3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 08:50:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

proxy/authenticator: fix check to ensure port assigned (#51)

Browse source
This commit is contained in:
Bobby DeSimone 2019-02-17 18:29:11 -08:00 committed by GitHub
parent 6f93909194
commit 88b7766c7d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

10
proxy/authenticator/grpc.go
View file

@ -18,7 +18,7 @@ import (
)
// NewGRPC returns a new authenticate service client.
func NewGRPC(opts *Options) (p Authenticator, err error) {
func NewGRPC(opts *Options) (p *AuthenticateGRPC, err error) {
// gRPC uses a pre-shared secret middleware to establish authentication b/w server and client
if opts.SharedSecret == "" {
return nil, errors.New("proxy/authenticator: grpc client requires shared secret")
@ -35,7 +35,7 @@ func NewGRPC(opts *Options) (p Authenticator, err error) {
return nil, errors.New("proxy/authenticator: connection address required")
}
// no colon exists in the connection string, assume one must be added manually
if !strings.Contains(":", connAddr) {
if !strings.Contains(connAddr, ":") {
connAddr = fmt.Sprintf("%s:%d", connAddr, opts.Port)
}
@ -65,7 +65,7 @@ func NewGRPC(opts *Options) (p Authenticator, err error) {
return nil, err
}
authClient := pb.NewAuthenticatorClient(conn)
return &AuthenticateGRPC{conn: conn, client: authClient}, nil
return &AuthenticateGRPC{Conn: conn, client: authClient}, nil
}
// RedeemResponse contains data from a authenticator redeem request.
@ -80,7 +80,7 @@ type RedeemResponse struct {
// AuthenticateGRPC is a gRPC implementation of an authenticator (authenticate client)
type AuthenticateGRPC struct {
conn *grpc.ClientConn
Conn *grpc.ClientConn
client pb.AuthenticatorClient
}
@ -149,5 +149,5 @@ func (a *AuthenticateGRPC) Validate(idToken string) (bool, error) {
// Close tears down the ClientConn and all underlying connections.
func (a *AuthenticateGRPC) Close() error {
return a.conn.Close()
return a.Conn.Close()
}

20
proxy/authenticator/grpc_test.go
View file

@ -182,31 +182,33 @@ func TestProxy_AuthenticateRefresh(t *testing.T) {
}
func TestNewGRPC(t *testing.T) {
tests := []struct {
name string
opts *Options
wantErr bool
wantErrStr string
wantTarget string
}{
{"no shared secret", &Options{}, true, "proxy/authenticator: grpc client requires shared secret"},
{"empty connection", &Options{Addr: "", SharedSecret: "shh"}, true, "proxy/authenticator: connection address required"},
{"empty connections", &Options{Addr: "", InternalAddr: "", SharedSecret: "shh"}, true, "proxy/authenticator: connection address required"},
{"internal addr", &Options{Addr: "", InternalAddr: "intranet.local", SharedSecret: "shh"}, false, ""},
{"cert override", &Options{Addr: "", InternalAddr: "intranet.local", OverrideCertificateName: "*.local", SharedSecret: "shh"}, false, ""},
{"no shared secret", &Options{}, true, "proxy/authenticator: grpc client requires shared secret", ""},
{"empty connection", &Options{Addr: "", Port: 443, SharedSecret: "shh"}, true, "proxy/authenticator: connection address required", ""},
{"both internal and addr empty", &Options{Addr: "", Port: 443, InternalAddr: "", SharedSecret: "shh"}, true, "proxy/authenticator: connection address required", ""},
{"internal addr with port", &Options{Addr: "", Port: 443, InternalAddr: "intranet.local:8443", SharedSecret: "shh"}, false, "", "intranet.local:8443"},
{"internal addr without port", &Options{Addr: "", Port: 443, InternalAddr: "intranet.local", SharedSecret: "shh"}, false, "", "intranet.local:443"},
{"cert override", &Options{Addr: "", Port: 443, InternalAddr: "intranet.local", OverrideCertificateName: "*.local", SharedSecret: "shh"}, false, "", "intranet.local:443"},
// {"addr and internal ", &Options{Addr: "localhost", InternalAddr: "local.localhost", SharedSecret: "shh"}, nil, true, ""},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, err := NewGRPC(tt.opts)
got, err := NewGRPC(tt.opts)
if (err != nil) != tt.wantErr {
t.Errorf("NewGRPC() error = %v, wantErr %v", err, tt.wantErr)
if !strings.EqualFold(err.Error(), tt.wantErrStr) {
t.Errorf("NewGRPC() error = %v did not contain wantErr %v", err, tt.wantErrStr)
}
return
}
if got != nil && got.Conn.Target() != tt.wantTarget {
t.Errorf("NewGRPC() target = %v expected %v", got.Conn.Target(), tt.wantTarget)
}
})