forked from mystiq/dex
*: update go-oidc and use standard library's context package
This commit is contained in:
Eric Chiang
parent
3e5480a859
commit
777eeafabc
16 changed files with 33 additions and 29 deletions
|
|
@ -1,6 +1,7 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
|
|
@ -15,7 +16,6 @@ import (
|
|||
"github.com/Sirupsen/logrus"
|
||||
"github.com/ghodss/yaml"
|
||||
"github.com/spf13/cobra"
|
||||
"golang.org/x/net/context"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/credentials"
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package main
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/json"
|
||||
|
|
@ -19,7 +20,6 @@ import (
|
|||
|
||||
"github.com/coreos/go-oidc"
|
||||
"github.com/spf13/cobra"
|
||||
"golang.org/x/net/context"
|
||||
"golang.org/x/oauth2"
|
||||
)
|
||||
|
||||
|
|
@ -175,7 +175,7 @@ func cmd() *cobra.Command {
|
|||
}
|
||||
|
||||
a.provider = provider
|
||||
a.verifier = provider.Verifier(oidc.VerifyAudience(a.clientID))
|
||||
a.verifier = provider.Verifier(&oidc.Config{ClientID: a.clientID})
|
||||
|
||||
http.HandleFunc("/", a.handleIndex)
|
||||
http.HandleFunc("/login", a.handleLogin)
|
||||
|
|
|
|||
|
|
@ -2,9 +2,8 @@
|
|||
package connector
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
)
|
||||
|
||||
// Connector is a mechanism for federating login to a remote identity service.
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
package github
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
|
@ -10,7 +11,6 @@ import (
|
|||
"regexp"
|
||||
"strconv"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
"golang.org/x/oauth2"
|
||||
"golang.org/x/oauth2/github"
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
package gitlab
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
|
@ -12,7 +13,6 @@ import (
|
|||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/coreos/dex/connector"
|
||||
"golang.org/x/net/context"
|
||||
"golang.org/x/oauth2"
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
package ldap
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/json"
|
||||
|
|
@ -9,7 +10,6 @@ import (
|
|||
"io/ioutil"
|
||||
"net"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
"gopkg.in/ldap.v2"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
|
|
|
|||
|
|
@ -2,13 +2,12 @@
|
|||
package mock
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/coreos/dex/connector"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -2,13 +2,13 @@
|
|||
package oidc
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/coreos/go-oidc"
|
||||
"golang.org/x/net/context"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"github.com/coreos/dex/connector"
|
||||
|
|
@ -53,10 +53,10 @@ func (c *Config) Open(logger logrus.FieldLogger) (conn connector.Connector, err
|
|||
RedirectURL: c.RedirectURI,
|
||||
},
|
||||
verifier: provider.Verifier(
|
||||
oidc.VerifyExpiry(),
|
||||
oidc.VerifyAudience(clientID),
|
||||
&oidc.Config{ClientID: clientID},
|
||||
),
|
||||
logger: logger,
|
||||
cancel: cancel,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -35,7 +35,6 @@ import:
|
|||
version: 6a513affb38dc9788b449d59ffed099b8de18fa0
|
||||
subpackages:
|
||||
- context
|
||||
- context/ctxhttp
|
||||
- http2
|
||||
- http2/hpack
|
||||
- internal/timeseries
|
||||
|
|
@ -68,7 +67,7 @@ import:
|
|||
|
||||
# Used for server integration tests and OpenID Connect connector.
|
||||
- package: github.com/coreos/go-oidc
|
||||
version: 2b5d73091ea4b7ddb15e3ac00077f153120b5b61
|
||||
version: be73733bb8cc830d0205609b95d125215f8e9c70
|
||||
- package: github.com/pquerna/cachecontrol
|
||||
version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
|
||||
- package: golang.org/x/oauth2
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@ import (
|
|||
"fmt"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
|
||||
// go-grpc doesn't use the standard library's context.
|
||||
// https://github.com/grpc/grpc-go/issues/711
|
||||
"golang.org/x/net/context"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
|
|
|
|||
|
|
@ -1,11 +1,10 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
)
|
||||
|
||||
func TestHandleHealth(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"encoding/hex"
|
||||
|
|
@ -9,7 +10,6 @@ import (
|
|||
"io"
|
||||
"time"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
"gopkg.in/square/go-jose.v2"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
|
@ -10,7 +11,6 @@ import (
|
|||
"time"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"golang.org/x/net/context"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/gorilla/handlers"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/json"
|
||||
|
|
@ -24,7 +25,6 @@ import (
|
|||
oidc "github.com/coreos/go-oidc"
|
||||
"github.com/kylelemons/godebug/pretty"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"golang.org/x/net/context"
|
||||
"golang.org/x/oauth2"
|
||||
jose "gopkg.in/square/go-jose.v2"
|
||||
|
||||
|
|
@ -175,6 +175,8 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
|||
// Connector used by the tests.
|
||||
var conn *mock.Callback
|
||||
|
||||
oidcConfig := &oidc.Config{SkipClientIDCheck: true}
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
// If specified these set of scopes will be used during the test case.
|
||||
|
|
@ -189,7 +191,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
|||
if !ok {
|
||||
return fmt.Errorf("no id token found")
|
||||
}
|
||||
if _, err := p.Verifier().Verify(ctx, idToken); err != nil {
|
||||
if _, err := p.Verifier(oidcConfig).Verify(ctx, idToken); err != nil {
|
||||
return fmt.Errorf("failed to verify id token: %v", err)
|
||||
}
|
||||
return nil
|
||||
|
|
@ -212,7 +214,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
|||
if !ok {
|
||||
return fmt.Errorf("no id token found")
|
||||
}
|
||||
idToken, err := p.Verifier().Verify(ctx, rawIDToken)
|
||||
idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to verify id token: %v", err)
|
||||
}
|
||||
|
|
@ -229,7 +231,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
|||
if !ok {
|
||||
return fmt.Errorf("no id token found")
|
||||
}
|
||||
idToken, err := p.Verifier().Verify(ctx, rawIDToken)
|
||||
idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to verify id token: %v", err)
|
||||
}
|
||||
|
|
@ -391,7 +393,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
|||
if !ok {
|
||||
return fmt.Errorf("no id_token in refreshed token")
|
||||
}
|
||||
idToken, err := p.Verifier().Verify(ctx, rawIDToken)
|
||||
idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to verify id token: %v", err)
|
||||
}
|
||||
|
|
@ -632,7 +634,10 @@ func TestOAuth2ImplicitFlow(t *testing.T) {
|
|||
|
||||
src := &nonceSource{nonce: nonce}
|
||||
|
||||
idTokenVerifier := p.Verifier(oidc.VerifyAudience(client.ID), oidc.VerifyNonce(src))
|
||||
idTokenVerifier := p.Verifier(&oidc.Config{
|
||||
ClientID: client.ID,
|
||||
ClaimNonce: src.ClaimNonce,
|
||||
})
|
||||
|
||||
oauth2Config = &oauth2.Config{
|
||||
ClientID: client.ID,
|
||||
|
|
@ -749,7 +754,7 @@ func TestCrossClientScopes(t *testing.T) {
|
|||
t.Errorf("no id token found: %v", err)
|
||||
return
|
||||
}
|
||||
idToken, err := p.Verifier().Verify(ctx, rawIDToken)
|
||||
idToken, err := p.Verifier(&oidc.Config{ClientID: testClientID}).Verify(ctx, rawIDToken)
|
||||
if err != nil {
|
||||
t.Errorf("failed to parse ID Token: %v", err)
|
||||
return
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package kubernetes
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/base32"
|
||||
|
|
@ -24,7 +25,6 @@ import (
|
|||
"github.com/Sirupsen/logrus"
|
||||
"github.com/ghodss/yaml"
|
||||
"github.com/gtank/cryptopasta"
|
||||
"golang.org/x/net/context"
|
||||
"golang.org/x/net/http2"
|
||||
|
||||
"github.com/coreos/dex/storage"
|
||||
|
|
|
|||
|
|
@ -1,13 +1,12 @@
|
|||
package kubernetes
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/coreos/dex/storage"
|
||||
"github.com/coreos/dex/storage/kubernetes/k8sapi"
|
||||
|
|
@ -85,6 +84,7 @@ func (c *Config) open(logger logrus.FieldLogger, errOnTPRs bool) (*client, error
|
|||
|
||||
if !cli.createThirdPartyResources() {
|
||||
if errOnTPRs {
|
||||
cancel()
|
||||
return nil, fmt.Errorf("failed creating third party resources")
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue