Merge branch 'main' into op

2021-09-27 08:17:20 +02:00 · 2021-09-27 08:17:20 +02:00 · f90e685c76
commit f90e685c76
parent 07c9890c95 a63fbee93d
17 changed files with 706 additions and 52 deletions
--- a/pkg/op/config.go
+++ b/pkg/op/config.go
@ -4,7 +4,6 @@ import (
 	"errors"
 	"net/url"
 	"os"
-	"strings"

 	"golang.org/x/text/language"
 )
@ -57,9 +56,5 @@ func devLocalAllowed(url *url.URL) bool {
 	if !b {
 		return b
 	}
-	return url.Scheme == "http" &&
-		url.Host == "localhost" ||
-		url.Host == "127.0.0.1" ||
-		url.Host == "::1" ||
-		strings.HasPrefix(url.Host, "localhost:")
+	return url.Scheme == "http"
 }
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@ -2,7 +2,7 @@ package op

 import (
 	"context"
-	"errors"
+	"fmt"
 	"net/http"
 	"time"

@ -279,12 +279,12 @@ type openIDKeySet struct {
 func (o *openIDKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) ([]byte, error) {
 	keySet, err := o.Storage.GetKeySet(ctx)
 	if err != nil {
-		return nil, errors.New("error fetching keys")
+		return nil, fmt.Errorf("error fetching keys: %w", err)
 	}
 	keyID, alg := oidc.GetKeyIDAndAlg(jws)
-	key, ok := oidc.FindKey(keyID, oidc.KeyUseSignature, alg, keySet.Keys...)
-	if !ok {
-		return nil, errors.New("invalid kid")
+	key, err := oidc.FindMatchingKey(keyID, oidc.KeyUseSignature, alg, keySet.Keys...)
+	if err != nil {
+		return nil, fmt.Errorf("invalid signature: %w", err)
 	}
 	return jws.Verify(&key)
 }