3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-04 01:09:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

hpke: compress query string (#4147)

Browse source 
* hpke: compress query string

* only use v2 in authenticate if v2 was used for the initial request

* fix comment
This commit is contained in:
Caleb Doxsey 2023-05-02 14:12:34 -06:00 committed by GitHub
parent 69713d38af
commit facf9ab093
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 184 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

5
internal/urlutil/known.go
View file

@ -40,6 +40,7 @@ func CallbackURL(
proxyPublicKey *hpke.PublicKey,
requestParams url.Values,
profile *identity.Profile,
encryptURLValues hpke.EncryptURLValuesFunc,
) (string, error) {
redirectURL, err := ParseAndValidateURL(requestParams.Get(QueryRedirectURI))
if err != nil {
@ -76,7 +77,7 @@ func CallbackURL(
BuildTimeParameters(callbackParams, signInExpiry)
callbackParams, err = hpke.EncryptURLValues(authenticatePrivateKey, proxyPublicKey, callbackParams)
callbackParams, err = encryptURLValues(authenticatePrivateKey, proxyPublicKey, callbackParams)
if err != nil {
return "", fmt.Errorf("error encrypting callback params: %w", err)
}
@ -115,7 +116,7 @@ func SignInURL(
q.Set(QueryVersion, versionStr())
q.Set(QueryRequestUUID, uuid.NewString())
BuildTimeParameters(q, signInExpiry)
q, err := hpke.EncryptURLValues(senderPrivateKey, authenticatePublicKey, q)
q, err := hpke.EncryptURLValuesV2(senderPrivateKey, authenticatePublicKey, q)
if err != nil {
return "", err
}

2
internal/urlutil/known_test.go
View file

@ -23,7 +23,7 @@ func TestCallbackURL(t *testing.T) {
QueryRedirectURI: {"https://redirect.example.com"},
}, &identity.Profile{
ProviderId: "IDP-1",
})
}, hpke.EncryptURLValuesV1)
require.NoError(t, err)
signInURL, err := ParseAndValidateURL(rawSignInURL)