forked from Mirrors/oauth2
made some changes
This commit is contained in:
Patrick Jones
parent
57c99ca18a
commit
109292283c
|
|
@ -28,8 +28,7 @@ func setTime(testTime time.Time) func() time.Time {
|
|||
|
||||
func setEnvironment(env map[string]string) func(string) string {
|
||||
return func(key string) string {
|
||||
value, _ := env[key]
|
||||
return value
|
||||
return env[key]
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -55,64 +55,54 @@ type Config struct {
|
|||
|
||||
// Each element consists of a list of patterns. validateURLs checks for matches
|
||||
// that include all elements in a given list, in that order.
|
||||
|
||||
var (
|
||||
validTokenURLPatterns = []string{
|
||||
"https://[^\\.]+\\.sts\\.googleapis\\.com",
|
||||
"https://sts\\.googleapis\\.com",
|
||||
"https://sts\\.[^\\.]+\\.googleapis\\.com",
|
||||
"https://[^\\.]+-sts\\.googleapis\\.com",
|
||||
validTokenURLPatterns = []*regexp.Regexp{
|
||||
regexp.MustCompile("https://[^\\.]+\\.sts\\.googleapis\\.com"),
|
||||
regexp.MustCompile("https://sts\\.googleapis\\.com"),
|
||||
regexp.MustCompile("https://sts\\.[^\\.]+\\.googleapis\\.com"),
|
||||
regexp.MustCompile("https://[^\\.]+-sts\\.googleapis\\.com"),
|
||||
}
|
||||
validImpersonateURLPatterns = []string{
|
||||
"https://[^\\.]+\\.iamcredentials\\.googleapis\\.com",
|
||||
"https://iamcredentials\\.googleapis\\.com",
|
||||
"https://iamcredentials\\.[^\\.]+\\.googleapis\\.com",
|
||||
"https://[^\\.]+-iamcredentials\\.googleapis\\.com",
|
||||
validImpersonateURLPatterns = []*regexp.Regexp{
|
||||
regexp.MustCompile("https://[^\\.]+\\.iamcredentials\\.googleapis\\.com"),
|
||||
regexp.MustCompile("https://iamcredentials\\.googleapis\\.com"),
|
||||
regexp.MustCompile("https://iamcredentials\\.[^\\.]+\\.googleapis\\.com"),
|
||||
regexp.MustCompile("https://[^\\.]+-iamcredentials\\.googleapis\\.com"),
|
||||
}
|
||||
)
|
||||
|
||||
func validateURL(input string, patterns []string) (bool, error) {
|
||||
func validateURL(input string, patterns []*regexp.Regexp) bool {
|
||||
for _, pattern := range patterns {
|
||||
valid, err := regexp.MatchString(pattern, input)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
valid := pattern.MatchString(input)
|
||||
if valid {
|
||||
return true, nil
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false, nil
|
||||
return false
|
||||
}
|
||||
|
||||
// TokenSource Returns an external account TokenSource struct. This is to be called by package google to construct a google.Credentials.
|
||||
func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) {
|
||||
return c.tokenSource(ctx, false)
|
||||
return c.tokenSource(ctx, validTokenURLPatterns, validImpersonateURLPatterns)
|
||||
}
|
||||
|
||||
// tokenSource is a private function that's directly called by some of the tests,
|
||||
// because the unit test URLs are mocked, and would otherwise fail the
|
||||
// validity check.
|
||||
func (c *Config) tokenSource(ctx context.Context, testing bool) (oauth2.TokenSource, error) {
|
||||
if !testing {
|
||||
func (c *Config) tokenSource(ctx context.Context, tokenURLValidPats []*regexp.Regexp, impersonateURLValidPats []*regexp.Regexp) (oauth2.TokenSource, error) {
|
||||
// Check the validity of TokenURL.
|
||||
valid, err := validateURL(c.TokenURL, validTokenURLPatterns)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
valid := validateURL(c.TokenURL, tokenURLValidPats)
|
||||
if !valid {
|
||||
return nil, fmt.Errorf("oauth2/google: invalid TokenURL provided while constructing tokenSource")
|
||||
}
|
||||
|
||||
// If ServiceAccountImpersonationURL is present, check its validity.
