forked from mystiq/dex
Merge pull request #715 from ericchiang/update-go-oidc
*: update vendored go-oidc
This commit is contained in:
commit
936816af55
9 changed files with 55 additions and 41 deletions
6
glide.lock
generated
6
glide.lock
generated
|
@ -1,12 +1,12 @@
|
|||
hash: c3530f2a60a64c2efc4c3ac499fcd15f79de2a532715ba2b9841c1d404942b2e
|
||||
updated: 2016-11-17T15:18:56.701287533-08:00
|
||||
hash: 773c45cb2136423f907496cc1ba67e0c58b35e237b15b0d5f212dce598265442
|
||||
updated: 2016-12-01T13:12:54.401738528-08:00
|
||||
imports:
|
||||
- name: github.com/cockroachdb/cockroach-go
|
||||
version: 31611c0501c812f437d4861d87d117053967c955
|
||||
subpackages:
|
||||
- crdb
|
||||
- name: github.com/coreos/go-oidc
|
||||
version: 5a7f09ab5787e846efa7f56f4a08b6d6926d08c4
|
||||
version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1
|
||||
- name: github.com/ghodss/yaml
|
||||
version: bea76d6a4713e18b7f5321a2b020738552def3ea
|
||||
- name: github.com/go-sql-driver/mysql
|
||||
|
|
|
@ -51,7 +51,7 @@ import:
|
|||
- bcrypt
|
||||
|
||||
- package: github.com/coreos/go-oidc
|
||||
version: 5a7f09ab5787e846efa7f56f4a08b6d6926d08c4
|
||||
version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1
|
||||
- package: github.com/pquerna/cachecontrol
|
||||
version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
|
||||
- package: golang.org/x/oauth2
|
||||
|
|
2
vendor/github.com/coreos/go-oidc/.travis.yml
generated
vendored
2
vendor/github.com/coreos/go-oidc/.travis.yml
generated
vendored
|
@ -5,7 +5,7 @@ go:
|
|||
- 1.6.3
|
||||
|
||||
install:
|
||||
- go get -v -t github.com/coreos/go-oidc
|
||||
- go get -v -t github.com/coreos/go-oidc/...
|
||||
- go get golang.org/x/tools/cmd/cover
|
||||
- go get github.com/golang/lint/golint
|
||||
|
||||
|
|
4
vendor/github.com/coreos/go-oidc/jose/jwk.go
generated
vendored
4
vendor/github.com/coreos/go-oidc/jose/jwk.go
generated
vendored
|
@ -104,7 +104,7 @@ func encodeExponent(e int) string {
|
|||
break
|
||||
}
|
||||
}
|
||||
return base64.URLEncoding.EncodeToString(b[idx:])
|
||||
return base64.RawURLEncoding.EncodeToString(b[idx:])
|
||||
}
|
||||
|
||||
// Turns a URL encoded modulus of a key into a big int.
|
||||
|
@ -119,7 +119,7 @@ func decodeModulus(n string) (*big.Int, error) {
|
|||
}
|
||||
|
||||
func encodeModulus(n *big.Int) string {
|
||||
return base64.URLEncoding.EncodeToString(n.Bytes())
|
||||
return base64.RawURLEncoding.EncodeToString(n.Bytes())
|
||||
}
|
||||
|
||||
// decodeBase64URLPaddingOptional decodes Base64 whether there is padding or not.
|
||||
|
|
53
vendor/github.com/coreos/go-oidc/jwks.go
generated
vendored
53
vendor/github.com/coreos/go-oidc/jwks.go
generated
vendored
|
@ -39,38 +39,39 @@ type remoteKeySet struct {
|
|||
// guard all other fields
|
||||
mu sync.Mutex
|
||||
|
||||
// inflightCtx is the context of the current HTTP request to update the keys.
|
||||
// Its Err() method returns any errors encountered during that attempt.
|
||||
// inflightCtx suppresses parallel execution of updateKeys and allows
|
||||
// multiple goroutines to wait for its result.
|
||||
// Its Err() method returns any errors encountered during updateKeys.
|
||||
//
|
||||
// If nil, there is no inflight request.
|
||||
inflightCtx context.Context
|
||||
// If nil, there is no inflight updateKeys request.
|
||||
inflightCtx *inflight
|
||||
|
||||
// A set of cached keys and their expiry.
|
||||
cachedKeys []jose.JSONWebKey
|
||||
expiry time.Time
|
||||
}
|
||||
|
||||
// errContext is a context with a customizable Err() return value.
|
||||
type errContext struct {
|
||||
context.Context
|
||||
|
||||
cf context.CancelFunc
|
||||
err error
|
||||
// inflight is used to wait on some in-flight request from multiple goroutines
|
||||
type inflight struct {
|
||||
done chan struct{}
|
||||
err error
|
||||
}
|
||||
|
||||
func newErrContext(parent context.Context) *errContext {
|
||||
ctx, cancel := context.WithCancel(parent)
|
||||
return &errContext{ctx, cancel, nil}
|
||||
// Done returns a channel that is closed when the inflight request finishes.
|
||||
func (i *inflight) Done() <-chan struct{} {
|
||||
return i.done
|
||||
}
|
||||
|
||||
func (e errContext) Err() error {
|
||||
return e.err
|
||||
// Err returns any error encountered during request execution. May be nil.
|
||||
func (i *inflight) Err() error {
|
||||
return i.err
|
||||
}
|
||||
|
||||
// cancel cancels the errContext causing listeners on Done() to return.
|
||||
func (e errContext) cancel(err error) {
|
||||
e.err = err
|
||||
e.cf()
|
||||
// Cancel signals completion of the inflight request with error err.
|
||||
// Must be called only once for particular inflight instance.
|
||||
func (i *inflight) Cancel(err error) {
|
||||
i.err = err
|
||||
close(i.done)
|
||||
}
|
||||
|
||||
func (r *remoteKeySet) keysWithIDFromCache(keyIDs []string) ([]jose.JSONWebKey, bool) {
|
||||
|
@ -105,18 +106,15 @@ func (r *remoteKeySet) keysWithID(ctx context.Context, keyIDs []string) ([]jose.
|
|||
return keys, nil
|
||||
}
|
||||
|
||||
var inflightCtx context.Context
|
||||
var inflightCtx *inflight
|
||||
func() {
|
||||
r.mu.Lock()
|
||||
defer r.mu.Unlock()
|
||||
|
||||
// If there's not a current inflight request, create one.
|
||||
if r.inflightCtx == nil {
|
||||
// Use the remoteKeySet's context instead of the requests context
|
||||
// because a re-sync is unique to the keys set and will span multiple
|
||||
// requests.
|
||||
errCtx := newErrContext(r.ctx)
|
||||
r.inflightCtx = errCtx
|
||||
inflightCtx := &inflight{make(chan struct{}), nil}
|
||||
r.inflightCtx = inflightCtx
|
||||
|
||||
go func() {
|
||||
// TODO(ericchiang): Upstream Kubernetes request that we recover every time
|
||||
|
@ -131,7 +129,10 @@ func (r *remoteKeySet) keysWithID(ctx context.Context, keyIDs []string) ([]jose.
|
|||
// See: https://github.com/coreos/go-oidc/issues/89
|
||||
|
||||
// Sync keys and close inflightCtx when that's done.
|
||||
errCtx.cancel(r.updateKeys(r.inflightCtx))
|
||||
// Use the remoteKeySet's context instead of the requests context
|
||||
// because a re-sync is unique to the keys set and will span multiple
|
||||
// requests.
|
||||
inflightCtx.Cancel(r.updateKeys(r.ctx))
|
||||
|
||||
r.mu.Lock()
|
||||
defer r.mu.Unlock()
|
||||
|
|
2
vendor/github.com/coreos/go-oidc/key/key_test.go
generated
vendored
2
vendor/github.com/coreos/go-oidc/key/key_test.go
generated
vendored
|
@ -76,7 +76,7 @@ func TestPublicKeyMarshalJSON(t *testing.T) {
|
|||
Modulus: big.NewInt(int64(17)),
|
||||
Exponent: 65537,
|
||||
}
|
||||
want := `{"kid":"foo","kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"EQ=="}`
|
||||
want := `{"kid":"foo","kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"EQ"}`
|
||||
pubKey := NewPublicKey(k)
|
||||
gotBytes, err := pubKey.MarshalJSON()
|
||||
if err != nil {
|
||||
|
|
17
vendor/github.com/coreos/go-oidc/oidc.go
generated
vendored
17
vendor/github.com/coreos/go-oidc/oidc.go
generated
vendored
|
@ -11,6 +11,7 @@ import (
|
|||
"time"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
"golang.org/x/net/context/ctxhttp"
|
||||
"golang.org/x/oauth2"
|
||||
jose "gopkg.in/square/go-jose.v2"
|
||||
)
|
||||
|
@ -84,7 +85,7 @@ type providerJSON struct {
|
|||
// or "https://login.salesforce.com".
|
||||
func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
|
||||
wellKnown := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration"
|
||||
resp, err := clientFromContext(ctx).Get(wellKnown)
|
||||
resp, err := ctxhttp.Get(ctx, clientFromContext(ctx), wellKnown)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -161,7 +162,19 @@ func (p *Provider) UserInfo(ctx context.Context, tokenSource oauth2.TokenSource)
|
|||
if p.userInfoURL == "" {
|
||||
return nil, errors.New("oidc: user info endpoint is not supported by this provider")
|
||||
}
|
||||
resp, err := clientFromContext(ctx).Get(p.userInfoURL)
|
||||
|
||||
req, err := http.NewRequest("GET", p.userInfoURL, nil)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("oidc: create GET request: %v", err)
|
||||
}
|
||||
|
||||
token, err := tokenSource.Token()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("oidc: get access token: %v", err)
|
||||
}
|
||||
token.SetAuthHeader(req)
|
||||
|
||||
resp, err := ctxhttp.Do(ctx, clientFromContext(ctx), req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
4
vendor/github.com/coreos/go-oidc/oidc/provider.go
generated
vendored
4
vendor/github.com/coreos/go-oidc/oidc/provider.go
generated
vendored
|
@ -567,7 +567,7 @@ func (n *pcsStepNext) step(fn pcsStepFunc) (next pcsStepper) {
|
|||
next = &pcsStepNext{aft: ttl}
|
||||
} else {
|
||||
next = &pcsStepRetry{aft: time.Second}
|
||||
log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
|
||||
log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
@ -586,7 +586,7 @@ func (r *pcsStepRetry) step(fn pcsStepFunc) (next pcsStepper) {
|
|||
next = &pcsStepNext{aft: ttl}
|
||||
} else {
|
||||
next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)}
|
||||
log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
|
||||
log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
|
6
vendor/github.com/coreos/go-oidc/test
generated
vendored
6
vendor/github.com/coreos/go-oidc/test
generated
vendored
|
@ -9,7 +9,7 @@ LINTABLE=$( go list -tags=golint -f '
|
|||
{{ range $i, $file := .TestGoFiles -}}
|
||||
{{ $file }} {{ end }}' github.com/coreos/go-oidc )
|
||||
|
||||
go test -v -i -race github.com/coreos/go-oidc
|
||||
go test -v -race github.com/coreos/go-oidc
|
||||
go test -v -i -race github.com/coreos/go-oidc/...
|
||||
go test -v -race github.com/coreos/go-oidc/...
|
||||
golint $LINTABLE
|
||||
go vet github.com/coreos/go-oidc
|
||||
go vet github.com/coreos/go-oidc/...
|
||||
|
|
Loading…
Reference in a new issue