3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 19:06:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: ensure authorize url is set (#760)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone 2020-05-26 10:44:20 -07:00 committed by GitHub
parent f770ccfedd
commit 9d7ef85687
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
authenticate/authenticate.go
View file

@ -55,6 +55,9 @@ func ValidateOptions(o config.Options) error {
if o.AuthenticateCallbackPath == "" { if o.AuthenticateCallbackPath == "" {
return errors.New("authenticate: 'AUTHENTICATE_CALLBACK_PATH' is required") return errors.New("authenticate: 'AUTHENTICATE_CALLBACK_PATH' is required")
} }
if err := urlutil.ValidateURL(o.AuthorizeURL); err != nil {
return fmt.Errorf("authenticate: invalid 'AUTHORIZE_SERVICE_URL': %w", err)
}
return nil return nil
} }

4
authenticate/authenticate_test.go
View file

@ -106,6 +106,9 @@ func TestNew(t *testing.T) {
badSigninKeyPublic := newTestOptions(t) badSigninKeyPublic := newTestOptions(t)
badSigninKeyPublic.SigningKey = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJFakNCdWdJSkFNWUdtVzhpYWd1TU1Bb0dDQ3FHU000OUJBTUNNQkV4RHpBTkJnTlZCQU1NQm5WdWRYTmwKWkRBZ0Z3MHlNREExTWpJeU1EUTFNalJhR0E4ME56VTRNRFF4T1RJd05EVXlORm93RVRFUE1BMEdBMVVFQXd3RwpkVzUxYzJWa01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRVVHNXhDUDBKVFQxSDZJb2w4akt1ClRJUFZMTTA0Q2dXOVBsRXlwTlJtV2xvb0tFWFI5SFQzT2J6empLWWljemIwKzFLd1YyZk1URTE4dXcvNjFyVUMKQkRBS0JnZ3Foa2pPUFFRREFnTkhBREJFQWlBSFFDUFh2WG5oeHlDTGNhZ3N3eWt4RUM1NFV5RmdyUVJVRmVCYwpPUzVCSFFJZ1Y3T2FXY2pMeHdsRlIrWDZTQ2daZDI5bXBtOVZKNnpXQURhWGdEN3FURW89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" badSigninKeyPublic.SigningKey = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJFakNCdWdJSkFNWUdtVzhpYWd1TU1Bb0dDQ3FHU000OUJBTUNNQkV4RHpBTkJnTlZCQU1NQm5WdWRYTmwKWkRBZ0Z3MHlNREExTWpJeU1EUTFNalJhR0E4ME56VTRNRFF4T1RJd05EVXlORm93RVRFUE1BMEdBMVVFQXd3RwpkVzUxYzJWa01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRVVHNXhDUDBKVFQxSDZJb2w4akt1ClRJUFZMTTA0Q2dXOVBsRXlwTlJtV2xvb0tFWFI5SFQzT2J6empLWWljemIwKzFLd1YyZk1URTE4dXcvNjFyVUMKQkRBS0JnZ3Foa2pPUFFRREFnTkhBREJFQWlBSFFDUFh2WG5oeHlDTGNhZ3N3eWt4RUM1NFV5RmdyUVJVRmVCYwpPUzVCSFFJZ1Y3T2FXY2pMeHdsRlIrWDZTQ2daZDI5bXBtOVZKNnpXQURhWGdEN3FURW89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
badAuthZ := newTestOptions(t)
badAuthZ.AuthorizeURL = nil
tests := []struct { tests := []struct {
name string name string
opts *config.Options opts *config.Options
@ -122,6 +125,7 @@ func TestNew(t *testing.T) {
{"good signing key", goodSigningKey, false}, {"good signing key", goodSigningKey, false},
{"bad signing key", badSigningKey, true}, {"bad signing key", badSigningKey, true},
{"bad public signing key", badSigninKeyPublic, true}, {"bad public signing key", badSigninKeyPublic, true},
{"nil autz url", badAuthZ, true},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {

1
authenticate/handlers_test.go
View file

@ -548,6 +548,7 @@ func TestAuthenticate_Refresh(t *testing.T) {
CookieName: "pomerium", CookieName: "pomerium",
Addr: ":0", Addr: ":0",
CacheURL: uriParseHelper("https://authenticate.corp.beyondperimeter.com"), CacheURL: uriParseHelper("https://authenticate.corp.beyondperimeter.com"),
AuthorizeURL: uriParseHelper("https://authorize.corp.beyondperimeter.com"),
}) })
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)