refactoring
This commit is contained in:
Livio Amstutz
parent
d7ed59db2b
commit
d368b2d950
7 changed files with 77 additions and 211 deletions
|
|
@ -86,7 +86,8 @@ func main() {
|
|||
})
|
||||
|
||||
http.HandleFunc("/jwt-profile", func(w http.ResponseWriter, r *http.Request) {
|
||||
tpl := `
|
||||
if r.Method == "GET" {
|
||||
tpl := `
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
|
|
@ -94,51 +95,54 @@ func main() {
|
|||
<title>Login</title>
|
||||
</head>
|
||||
<body>
|
||||
<form method="POST" action="/jwt-profile-assertion" enctype="multipart/form-data">
|
||||
<form method="POST" action="/jwt-profile" enctype="multipart/form-data">
|
||||
<label for="key">Select a key file:</label>
|
||||
<input type="file" id="key" name="key">
|
||||
<button type="submit">Upload</button>
|
||||
</form>
|
||||
</body>
|
||||
</html>`
|
||||
t, err := template.New("login").Parse(tpl)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
err = t.Execute(w, nil)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
}
|
||||
})
|
||||
t, err := template.New("login").Parse(tpl)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
err = t.Execute(w, nil)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
}
|
||||
} else {
|
||||
err := r.ParseMultipartForm(4 << 10)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
file, handler, err := r.FormFile("key")
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
http.HandleFunc("/jwt-profile-assertion", func(w http.ResponseWriter, r *http.Request) {
|
||||
r.ParseMultipartForm(32 << 20)
|
||||
file, handler, err := r.FormFile("key")
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
key, err := ioutil.ReadAll(file)
|
||||
fmt.Println(handler.Header)
|
||||
assertion, err := oidc.NewJWTProfileAssertionFromFileData(key, []string{issuer})
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
token, err := rp.JWTProfileExchange(ctx, assertion, provider)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
data, err := json.Marshal(token)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.Write(data)
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
key, err := ioutil.ReadAll(file)
|
||||
fmt.Println(handler.Header)
|
||||
assertion, err := oidc.NewJWTProfileAssertionFromFileData(key, []string{issuer})
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
token, err := rp.JWTProfileExchange(ctx, assertion, provider)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
data, err := json.Marshal(token)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.Write(data)
|
||||
})
|
||||
lis := fmt.Sprintf("127.0.0.1:%s", port)
|
||||
logrus.Infof("listening on http://%s/", lis)
|
||||
|
|
|
|||
|
|
@ -210,31 +210,18 @@ func (s *AuthStorage) AuthorizeClientIDSecret(_ context.Context, id string, _ st
|
|||
return nil
|
||||
}
|
||||
|
||||
func (s *AuthStorage) GetUserinfoFromToken(ctx context.Context, _, _ string) (*oidc.userinfo, error) {
|
||||
func (s *AuthStorage) GetUserinfoFromToken(ctx context.Context, _, _ string) (oidc.UserInfoSetter, error) {
|
||||
return s.GetUserinfoFromScopes(ctx, "", []string{})
|
||||
}
|
||||
func (s *AuthStorage) GetUserinfoFromScopes(_ context.Context, _ string, _ []string) (*oidc.userinfo, error) {
|
||||
return &oidc.userinfo{
|
||||
Subject: a.GetSubject(),
|
||||
Address: &oidc.UserinfoAddress{
|
||||
StreetAddress: "Hjkhkj 789\ndsf",
|
||||
},
|
||||
userinfoEmail: oidc.userinfoEmail{
|
||||
Email: "test",
|
||||
EmailVerified: true,
|
||||
},
|
||||
userinfoPhone: oidc.userinfoPhone{
|
||||
PhoneNumber: "sadsa",
|
||||
PhoneNumberVerified: true,
|
||||
},
|
||||
userinfoProfile: oidc.userinfoProfile{
|
||||
UpdatedAt: time.Now(),
|
||||
},
|
||||
// Claims: map[string]interface{}{
|
||||
// "test": "test",
|
||||
// "hkjh": "",
|
||||
// },
|
||||
}, nil
|
||||
func (s *AuthStorage) GetUserinfoFromScopes(_ context.Context, _ string, _ []string) (oidc.UserInfoSetter, error) {
|
||||
userinfo := oidc.NewUserInfo()
|
||||
userinfo.SetSubject(a.GetSubject())
|
||||
userinfo.SetAddress(oidc.NewUserInfoAddress("Test 789\nPostfach 2", "", "", "", "", ""))
|
||||
userinfo.SetEmail("test", true)
|
||||
