From d368b2d9506cf0e4a8fc7608672e5577e75a396c Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Mon, 28 Sep 2020 09:07:46 +0200 Subject: [PATCH] refactoring --- example/client/app/app.go | 80 ++++++++++++------------ example/internal/mock/storage.go | 33 +++------- pkg/op/mock/authorizer.mock.impl.go | 20 +++--- pkg/op/mock/signer.mock.go | 45 +++++--------- pkg/op/mock/storage.mock.go | 8 +-- pkg/op/signer.go | 7 --- pkg/op/signer_test.go | 95 ----------------------------- 7 files changed, 77 insertions(+), 211 deletions(-) delete mode 100644 pkg/op/signer_test.go diff --git a/example/client/app/app.go b/example/client/app/app.go index ea1e6e7..3a96830 100644 --- a/example/client/app/app.go +++ b/example/client/app/app.go @@ -86,7 +86,8 @@ func main() { }) http.HandleFunc("/jwt-profile", func(w http.ResponseWriter, r *http.Request) { - tpl := ` + if r.Method == "GET" { + tpl := ` @@ -94,51 +95,54 @@ func main() { Login -
+
` - t, err := template.New("login").Parse(tpl) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - err = t.Execute(w, nil) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - } - }) + t, err := template.New("login").Parse(tpl) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + err = t.Execute(w, nil) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + } + } else { + err := r.ParseMultipartForm(4 << 10) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + file, handler, err := r.FormFile("key") + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + defer file.Close() - http.HandleFunc("/jwt-profile-assertion", func(w http.ResponseWriter, r *http.Request) { - r.ParseMultipartForm(32 << 20) - file, handler, err := r.FormFile("key") - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return + key, err := ioutil.ReadAll(file) + fmt.Println(handler.Header) + assertion, err := oidc.NewJWTProfileAssertionFromFileData(key, []string{issuer}) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + token, err := rp.JWTProfileExchange(ctx, assertion, provider) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + data, err := json.Marshal(token) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + w.Write(data) } - defer file.Close() - - key, err := ioutil.ReadAll(file) - fmt.Println(handler.Header) - assertion, err := oidc.NewJWTProfileAssertionFromFileData(key, []string{issuer}) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - token, err := rp.JWTProfileExchange(ctx, assertion, provider) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - data, err := json.Marshal(token) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - w.Write(data) }) lis := fmt.Sprintf("127.0.0.1:%s", port) logrus.Infof("listening on http://%s/", lis) diff --git a/example/internal/mock/storage.go b/example/internal/mock/storage.go index 74e0ed7..1c33906 100644 --- a/example/internal/mock/storage.go +++ b/example/internal/mock/storage.go @@ -210,31 +210,18 @@ func (s *AuthStorage) AuthorizeClientIDSecret(_ context.Context, id string, _ st return nil } -func (s *AuthStorage) GetUserinfoFromToken(ctx context.Context, _, _ string) (*oidc.userinfo, error) { +func (s *AuthStorage) GetUserinfoFromToken(ctx context.Context, _, _ string) (oidc.UserInfoSetter, error) { return s.GetUserinfoFromScopes(ctx, "", []string{}) } -func (s *AuthStorage) GetUserinfoFromScopes(_ context.Context, _ string, _ []string) (*oidc.userinfo, error) { - return &oidc.userinfo{ - Subject: a.GetSubject(), - Address: &oidc.UserinfoAddress{ - StreetAddress: "Hjkhkj 789\ndsf", - }, - userinfoEmail: oidc.userinfoEmail{ - Email: "test", - EmailVerified: true, - }, - userinfoPhone: oidc.userinfoPhone{ - PhoneNumber: "sadsa", - PhoneNumberVerified: true, - }, - userinfoProfile: oidc.userinfoProfile{ - UpdatedAt: time.Now(), - }, - // Claims: map[string]interface{}{ - // "test": "test", - // "hkjh": "", - // }, - }, nil +func (s *AuthStorage) GetUserinfoFromScopes(_ context.Context, _ string, _ []string) (oidc.UserInfoSetter, error) { + userinfo := oidc.NewUserInfo() + userinfo.SetSubject(a.GetSubject()) + userinfo.SetAddress(oidc.NewUserInfoAddress("Test 789\nPostfach 2", "", "", "", "", "")) + userinfo.SetEmail("test", true) + userinfo.SetPhone("0791234567", true) + userinfo.SetName("Test") + userinfo.AppendClaims("private_claim", "test") + return userinfo, nil } type ConfClient struct { diff --git a/pkg/op/mock/authorizer.mock.impl.go b/pkg/op/mock/authorizer.mock.impl.go index 7dfcfff..a481a8b 100644 --- a/pkg/op/mock/authorizer.mock.impl.go +++ b/pkg/op/mock/authorizer.mock.impl.go @@ -72,18 +72,18 @@ func (v *Verifier) VerifyIDToken(ctx context.Context, idToken string) (*oidc.IDT return nil, nil } -type Sig struct{} +type Sig struct { + signer jose.Signer +} + +func (s *Sig) Signer() jose.Signer { + return s.signer +} func (s *Sig) Health(ctx context.Context) error { return nil } -func (s *Sig) SignIDToken(*oidc.IDTokenClaims) (string, error) { - return "", nil -} -func (s *Sig) SignAccessToken(*oidc.accessTokenClaims) (string, error) { - return "", nil -} func (s *Sig) SignatureAlgorithm() jose.SignatureAlgorithm { return jose.HS256 } @@ -92,9 +92,3 @@ func ExpectStorage(a op.Authorizer, t *testing.T) { mockA := a.(*MockAuthorizer) mockA.EXPECT().Storage().AnyTimes().Return(NewMockStorageAny(t)) } - -// func NewMockSignerAny(t *testing.T) op.Signer { -// m := NewMockSigner(gomock.NewController(t)) -// m.EXPECT().Sign(gomock.Any()).AnyTimes().Return("", nil) -// return m -// } diff --git a/pkg/op/mock/signer.mock.go b/pkg/op/mock/signer.mock.go index 16592a7..b52f9d4 100644 --- a/pkg/op/mock/signer.mock.go +++ b/pkg/op/mock/signer.mock.go @@ -6,7 +6,6 @@ package mock import ( context "context" - oidc "github.com/caos/oidc/pkg/oidc" gomock "github.com/golang/mock/gomock" jose "gopkg.in/square/go-jose.v2" reflect "reflect" @@ -49,36 +48,6 @@ func (mr *MockSignerMockRecorder) Health(arg0 interface{}) *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Health", reflect.TypeOf((*MockSigner)(nil).Health), arg0) } -// SignAccessToken mocks base method -func (m *MockSigner) SignAccessToken(arg0 *oidc.accessTokenClaims) (string, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "SignAccessToken", arg0) - ret0, _ := ret[0].(string) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// SignAccessToken indicates an expected call of SignAccessToken -func (mr *MockSignerMockRecorder) SignAccessToken(arg0 interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SignAccessToken", reflect.TypeOf((*MockSigner)(nil).SignAccessToken), arg0) -} - -// SignIDToken mocks base method -func (m *MockSigner) SignIDToken(arg0 *oidc.IDTokenClaims) (string, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "SignIDToken", arg0) - ret0, _ := ret[0].(string) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// SignIDToken indicates an expected call of SignIDToken -func (mr *MockSignerMockRecorder) SignIDToken(arg0 interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SignIDToken", reflect.TypeOf((*MockSigner)(nil).SignIDToken), arg0) -} - // SignatureAlgorithm mocks base method func (m *MockSigner) SignatureAlgorithm() jose.SignatureAlgorithm { m.ctrl.T.Helper() @@ -92,3 +61,17 @@ func (mr *MockSignerMockRecorder) SignatureAlgorithm() *gomock.Call { mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SignatureAlgorithm", reflect.TypeOf((*MockSigner)(nil).SignatureAlgorithm)) } + +// Signer mocks base method +func (m *MockSigner) Signer() jose.Signer { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Signer") + ret0, _ := ret[0].(jose.Signer) + return ret0 +} + +// Signer indicates an expected call of Signer +func (mr *MockSignerMockRecorder) Signer() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Signer", reflect.TypeOf((*MockSigner)(nil).Signer)) +} diff --git a/pkg/op/mock/storage.mock.go b/pkg/op/mock/storage.mock.go index bcc04da..1bcd1a6 100644 --- a/pkg/op/mock/storage.mock.go +++ b/pkg/op/mock/storage.mock.go @@ -184,10 +184,10 @@ func (mr *MockStorageMockRecorder) GetSigningKey(arg0, arg1, arg2, arg3 interfac } // GetUserinfoFromScopes mocks base method -func (m *MockStorage) GetUserinfoFromScopes(arg0 context.Context, arg1 string, arg2 []string) (*oidc.userinfo, error) { +func (m *MockStorage) GetUserinfoFromScopes(arg0 context.Context, arg1 string, arg2 []string) (oidc.UserInfoSetter, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetUserinfoFromScopes", arg0, arg1, arg2) - ret0, _ := ret[0].(*oidc.userinfo) + ret0, _ := ret[0].(oidc.UserInfoSetter) ret1, _ := ret[1].(error) return ret0, ret1 } @@ -199,10 +199,10 @@ func (mr *MockStorageMockRecorder) GetUserinfoFromScopes(arg0, arg1, arg2 interf } // GetUserinfoFromToken mocks base method -func (m *MockStorage) GetUserinfoFromToken(arg0 context.Context, arg1, arg2 string) (*oidc.userinfo, error) { +func (m *MockStorage) GetUserinfoFromToken(arg0 context.Context, arg1, arg2 string) (oidc.UserInfoSetter, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetUserinfoFromToken", arg0, arg1, arg2) - ret0, _ := ret[0].(*oidc.userinfo) + ret0, _ := ret[0].(oidc.UserInfoSetter) ret1, _ := ret[1].(error) return ret0, ret1 } diff --git a/pkg/op/signer.go b/pkg/op/signer.go index 5cf585e..76bb9c7 100644 --- a/pkg/op/signer.go +++ b/pkg/op/signer.go @@ -10,8 +10,6 @@ import ( type Signer interface { Health(ctx context.Context) error - //SignIDToken(claims *oidc.IDTokenClaims) (string, error) - //SignAccessToken(claims *oidc.AccessTokenClaims) (string, error) Signer() jose.Signer SignatureAlgorithm() jose.SignatureAlgorithm } @@ -43,11 +41,6 @@ func (s *tokenSigner) Signer() jose.Signer { return s.signer } -// -//func (s *tokenSigner) Sign(payload []byte) (*jose.JSONWebSignature, error) { -// return s.signer.Sign(payload) -//} - func (s *tokenSigner) refreshSigningKey(ctx context.Context, keyCh <-chan jose.SigningKey) { for { select { diff --git a/pkg/op/signer_test.go b/pkg/op/signer_test.go deleted file mode 100644 index c751c76..0000000 --- a/pkg/op/signer_test.go +++ /dev/null @@ -1,95 +0,0 @@ -package op - -import ( - "testing" - - "github.com/stretchr/testify/require" - "gopkg.in/square/go-jose.v2" -) - -// func TestNewDefaultSigner(t *testing.T) { -// type args struct { -// storage Storage -// } -// tests := []struct { -// name string -// args args -// want Signer -// wantErr bool -// }{ -// { -// "err initialize storage fails", -// args{mock.NewMockStorageSigningKeyError(t)}, -// nil, -// true, -// }, -// { -// "err initialize storage fails", -// args{mock.NewMockStorageSigningKeyInvalid(t)}, -// nil, -// true, -// }, -// { -// "initialize ok", -// args{mock.NewMockStorageSigningKey(t)}, -// &idTokenSigner{Storage: mock.NewMockStorageSigningKey(t)}, -// false, -// }, -// } -// for _, tt := range tests { -// t.Run(tt.name, func(t *testing.T) { -// got, err := op.NewSigner(tt.args.storage) -// if (err != nil) != tt.wantErr { -// t.Errorf("NewSigner() error = %v, wantErr %v", err, tt.wantErr) -// return -// } -// if !reflect.DeepEqual(got, tt.want) { -// t.Errorf("NewSigner() = %v, want %v", got, tt.want) -// } -// }) -// } -// } - -func Test_idTokenSigner_Sign(t *testing.T) { - signer, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.HS256, Key: []byte("key")}, &jose.SignerOptions{}) - require.NoError(t, err) - - type fields struct { - signer jose.Signer - storage Storage - } - type args struct { - payload []byte - } - tests := []struct { - name string - fields fields - args args - want string - wantErr bool - }{ - { - "ok", - fields{signer, nil}, - args{[]byte("test")}, - "eyJhbGciOiJIUzI1NiJ9.dGVzdA.SxYZRsvB_Dr4F7SEFuYXvkMZqCCwzpsPOQXl-vLPEww", - false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - s := &tokenSigner{ - signer: tt.fields.signer, - storage: tt.fields.storage, - } - got, err := s.Sign(tt.args.payload) - if (err != nil) != tt.wantErr { - t.Errorf("idTokenSigner.Sign() error = %v, wantErr %v", err, tt.wantErr) - return - } - if got != tt.want { - t.Errorf("idTokenSigner.Sign() = %v, want %v", got, tt.want) - } - }) - } -}