From 2b3649836548c428cd361ad716a83e06d326aa3f Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Fri, 6 Dec 2019 15:58:20 +0100 Subject: [PATCH] fixes of conf testing --- example/internal/mock/storage.go | 20 ++++++++++++++------ pkg/op/authrequest.go | 10 ++++++++++ pkg/op/error.go | 3 ++- 3 files changed, 26 insertions(+), 7 deletions(-) diff --git a/example/internal/mock/storage.go b/example/internal/mock/storage.go index c8eae4b..4e8ab7c 100644 --- a/example/internal/mock/storage.go +++ b/example/internal/mock/storage.go @@ -34,6 +34,8 @@ type AuthRequest struct { ID string ResponseType oidc.ResponseType RedirectURI string + Nonce string + ClientID string } func (a *AuthRequest) GetACR() string { @@ -48,7 +50,7 @@ func (a *AuthRequest) GetAMR() []string { func (a *AuthRequest) GetAudience() []string { return []string{ - a.ID, + a.ClientID, } } @@ -57,7 +59,7 @@ func (a *AuthRequest) GetAuthTime() time.Time { } func (a *AuthRequest) GetClientID() string { - return a.ID + return a.ClientID } func (a *AuthRequest) GetCode() string { @@ -69,11 +71,12 @@ func (a *AuthRequest) GetID() string { } func (a *AuthRequest) GetNonce() string { - return "nonce" + return a.Nonce } func (a *AuthRequest) GetRedirectURI() string { - return "http://localhost:5556/auth/callback" + return "https://op.certification.openid.net:62054/authz_cb" + // return "http://localhost:5556/auth/callback" } func (a *AuthRequest) GetResponseType() oidc.ResponseType { @@ -96,8 +99,13 @@ func (a *AuthRequest) GetSubject() string { return "sub" } +var ( + a = &AuthRequest{} +) + func (s *AuthStorage) CreateAuthRequest(authReq *oidc.AuthRequest) (op.AuthRequest, error) { - return &AuthRequest{ID: "id"}, nil + a = &AuthRequest{ID: "id", ClientID: authReq.ClientID, ResponseType: authReq.ResponseType, Nonce: authReq.Nonce} + return a, nil } func (s *OPStorage) GetClientByClientID(id string) (op.Client, error) { if id == "none" { @@ -114,7 +122,7 @@ func (s *OPStorage) GetClientByClientID(id string) (op.Client, error) { return &ConfClient{applicationType: appType}, nil } func (s *AuthStorage) AuthRequestByCode(op.Client, string, string) (op.AuthRequest, error) { - return &AuthRequest{ID: "native"}, nil + return a, nil } func (s *OPStorage) AuthorizeClientIDSecret(string, string) (op.Client, error) { return &ConfClient{}, nil diff --git a/pkg/op/authrequest.go b/pkg/op/authrequest.go index 8c45e4e..c1dd080 100644 --- a/pkg/op/authrequest.go +++ b/pkg/op/authrequest.go @@ -79,6 +79,9 @@ func ValidateAuthRequest(authReq *oidc.AuthRequest, storage Storage) error { if err := ValidateAuthReqRedirectURI(authReq.RedirectURI, authReq.ClientID, authReq.ResponseType, storage); err != nil { return err } + if err := ValidateAuthReqResponseType(authReq.ResponseType); err != nil { + return err + } return nil // return errors.New("Unimplemented") //TODO: impl https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.2 @@ -133,6 +136,13 @@ func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.Respons return nil } +func ValidateAuthReqResponseType(responseType oidc.ResponseType) error { + if responseType == "" { + return ErrInvalidRequest("response_type empty") + } + return nil +} + func RedirectToLogin(authReqID string, client Client, w http.ResponseWriter, r *http.Request) { login := client.LoginURL(authReqID) http.Redirect(w, r, login, http.StatusFound) diff --git a/pkg/op/error.go b/pkg/op/error.go index bd9bc00..0a3b4ab 100644 --- a/pkg/op/error.go +++ b/pkg/op/error.go @@ -60,7 +60,8 @@ func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq ErrAuthReq return } url := authReq.GetRedirectURI() - if authReq.GetResponseType() == oidc.ResponseTypeCode { + responseType := authReq.GetResponseType() + if responseType == "" || responseType == oidc.ResponseTypeCode { url += "?" + params } else { url += "#" + params