userinfo.SetPhone("0791234567", true)
|
||||
userinfo.SetName("Test")
|
||||
userinfo.AppendClaims("private_claim", "test")
|
||||
return userinfo, nil
|
||||
}
|
||||
|
||||
type ConfClient struct {
|
||||
|
|
|
|||
|
|
@ -72,18 +72,18 @@ func (v *Verifier) VerifyIDToken(ctx context.Context, idToken string) (*oidc.IDT
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
type Sig struct{}
|
||||
type Sig struct {
|
||||
signer jose.Signer
|
||||
}
|
||||
|
||||
func (s *Sig) Signer() jose.Signer {
|
||||
return s.signer
|
||||
}
|
||||
|
||||
func (s *Sig) Health(ctx context.Context) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Sig) SignIDToken(*oidc.IDTokenClaims) (string, error) {
|
||||
return "", nil
|
||||
}
|
||||
func (s *Sig) SignAccessToken(*oidc.accessTokenClaims) (string, error) {
|
||||
return "", nil
|
||||
}
|
||||
func (s *Sig) SignatureAlgorithm() jose.SignatureAlgorithm {
|
||||
return jose.HS256
|
||||
}
|
||||
|
|
@ -92,9 +92,3 @@ func ExpectStorage(a op.Authorizer, t *testing.T) {
|
|||
mockA := a.(*MockAuthorizer)
|
||||
mockA.EXPECT().Storage().AnyTimes().Return(NewMockStorageAny(t))
|
||||
}
|
||||
|
||||
// func NewMockSignerAny(t *testing.T) op.Signer {
|
||||
// m := NewMockSigner(gomock.NewController(t))
|
||||
// m.EXPECT().Sign(gomock.Any()).AnyTimes().Return("", nil)
|
||||
// return m
|
||||
// }
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ package mock
|
|||
|
||||
import (
|
||||
context "context"
|
||||
oidc "github.com/caos/oidc/pkg/oidc"
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
jose "gopkg.in/square/go-jose.v2"
|
||||
reflect "reflect"
|
||||
|
|
@ -49,36 +48,6 @@ func (mr *MockSignerMockRecorder) Health(arg0 interface{}) *gomock.Call {
|
|||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Health", reflect.TypeOf((*MockSigner)(nil).Health), arg0)
|
||||
}
|
||||
|
||||
// SignAccessToken mocks base method
|
||||
func (m *MockSigner) SignAccessToken(arg0 *oidc.accessTokenClaims) (string, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "SignAccessToken", arg0)
|
||||
ret0, _ := ret[0].(string)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// SignAccessToken indicates an expected call of SignAccessToken
|
||||
func (mr *MockSignerMockRecorder) SignAccessToken(arg0 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SignAccessToken", reflect.TypeOf((*MockSigner)(nil).SignAccessToken), arg0)
|
||||
}
|
||||
|
||||
// SignIDToken mocks base method
|
||||
func (m *MockSigner) SignIDToken(arg0 *oidc.IDTokenClaims) (string, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "SignIDToken", arg0)
|
||||
ret0, _ := ret[0].(string)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// SignIDToken indicates an expected call of SignIDToken
|
||||
func (mr *MockSignerMockRecorder) SignIDToken(arg0 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SignIDToken", reflect.TypeOf((*MockSigner)(nil).SignIDToken), arg0)
|
||||
}
|
||||
|
||||
// SignatureAlgorithm mocks base method
|
||||
func (m *MockSigner) SignatureAlgorithm() jose.SignatureAlgorithm {
|
||||
m.ctrl.T.Helper()
|
||||
|
|
@ -92,3 +61,17 @@ func (mr *MockSignerMockRecorder) SignatureAlgorithm() *gomock.Call {
|
|||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SignatureAlgorithm", reflect.TypeOf((*MockSigner)(nil).SignatureAlgorithm))
|
||||
}
|
||||
|
||||
// Signer mocks base method
|
||||
func (m *MockSigner) Signer() jose.Signer {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "Signer")
|
||||
ret0, _ := ret[0].(jose.Signer)
|
||||
return ret0
|
||||
}
|
||||
|
||||
// Signer indicates an expected call of Signer
|
||||
func (mr *MockSignerMockRecorder) Signer() *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Signer", reflect.TypeOf((*MockSigner)(nil).Signer))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -184,10 +184,10 @@ func (mr *MockStorageMockRecorder) GetSigningKey(arg0, arg1, arg2, arg3 interfac
|
|||
}
|
||||
|
||||
// GetUserinfoFromScopes mocks base method
|
||||
func (m *MockStorage) GetUserinfoFromScopes(arg0 context.Context, arg1 string, arg2 []string) (*oidc.userinfo, error) {
|
||||
