summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/app.go3
-rw-r--r--app/controllers/sessions/controller.go2
-rw-r--r--pkg/oidc/id_token.go4
-rw-r--r--pkg/oidc/tokens.go2
-rw-r--r--pkg/oidc/tokens_test.go2
-rw-r--r--pkg/web/middleware/enforce_authn.go1
-rw-r--r--pkg/web/middleware/enforce_authn_test.go11
-rw-r--r--pkg/web/middleware/id_token.go (renamed from pkg/web/middleware/unpack_token.go)8
-rw-r--r--pkg/web/middleware/id_token_test.go (renamed from pkg/web/middleware/unpack_token_test.go)6
9 files changed, 14 insertions, 25 deletions
diff --git a/app/app.go b/app/app.go
index 8ccb71b..6dc9d4a 100644
--- a/app/app.go
+++ b/app/app.go
@@ -34,5 +34,6 @@ func New(rootDir string) http.Handler {
logger := ioc.MustResolve[*zerolog.Logger](ioc.Default)
oidc := ioc.MustResolve[*oidc.OpenID](ioc.Default)
- return log.HTTP(logger)(middleware.UnpackToken(oidc)(mux))
+
+ return log.HTTP(logger)(middleware.IDToken(oidc)(mux))
}
diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go
index 7993b3a..050a22d 100644
--- a/app/controllers/sessions/controller.go
+++ b/app/controllers/sessions/controller.go
@@ -44,7 +44,7 @@ func (c *Controller) Create(w http.ResponseWriter, r *http.Request) {
tokens := &oidc.Tokens{Token: token}
if rawIDToken, ok := token.Extra("id_token").(string); ok {
- tokens.IDToken = oidc.RawIDToken(rawIDToken)
+ tokens.IDToken = oidc.RawToken(rawIDToken)
}
encoded, err := tokens.ToBase64String()
diff --git a/pkg/oidc/id_token.go b/pkg/oidc/id_token.go
index e53b0a1..e708eb3 100644
--- a/pkg/oidc/id_token.go
+++ b/pkg/oidc/id_token.go
@@ -4,8 +4,8 @@ import "github.com/coreos/go-oidc/v3/oidc"
type IDToken = oidc.IDToken
-type RawIDToken string
+type RawToken string
-func (r RawIDToken) String() string {
+func (r RawToken) String() string {
return string(r)
}
diff --git a/pkg/oidc/tokens.go b/pkg/oidc/tokens.go
index 908e3a7..70d3a3d 100644
--- a/pkg/oidc/tokens.go
+++ b/pkg/oidc/tokens.go
@@ -11,7 +11,7 @@ import (
type Tokens struct {
*oauth2.Token
- IDToken RawIDToken `json:"id_token"`
+ IDToken RawToken `json:"id_token"`
}
func (t *Tokens) ToBase64String() (string, error) {
diff --git a/pkg/oidc/tokens_test.go b/pkg/oidc/tokens_test.go
index 83eecc6..42c470d 100644
--- a/pkg/oidc/tokens_test.go
+++ b/pkg/oidc/tokens_test.go
@@ -66,7 +66,7 @@ func TestTokens(t *testing.T) {
assert.Equal(t, "Bearer", result.TokenType)
assert.Equal(t, "refresh_token", result.RefreshToken)
assert.Equal(t, int64(3600), result.ExpiresIn)
- assert.Equal(t, RawIDToken("eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g"), result.IDToken)
+ assert.Equal(t, RawToken("eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g"), result.IDToken)
})
})
}
diff --git a/pkg/web/middleware/enforce_authn.go b/pkg/web/middleware/enforce_authn.go
deleted file mode 100644
index c870d7c..0000000
--- a/pkg/web/middleware/enforce_authn.go
+++ /dev/null
@@ -1 +0,0 @@
-package middleware
diff --git a/pkg/web/middleware/enforce_authn_test.go b/pkg/web/middleware/enforce_authn_test.go
deleted file mode 100644
index 285db5b..0000000
--- a/pkg/web/middleware/enforce_authn_test.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package middleware
-
-import "testing"
-
-func TestEnforceAuthn(t *testing.T) {
- t.Run("when an active session cookie is provided", func(t *testing.T) {
- t.Run("attaches a user to the request context", func(t *testing.T) {
-
- })
- })
-}
diff --git a/pkg/web/middleware/unpack_token.go b/pkg/web/middleware/id_token.go
index 0b182a0..a32c77b 100644
--- a/pkg/web/middleware/unpack_token.go
+++ b/pkg/web/middleware/id_token.go
@@ -9,9 +9,9 @@ import (
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
)
-type TokenParser func(*http.Request) oidc.RawIDToken
+type TokenParser func(*http.Request) oidc.RawToken
-func FromSessionCookie(r *http.Request) oidc.RawIDToken {
+func IDTokenFromSessionCookie(r *http.Request) oidc.RawToken {
cookies := r.CookiesNamed("session")
if len(cookies) != 1 {
@@ -27,8 +27,8 @@ func FromSessionCookie(r *http.Request) oidc.RawIDToken {
return tokens.IDToken
}
-func UnpackToken(cfg *oidc.OpenID) func(http.Handler) http.Handler {
- parsers := []TokenParser{FromSessionCookie}
+func IDToken(cfg *oidc.OpenID) func(http.Handler) http.Handler {
+ parsers := []TokenParser{IDTokenFromSessionCookie}
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
diff --git a/pkg/web/middleware/unpack_token_test.go b/pkg/web/middleware/id_token_test.go
index 116e88f..4f26cdf 100644
--- a/pkg/web/middleware/unpack_token_test.go
+++ b/pkg/web/middleware/id_token_test.go
@@ -20,7 +20,7 @@ import (
"golang.org/x/oauth2"
)
-func TestUnpackToken(t *testing.T) {
+func TestIDToken(t *testing.T) {
srv := test.NewOIDCServer(t)
defer srv.Close()
@@ -36,14 +36,14 @@ func TestUnpackToken(t *testing.T) {
)
require.NoError(t, err)
- middleware := UnpackToken(openID)
+ middleware := IDToken(openID)
t.Run("when an active session cookie is provided", func(t *testing.T) {
t.Run("attaches the token to the request context", func(t *testing.T) {
user := mockoidc.DefaultUser()
token, rawIDToken := srv.CreateTokensFor(user)
- tokens := &oidc.Tokens{Token: token, IDToken: oidc.RawIDToken(rawIDToken)}
+ tokens := &oidc.Tokens{Token: token, IDToken: oidc.RawToken(rawIDToken)}
encoded := x.Must(tokens.ToBase64String())
server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 08:39:20 +0000