3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-11 07:12:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

Use Host:port for JWT audience generation

Browse source 
Signed-off-by: Travis Groth <travisgroth@users.noreply.github.com> (#562)
This commit is contained in:
Travis Groth 2020-03-25 22:15:15 -04:00 committed by GitHub
parent 136a366e5c
commit 799d1ad162
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
authenticate/handlers.go
View file

@ -133,7 +133,7 @@ func (a *Authenticate) SignIn(w http.ResponseWriter, r *http.Request) error {
return httputil.NewError(http.StatusBadRequest, err)
}
jwtAudience := []string{a.RedirectURL.Hostname(), redirectURL.Hostname()}
jwtAudience := []string{a.RedirectURL.Host, redirectURL.Host}
var callbackURL *url.URL
// if the callback is explicitly set, set it and add an additional audience
@ -142,7 +142,7 @@ func (a *Authenticate) SignIn(w http.ResponseWriter, r *http.Request) error {
if err != nil {
return httputil.NewError(http.StatusBadRequest, err)
}
jwtAudience = append(jwtAudience, callbackURL.Hostname())
jwtAudience = append(jwtAudience, callbackURL.Host)
} else {
// otherwise, assume callback is the same host as redirect
callbackURL, _ = urlutil.DeepCopy(redirectURL)

1
authenticate/handlers_test.go
View file

@ -115,6 +115,7 @@ func TestAuthenticate_SignIn(t *testing.T) {
wantCode int
}{
{"good", "https", "corp.example.example", map[string]string{urlutil.QueryRedirectURI: "https://dst.some.example/"}, &mstore.Store{Session: &sessions.State{Email: "user@pomerium.io", AccessToken: &oauth2.Token{Expiry: time.Now().Add(10 * time.Second)}}}, identity.MockProvider{}, &mock.Encoder{}, http.StatusFound},
{"good alternate port", "https", "corp.example.example:8443", map[string]string{urlutil.QueryRedirectURI: "https://dst.some.example/"}, &mstore.Store{Session: &sessions.State{Email: "user@pomerium.io", AccessToken: &oauth2.Token{Expiry: time.Now().Add(10 * time.Second)}}}, identity.MockProvider{}, &mock.Encoder{}, http.StatusFound},
{"session not valid", "https", "corp.example.example", map[string]string{urlutil.QueryRedirectURI: "https://dst.some.example/"}, &mstore.Store{Session: &sessions.State{Email: "user@pomerium.io", AccessToken: &oauth2.Token{Expiry: time.Now().Add(-10 * time.Second)}}}, identity.MockProvider{}, &mock.Encoder{}, http.StatusFound},
{"bad redirect uri query", "", "corp.example.example", map[string]string{urlutil.QueryRedirectURI: "^^^"}, &mstore.Store{Session: &sessions.State{Email: "user@pomerium.io", AccessToken: &oauth2.Token{Expiry: time.Now().Add(10 * time.Second)}}}, identity.MockProvider{}, &mock.Encoder{}, http.StatusBadRequest},
{"bad marshal", "https", "corp.example.example", map[string]string{urlutil.QueryRedirectURI: "https://dst.some.example/"}, &mstore.Store{Session: &sessions.State{Email: "user@pomerium.io", AccessToken: &oauth2.Token{Expiry: time.Now().Add(10 * time.Second)}}}, identity.MockProvider{}, &mock.Encoder{MarshalError: errors.New("error")}, http.StatusBadRequest},

2
internal/identity/gitlab.go
View file

@ -78,7 +78,7 @@ func (p GitLabProvider) Authenticate(ctx context.Context, code string) (*session
return nil, err
}
s, err := sessions.NewStateFromTokens(idToken, oauth2Token, p.RedirectURL.Hostname())
s, err := sessions.NewStateFromTokens(idToken, oauth2Token, p.RedirectURL.Host)
if err != nil {
return nil, err
}

2
internal/identity/providers.go
View file

@ -115,7 +115,7 @@ func (p *Provider) Authenticate(ctx context.Context, code string) (*sessions.Sta
return nil, err
}
s, err := sessions.NewStateFromTokens(idToken, oauth2Token, p.RedirectURL.Hostname())
s, err := sessions.NewStateFromTokens(idToken, oauth2Token, p.RedirectURL.Host)
if err != nil {
return nil, err
}