func (m *MockStorage) GetUserinfoFromScopes(arg0 context.Context, arg1 string, arg2 []string) (oidc.UserInfoSetter, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetUserinfoFromScopes", arg0, arg1, arg2)
|
||||
ret0, _ := ret[0].(*oidc.userinfo)
|
||||
ret0, _ := ret[0].(oidc.UserInfoSetter)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
|
@ -199,10 +199,10 @@ func (mr *MockStorageMockRecorder) GetUserinfoFromScopes(arg0, arg1, arg2 interf
|
|||
}
|
||||
|
||||
// GetUserinfoFromToken mocks base method
|
||||
func (m *MockStorage) GetUserinfoFromToken(arg0 context.Context, arg1, arg2 string) (*oidc.userinfo, error) {
|
||||
func (m *MockStorage) GetUserinfoFromToken(arg0 context.Context, arg1, arg2 string) (oidc.UserInfoSetter, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetUserinfoFromToken", arg0, arg1, arg2)
|
||||
ret0, _ := ret[0].(*oidc.userinfo)
|
||||
ret0, _ := ret[0].(oidc.UserInfoSetter)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,8 +10,6 @@ import (
|
|||
|
||||
type Signer interface {
|
||||
Health(ctx context.Context) error
|
||||
//SignIDToken(claims *oidc.IDTokenClaims) (string, error)
|
||||
//SignAccessToken(claims *oidc.AccessTokenClaims) (string, error)
|
||||
Signer() jose.Signer
|
||||
SignatureAlgorithm() jose.SignatureAlgorithm
|
||||
}
|
||||
|
|
@ -43,11 +41,6 @@ func (s *tokenSigner) Signer() jose.Signer {
|
|||
return s.signer
|
||||
}
|
||||
|
||||
//
|
||||
//func (s *tokenSigner) Sign(payload []byte) (*jose.JSONWebSignature, error) {
|
||||
// return s.signer.Sign(payload)
|
||||
//}
|
||||
|
||||
func (s *tokenSigner) refreshSigningKey(ctx context.Context, keyCh <-chan jose.SigningKey) {
|
||||
for {
|
||||
select {
|
||||
|
|
|
|||
|
|
@ -1,95 +0,0 @@
|
|||
package op
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"gopkg.in/square/go-jose.v2"
|
||||
)
|
||||
|
||||
// func TestNewDefaultSigner(t *testing.T) {
|
||||
// type args struct {
|
||||
// storage Storage
|
||||
// }
|
||||
// tests := []struct {
|
||||
// name string
|
||||
// args args
|
||||
// want Signer
|
||||
// wantErr bool
|
||||
// }{
|
||||
// {
|
||||
// "err initialize storage fails",
|
||||
// args{mock.NewMockStorageSigningKeyError(t)},
|
||||
// nil,
|
||||
// true,
|
||||
// },
|
||||
// {
|
||||
// "err initialize storage fails",
|
||||
// args{mock.NewMockStorageSigningKeyInvalid(t)},
|
||||
// nil,
|
||||
// true,
|
||||
// },
|
||||
// {
|
||||
// "initialize ok",
|
||||
// args{mock.NewMockStorageSigningKey(t)},
|
||||
// &idTokenSigner{Storage: mock.NewMockStorageSigningKey(t)},
|
||||
// false,
|
||||
// },
|
||||
// }
|
||||
// for _, tt := range tests {
|
||||
// t.Run(tt.name, func(t *testing.T) {
|
||||
// got, err := op.NewSigner(tt.args.storage)
|
||||
// if (err != nil) != tt.wantErr {
|
||||
// t.Errorf("NewSigner() error = %v, wantErr %v", err, tt.wantErr)
|
||||
// return
|
||||
// }
|
||||
// if !reflect.DeepEqual(got, tt.want) {
|
||||
// t.Errorf("NewSigner() = %v, want %v", got, tt.want)
|
||||
// }
|
||||
// })
|
||||
// }
|
||||
// }
|
||||
|
||||
func Test_idTokenSigner_Sign(t *testing.T) {
|
||||
signer, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.HS256, Key: []byte("key")}, &jose.SignerOptions{})
|
||||
require.NoError(t, err)
|
||||
|
||||
type fields struct {
|
||||
signer jose.Signer
|
||||
storage Storage
|
||||
}
|
||||
type args struct {
|
||||
payload []byte
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
fields fields
|
||||
args args
|
||||
want string
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
"ok",
|
||||
fields{signer, nil},
|
||||
args{[]byte("test")},
|
||||
"eyJhbGciOiJIUzI1NiJ9.dGVzdA.SxYZRsvB_Dr4F7SEFuYXvkMZqCCwzpsPOQXl-vLPEww",
|
||||
false,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
s := &tokenSigner{
|
||||
signer: tt.fields.signer,
|
||||
storage: tt.fields.storage,
|
||||
}
|
||||
got, err := s.Sign(tt.args.payload)
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("idTokenSigner.Sign() error = %v, wantErr %v", err, tt.wantErr)
|
||||
return
|
||||
}
|
||||
if got != tt.want {
|
||||
t.Errorf("idTokenSigner.Sign() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue