diff options
| -rw-r--r-- | app/controllers/sessions/controller.go | 2 | ||||
| -rw-r--r-- | pkg/oidc/id_token.go | 6 | ||||
| -rw-r--r-- | pkg/oidc/tokens.go | 2 | ||||
| -rw-r--r-- | pkg/oidc/tokens_test.go | 2 | ||||
| -rw-r--r-- | pkg/web/middleware/unpack_token.go | 8 | ||||
| -rw-r--r-- | pkg/web/middleware/unpack_token_test.go | 2 |
6 files changed, 14 insertions, 8 deletions
diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go index e03cdfb..7993b3a 100644 --- a/app/controllers/sessions/controller.go +++ b/app/controllers/sessions/controller.go @@ -44,7 +44,7 @@ func (c *Controller) Create(w http.ResponseWriter, r *http.Request) { tokens := &oidc.Tokens{Token: token} if rawIDToken, ok := token.Extra("id_token").(string); ok { - tokens.IDToken = rawIDToken + tokens.IDToken = oidc.RawIDToken(rawIDToken) } encoded, err := tokens.ToBase64String() diff --git a/pkg/oidc/id_token.go b/pkg/oidc/id_token.go index b7f21ce..e53b0a1 100644 --- a/pkg/oidc/id_token.go +++ b/pkg/oidc/id_token.go @@ -3,3 +3,9 @@ package oidc import "github.com/coreos/go-oidc/v3/oidc" type IDToken = oidc.IDToken + +type RawIDToken string + +func (r RawIDToken) String() string { + return string(r) +} diff --git a/pkg/oidc/tokens.go b/pkg/oidc/tokens.go index 7ff3c07..908e3a7 100644 --- a/pkg/oidc/tokens.go +++ b/pkg/oidc/tokens.go @@ -11,7 +11,7 @@ import ( type Tokens struct { *oauth2.Token - IDToken string `json:"id_token"` + IDToken RawIDToken `json:"id_token"` } func (t *Tokens) ToBase64String() (string, error) { diff --git a/pkg/oidc/tokens_test.go b/pkg/oidc/tokens_test.go index a7c5e13..83eecc6 100644 --- a/pkg/oidc/tokens_test.go +++ b/pkg/oidc/tokens_test.go @@ -66,7 +66,7 @@ func TestTokens(t *testing.T) { assert.Equal(t, "Bearer", result.TokenType) assert.Equal(t, "refresh_token", result.RefreshToken) assert.Equal(t, int64(3600), result.ExpiresIn) - assert.Equal(t, "eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g", result.IDToken) + assert.Equal(t, RawIDToken("eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g"), result.IDToken) }) }) } diff --git a/pkg/web/middleware/unpack_token.go b/pkg/web/middleware/unpack_token.go index d31f9cc..0b182a0 100644 --- a/pkg/web/middleware/unpack_token.go +++ b/pkg/web/middleware/unpack_token.go @@ -9,9 +9,9 @@ import ( "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" ) -type TokenParser func(*http.Request) string +type TokenParser func(*http.Request) oidc.RawIDToken -func fromSessionCookie(r *http.Request) string { +func FromSessionCookie(r *http.Request) oidc.RawIDToken { cookies := r.CookiesNamed("session") if len(cookies) != 1 { @@ -28,7 +28,7 @@ func fromSessionCookie(r *http.Request) string { } func UnpackToken(cfg *oidc.OpenID) func(http.Handler) http.Handler { - parsers := []TokenParser{fromSessionCookie} + parsers := []TokenParser{FromSessionCookie} return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -36,7 +36,7 @@ func UnpackToken(cfg *oidc.OpenID) func(http.Handler) http.Handler { rawIDToken := parser(r) if !x.IsZero(rawIDToken) { verifier := cfg.Provider.VerifierContext(r.Context(), cfg.OIDCConfig) - idToken, err := verifier.Verify(r.Context(), rawIDToken) + idToken, err := verifier.Verify(r.Context(), rawIDToken.String()) if err != nil { log.WithFields(r.Context(), log.Fields{"error": err}) } else { diff --git a/pkg/web/middleware/unpack_token_test.go b/pkg/web/middleware/unpack_token_test.go index f2250bc..116e88f 100644 --- a/pkg/web/middleware/unpack_token_test.go +++ b/pkg/web/middleware/unpack_token_test.go @@ -43,7 +43,7 @@ func TestUnpackToken(t *testing.T) { user := mockoidc.DefaultUser() token, rawIDToken := srv.CreateTokensFor(user) - tokens := &oidc.Tokens{Token: token, IDToken: rawIDToken} + tokens := &oidc.Tokens{Token: token, IDToken: oidc.RawIDToken(rawIDToken)} encoded := x.Must(tokens.ToBase64String()) server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |