From 399f3da8c1c44731e31f29d458da9bd1c339936a Mon Sep 17 00:00:00 2001 From: Maximilian Mitchell Date: Sat, 1 Aug 2020 14:54:36 +0100 Subject: [PATCH] rename User ID Key to User ID Path --- internal/config.go | 6 ++---- internal/provider/generic_oauth.go | 4 ++-- internal/provider/google.go | 6 +++--- internal/provider/oidc.go | 1 - internal/provider/providers.go | 17 ++++++++--------- internal/server.go | 2 +- 6 files changed, 16 insertions(+), 20 deletions(-) diff --git a/internal/config.go b/internal/config.go index a13ee30e..05d6a92b 100644 --- a/internal/config.go +++ b/internal/config.go @@ -38,7 +38,7 @@ type Config struct { MatchWhitelistOrDomain bool `long:"match-whitelist-or-domain" env:"MATCH_WHITELIST_OR_DOMAIN" description:"Allow users that match *either* whitelist or domain (enabled by default in v3)"` Path string `long:"url-path" env:"URL_PATH" default:"/_oauth" description:"Callback URL Path"` SecretString string `long:"secret" env:"SECRET" description:"Secret used for signing (required)" json:"-"` - UserIDKey string `long:"user-id-key" env:"USER_ID_KEY" default:"email" description:"Key used to grab the UserID for use in whitelist and X-Forwarded-User"` + UserIDPath string `long:"user-id-path" env:"USER_ID_PATH" default:"email" description:"Dot notation path of a UserID for use with whitelist and X-Forwarded-User"` Whitelist CommaSeparatedList `long:"whitelist" env:"WHITELIST" env-delim:"," description:"Only allow given email addresses, comma delimited, can be set multiple times"` Providers provider.Providers `group:"providers" namespace:"providers" env-namespace:"PROVIDERS"` @@ -318,9 +318,7 @@ func (c *Config) setupProvider(name string) error { } // Setup - err = p.Setup() - - if err != nil { + if err := p.Setup(); err != nil { return err } diff --git a/internal/provider/generic_oauth.go b/internal/provider/generic_oauth.go index bcd35057..f61c630b 100644 --- a/internal/provider/generic_oauth.go +++ b/internal/provider/generic_oauth.go @@ -66,7 +66,7 @@ func (o *GenericOAuth) ExchangeCode(redirectURI, code string) (string, error) { } // GetUser uses the given token and returns a UserID -func (o *GenericOAuth) GetUser(token, userIDKey string) (UserID, error) { +func (o *GenericOAuth) GetUser(token, userIDPath string) (UserID, error) { req, err := http.NewRequest("GET", o.UserURL, nil) if err != nil { return "", err @@ -87,5 +87,5 @@ func (o *GenericOAuth) GetUser(token, userIDKey string) (UserID, error) { } defer res.Body.Close() - return GetUserID(res.Body, userIDKey) + return GetUserID(res.Body, userIDPath) } diff --git a/internal/provider/google.go b/internal/provider/google.go index 08c391d4..ac73da5f 100644 --- a/internal/provider/google.go +++ b/internal/provider/google.go @@ -92,8 +92,8 @@ func (g *Google) ExchangeCode(redirectURI, code string) (string, error) { return token.Token, err } -// GetUser uses the given token and returns a userID -func (g *Google) GetUser(token, userIDKey string) (UserID, error) { +// GetUser uses the given token and returns a userID located at the json path +func (g *Google) GetUser(token, userIDPath string) (UserID, error) { client := &http.Client{} req, err := http.NewRequest("GET", g.UserURL.String(), nil) if err != nil { @@ -107,5 +107,5 @@ func (g *Google) GetUser(token, userIDKey string) (UserID, error) { } defer res.Body.Close() - return GetUserID(res.Body, userIDKey) + return GetUserID(res.Body, userIDPath) } diff --git a/internal/provider/oidc.go b/internal/provider/oidc.go index 17879141..57faf2cf 100644 --- a/internal/provider/oidc.go +++ b/internal/provider/oidc.go @@ -81,7 +81,6 @@ func (o *OIDC) ExchangeCode(redirectURI, code string) (string, error) { // GetUser uses the given token and returns a complete provider.User object func (o *OIDC) GetUser(token, _ string) (UserID, error) { - // Parse & Verify ID Token idToken, err := o.verifier.Verify(o.ctx, token) if err != nil { diff --git a/internal/provider/providers.go b/internal/provider/providers.go index f44da35c..30fc3269 100644 --- a/internal/provider/providers.go +++ b/internal/provider/providers.go @@ -23,7 +23,7 @@ type Provider interface { Name() string GetLoginURL(redirectURI, state string) string ExchangeCode(redirectURI, code string) (string, error) - GetUser(token, userIDKey string) (string, error) + GetUser(token, userIDPath string) (string, error) Setup() error } @@ -36,21 +36,20 @@ type User struct { Email string `json:"email"` } +// UserID is a type used to represent a uniquely identified user type UserID = string -func GetUserID(r io.Reader, key string) (UserID, error) { - jsonParsed, err := gabs.ParseJSONBuffer(r) +// GetUserID extracts a UserID located at the (dot notation) path (userIDPath) in the json io.Reader +func GetUserID(r io.Reader, userIDPath string) (UserID, error) { + json, err := gabs.ParseJSONBuffer(r) if err != nil { return "", err } - return GetKeyDataFromJson(jsonParsed, key) -} -func GetKeyDataFromJson(json *gabs.Container, key string) (UserID, error) { - if !json.ExistsP(key) { - return "", errors.New("Invalid User ID Key: " + key + " in json:" + string(json.Bytes())) + if !json.ExistsP(userIDPath) { + return "", errors.New("Invalid User ID Path: " + userIDPath + " in json:" + string(json.Bytes())) } - return fmt.Sprintf("%v", json.Path(key).Data()), nil + return fmt.Sprintf("%v", json.Path(userIDPath).Data()), nil } // OAuthProvider is a provider using the oauth2 library diff --git a/internal/server.go b/internal/server.go index e7d0d037..4935f0c5 100644 --- a/internal/server.go +++ b/internal/server.go @@ -164,7 +164,7 @@ func (s *Server) AuthCallbackHandler() http.HandlerFunc { } // Get user - user, err := p.GetUser(token, config.UserIDKey) + user, err := p.GetUser(token, config.UserIDPath) if err != nil { logger.WithField("error", err).Error("Error getting user") http.Error(w, "Service unavailable", 503)