From 21677743412e0b60952599defe5e8deccaee3690 Mon Sep 17 00:00:00 2001 From: Nikolay Turpitko Date: Tue, 10 Mar 2015 14:28:17 +0600 Subject: [PATCH] oauth2: long if condition in providerAuthHeaderWorks replaced with loop Long if condition replaced with loop. Related to issue #41. Change-Id: Ib5b88ce2ee2841e9b6c24d78f93bb027141bf678 Reviewed-on: https://go-review.googlesource.com/7290 Reviewed-by: Andrew Gerrand Reviewed-by: Burcu Dogan --- oauth2.go | 34 ++++++++++++++++++++-------------- oauth2_test.go | 17 +++++++++++++++++ 2 files changed, 37 insertions(+), 14 deletions(-) diff --git a/oauth2.go b/oauth2.go index 4350a67..e4b42fe 100644 --- a/oauth2.go +++ b/oauth2.go @@ -414,6 +414,21 @@ func condVal(v string) []string { return []string{v} } +var brokenAuthHeaderProviders = []string{ + "https://accounts.google.com/", + "https://www.googleapis.com/", + "https://github.com/", + "https://api.instagram.com/", + "https://www.douban.com/", + "https://api.dropbox.com/", + "https://api.soundcloud.com/", + "https://www.linkedin.com/", + "https://api.twitch.tv/", + "https://oauth.vk.com/", + "https://api.odnoklassniki.ru/", + "https://connect.stripe.com/", +} + // providerAuthHeaderWorks reports whether the OAuth2 server identified by the tokenURL // implements the OAuth2 spec correctly // See https://code.google.com/p/goauth2/issues/detail?id=31 for background. @@ -423,20 +438,11 @@ func condVal(v string) []string { // - Google only accepts URL param (not spec compliant?), not Auth header // - Stripe only accepts client secret in Auth header with Bearer method, not Basic func providerAuthHeaderWorks(tokenURL string) bool { - if strings.HasPrefix(tokenURL, "https://accounts.google.com/") || - strings.HasPrefix(tokenURL, "https://www.googleapis.com/") || - strings.HasPrefix(tokenURL, "https://github.com/") || - strings.HasPrefix(tokenURL, "https://api.instagram.com/") || - strings.HasPrefix(tokenURL, "https://www.douban.com/") || - strings.HasPrefix(tokenURL, "https://api.dropbox.com/") || - strings.HasPrefix(tokenURL, "https://api.soundcloud.com/") || - strings.HasPrefix(tokenURL, "https://www.linkedin.com/") || - strings.HasPrefix(tokenURL, "https://api.twitch.tv/") || - strings.HasPrefix(tokenURL, "https://oauth.vk.com/") || - strings.HasPrefix(tokenURL, "http://api.odnoklassniki.ru/") || - strings.HasPrefix(tokenURL, "https://connect.stripe.com/") { - // Some sites fail to implement the OAuth2 spec fully. - return false + for _, s := range brokenAuthHeaderProviders { + if strings.HasPrefix(tokenURL, s) { + // Some sites fail to implement the OAuth2 spec fully. + return false + } } // Assume the provider implements the spec properly diff --git a/oauth2_test.go b/oauth2_test.go index 908a190..df40ee9 100644 --- a/oauth2_test.go +++ b/oauth2_test.go @@ -407,3 +407,20 @@ func TestConfigClientWithToken(t *testing.T) { t.Error(err) } } + +func Test_providerAuthHeaderWorks(t *testing.T) { + for _, p := range brokenAuthHeaderProviders { + if providerAuthHeaderWorks(p) { + t.Errorf("URL: %s not found in list", p) + } + p := fmt.Sprintf("%ssomesuffix", p) + if providerAuthHeaderWorks(p) { + t.Errorf("URL: %s not found in list", p) + } + } + p := "https://api.not-in-the-list-example.com/" + if !providerAuthHeaderWorks(p) { + t.Errorf("URL: %s found in list", p) + } + +}