|
||||
if c.ServiceAccountImpersonationURL != "" {
|
||||
valid, err := validateURL(c.ServiceAccountImpersonationURL, validImpersonateURLPatterns)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
valid := validateURL(c.ServiceAccountImpersonationURL, impersonateURLValidPats)
|
||||
if !valid {
|
||||
return nil, fmt.Errorf("oauth2/google: invalid ServiceAccountImpersonationURL provided while constructing tokenSource")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ts := tokenSource{
|
||||
ctx: ctx,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"regexp"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
|
@ -96,10 +97,10 @@ func TestToken(t *testing.T) {
|
|||
|
||||
}
|
||||
|
||||
func TestValidateURL(t *testing.T) {
|
||||
func TestValidateURLTokenURL(t *testing.T) {
|
||||
var urlValidityTests = []struct {
|
||||
input string
|
||||
pattern []string
|
||||
pattern []*regexp.Regexp
|
||||
result bool
|
||||
}{
|
||||
{"https://east.sts.googleapis.com", validTokenURLPatterns, true},
|
||||
|
|
@ -112,7 +113,23 @@ func TestValidateURL(t *testing.T) {
|
|||
{"https://sts..googleapis.com", validTokenURLPatterns, false},
|
||||
{"https://-sts.googleapis.com", validTokenURLPatterns, false},
|
||||
{"https://us-ea.st-1-sts.googleapis.com", validTokenURLPatterns, false},
|
||||
// Repeat for iamcredentials as well
|
||||
}
|
||||
for _, tt := range urlValidityTests {
|
||||
t.Run(" "+tt.input, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
|
||||
valid := validateURL(tt.input, tt.pattern)
|
||||
if valid != tt.result {
|
||||
t.Errorf("got %v, want %v", valid, tt.result)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateURLImpersonateURL (t *testing.T) {
|
||||
var urlValidityTests = []struct {
|
||||
input string
|
||||
pattern []*regexp.Regexp
|
||||
result bool
|
||||
}{
|
||||
{"https://east.iamcredentials.googleapis.com", validImpersonateURLPatterns, true},
|
||||
{"https://iamcredentials.googleapis.com", validImpersonateURLPatterns, true},
|
||||
{"https://iamcredentials.asfeasfesef.googleapis.com", validImpersonateURLPatterns, true},
|
||||
|
|
@ -126,11 +143,7 @@ func TestValidateURL(t *testing.T) {
|
|||
}
|
||||
for _, tt := range urlValidityTests {
|
||||
t.Run(" "+tt.input, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
|
||||
valid, err := validateURL(tt.input, tt.pattern)
|
||||
if err != nil {
|
||||
t.Errorf("validateURL returned an error: %v", err)
|
||||
return
|
||||
}
|
||||
valid := validateURL(tt.input, tt.pattern)
|
||||
if valid != tt.result {
|
||||
t.Errorf("got %v, want %v", valid, tt.result)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import (
|
|||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"regexp"
|
||||
"testing"
|
||||
)
|
||||
|
||||
|
|
@ -77,7 +78,9 @@ func TestImpersonation(t *testing.T) {
|
|||
defer targetServer.Close()
|
||||
|
||||
testImpersonateConfig.TokenURL = targetServer.URL
|
||||
ourTS, err := testImpersonateConfig.tokenSource(context.Background(), true)
|
||||
allURLs := regexp.MustCompile(".*")
|
||||
fmt.Println(allURLs)
|
||||
ourTS, err := testImpersonateConfig.tokenSource(context.Background(), []*regexp.Regexp{allURLs}, []*regexp.Regexp{allURLs})
|
||||
if err != nil {
|
||||
fmt.Println(testImpersonateConfig.TokenURL)
|
||||
t.Fatalf("Failed to create TokenSource: %v", err)
|
||||
|
|
|
|||
|
|
@ -128,6 +128,9 @@ func TestExchangeToken_Opts(t *testing.T) {
|
|||
}
|
||||
var opts map[string]interface{}
|
||||
err = json.Unmarshal([]byte(strOpts[0]), &opts)
|
||||
if err != nil {
|
||||
t.Fatalf("Couldn't parse received \"options\" field.")
|
||||
}
|
||||
if len(opts) < 2 {
|
||||
t.Errorf("Too few options received.")
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue