - golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2 // indirect + golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 // indirect google.golang.org/genproto v0.0.0-20191115221424-83cc0476cb11 // indirect google.golang.org/grpc v1.25.1 // indirect ) diff --git a/pkg/utils/go.sum b/pkg/utils/go.sum index 54aab6c..add9456 100644 --- a/pkg/utils/go.sum +++ b/pkg/utils/go.sum @@ -73,8 +73,8 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed h1:5TJcLJn2a55mJjzYk0yOoqN8X1OdvBDUnaZaKKyQtkY= golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2 h1:wAW1U21MfVN0sUipAD8952TBjGXMRHFKQugDlQ9RwwE= -golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 h1:ZBzSG/7F4eNKz2L3GE9o300RX0Az1Bw5HF7PDraD+qU= +golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=