diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/app.go | 3 | ||||
| -rw-r--r-- | app/init.go | 5 | ||||
| -rw-r--r-- | app/middleware/id_token.go | 5 | ||||
| -rw-r--r-- | app/middleware/id_token_test.go | 12 |
4 files changed, 10 insertions, 15 deletions
@@ -14,7 +14,6 @@ import ( "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/controllers/sparkles" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/middleware" - "golang.org/x/oauth2" ) type Mountable interface { @@ -40,7 +39,7 @@ func New(rootDir string) http.Handler { users := ioc.MustResolve[domain.Repository[*domain.User]](ioc.Default) chain := middleware.IDToken( ioc.MustResolve[*oidc.Provider](ioc.Default), - ioc.MustResolve[*oauth2.Config](ioc.Default), + ioc.MustResolve[*oidc.Config](ioc.Default), middleware.FromCookie(cfg.IDTokenCookie), )(middleware.User(users)(mux)) return log.HTTP(logger)(chain) diff --git a/app/init.go b/app/init.go index a087103..045b496 100644 --- a/app/init.go +++ b/app/init.go @@ -54,6 +54,11 @@ func init() { ioc.MustResolve[*zerolog.Logger](ioc.Default).Err(err).Send() }) }) + ioc.Register[*oidc.Config](ioc.Default, func() *oidc.Config { + return &oidc.Config{ + ClientID: cfg.OAuthClientID, + } + }) ioc.Register[*oauth2.Config](ioc.Default, func() *oauth2.Config { return &oauth2.Config{ ClientID: cfg.OAuthClientID, diff --git a/app/middleware/id_token.go b/app/middleware/id_token.go index bfc6289..8084af0 100644 --- a/app/middleware/id_token.go +++ b/app/middleware/id_token.go @@ -9,16 +9,15 @@ import ( xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" - "golang.org/x/oauth2" ) -func IDToken(provider *oidc.Provider, config *oauth2.Config, parsers ...TokenParser) func(http.Handler) http.Handler { +func IDToken(provider *oidc.Provider, config *oidc.Config, parsers ...TokenParser) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { for _, parser := range parsers { rawIDToken := parser(r) if x.IsPresent(rawIDToken) { - verifier := provider.VerifierContext(r.Context(), &oidc.Config{ClientID: config.ClientID}) + verifier := provider.VerifierContext(r.Context(), config) idToken, err := verifier.Verify(r.Context(), rawIDToken.String()) if err != nil { diff --git a/app/middleware/id_token_test.go b/app/middleware/id_token_test.go index 9b96a50..5487ada 100644 --- a/app/middleware/id_token_test.go +++ b/app/middleware/id_token_test.go @@ -4,7 +4,7 @@ import ( "net/http" "testing" - xoidc "github.com/coreos/go-oidc/v3/oidc" + "github.com/coreos/go-oidc/v3/oidc" "github.com/oauth2-proxy/mockoidc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -12,21 +12,13 @@ import ( "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" - "golang.org/x/oauth2" ) func TestIDToken(t *testing.T) { srv := web.NewOIDCServer(t) defer srv.Close() - config := &oauth2.Config{ - ClientID: srv.MockOIDC.ClientID, - ClientSecret: srv.MockOIDC.ClientSecret, - RedirectURL: "https://example.com/oauth/callback", - Endpoint: srv.Provider.Endpoint(), - Scopes: []string{xoidc.ScopeOpenID, "profile", "email"}, - } - middleware := IDToken(srv.Provider, config, FromCookie(cfg.IDTokenCookie)) + middleware := IDToken(srv.Provider, &oidc.Config{ClientID: srv.MockOIDC.ClientID}, FromCookie(cfg.IDTokenCookie)) t.Run("when an active id_token cookie is provided", func(t *testing.T) { t.Run("attaches the token to the request context", func(t *testing.T) { |