Arsharth/dex
1
0
Fork 0
forked from mystiq/dex
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: Minor style fixes after merging PKCE implementation

Browse source 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
This commit is contained in:
m.nabokikh 2020-10-26 23:20:33 +04:00
parent b5519695a6
commit a5ad5eaf08
2 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
connector/ldap/ldap.go
View file

@ -62,6 +62,7 @@ type UserMatcher struct {
GroupAttr string `json:"groupAttr"` GroupAttr string `json:"groupAttr"`
} }
// Config holds configuration options for LDAP logins.
type Config struct { type Config struct {
// The host and optional port of the LDAP server. If port isn't supplied, it will be // The host and optional port of the LDAP server. If port isn't supplied, it will be
// guessed based on the TLS configuration. 389 or 636. // guessed based on the TLS configuration. 389 or 636.

7
server/handlers.go
View file

@ -820,7 +820,8 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s
codeChallengeFromStorage := authCode.PKCE.CodeChallenge codeChallengeFromStorage := authCode.PKCE.CodeChallenge
providedCodeVerifier := r.PostFormValue("code_verifier") providedCodeVerifier := r.PostFormValue("code_verifier")
if providedCodeVerifier != "" && codeChallengeFromStorage != "" { switch {
case providedCodeVerifier != "" && codeChallengeFromStorage != "":
calculatedCodeChallenge, err := s.calculateCodeChallenge(providedCodeVerifier, authCode.PKCE.CodeChallengeMethod) calculatedCodeChallenge, err := s.calculateCodeChallenge(providedCodeVerifier, authCode.PKCE.CodeChallengeMethod)
if err != nil { if err != nil {
s.logger.Error(err) s.logger.Error(err)
@ -831,11 +832,11 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s
s.tokenErrHelper(w, errInvalidGrant, "Invalid code_verifier.", http.StatusBadRequest) s.tokenErrHelper(w, errInvalidGrant, "Invalid code_verifier.", http.StatusBadRequest)
return return
} }
} else if providedCodeVerifier != "" { case providedCodeVerifier != "":
// Received no code_challenge on /auth, but a code_verifier on /token // Received no code_challenge on /auth, but a code_verifier on /token
s.tokenErrHelper(w, errInvalidRequest, "No PKCE flow started. Cannot check code_verifier.", http.StatusBadRequest) s.tokenErrHelper(w, errInvalidRequest, "No PKCE flow started. Cannot check code_verifier.", http.StatusBadRequest)
return return
} else if codeChallengeFromStorage != "" { case codeChallengeFromStorage != "":
// Received PKCE request on /auth, but no code_verifier on /token // Received PKCE request on /auth, but no code_verifier on /token
s.tokenErrHelper(w, errInvalidGrant, "Expecting parameter code_verifier in PKCE flow.", http.StatusBadRequest) s.tokenErrHelper(w, errInvalidGrant, "Expecting parameter code_verifier in PKCE flow.", http.StatusBadRequest)
return return