feat(oauth): association userID with clientID (clean)

mcluseau · Oct 8, 2019 · fffcef8 · fffcef8
1 parent b1695a4
commit fffcef8
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 15 deletions.
diff --git a/api/oauth.go b/api/oauth.go
@@ -66,9 +66,9 @@ func (api *API) oauthAuthenticate(request *restful.Request, response *restful.Re
 		return
 	}
 
-	id := safeStringValue(clientIdentity, "id")
+	id := stringValue(clientIdentity, "id")
 	if len(id) == 0 {
-		id = safeStringValue(clientIdentity, "sub") // different between some oauth providers
+		id = stringValue(clientIdentity, "sub") // different between some oauth providers
 		if len(id) == 0 {
 			response.WriteErrorString(http.StatusUnprocessableEntity, "client identity given by oauth is unprocessable")
 			return
@@ -94,7 +94,7 @@ func (api *API) oauthAuthenticate(request *restful.Request, response *restful.Re
 	response.WriteEntity(&AuthResponse{tokenString, claims})
 }
 
-func safeStringValue(m map[string]interface{}, field string) string {
+func stringValue(m map[string]interface{}, field string) string {
 	v, ok := m[field]
 	if !ok {
 		return ""

diff --git a/auth/etcd/etcd.go b/auth/etcd/etcd.go
@@ -101,6 +101,7 @@ func (a *etcdAuth) getUser(ctx context.Context, userID string) (user *User, err
 		return
 	}
 
+	user = &User{}
 	err = json.Unmarshal(resp.Kvs[0].Value, user)
 	return
 }

diff --git a/cmd/ag-companion-api/main.go b/cmd/ag-companion-api/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"flag"
+	"io/ioutil"
 	"log"
 	"net"
 	"net/http"
@@ -17,6 +18,7 @@ import (
 	"github.com/mcluseau/autentigo/pkg/companion-api/backend"
 	"github.com/mcluseau/autentigo/pkg/companion-api/backend/etcd"
 	usersfile "github.com/mcluseau/autentigo/pkg/companion-api/backend/users-file"
+	"github.com/mcluseau/autentigo/pkg/rbac"
 )
 
 var (
@@ -34,14 +36,14 @@ func main() {
 
 	var err error
 
-	/*	if rbac.Default, err = rbac.FromFile(*rbacFile); err != nil {
-			log.Fatal("failed to load RBAC rules: ", err)
-		}
+	if rbac.Default, err = rbac.FromFile(*rbacFile); err != nil {
+		log.Fatal("failed to load RBAC rules: ", err)
+	}
+
+	if rbac.DefaultValidationCertificate, err = ioutil.ReadFile(*validationCrtPath); err != nil {
+		log.Fatal("failed to read validation certificate: ", err)
+	}
 
-		if rbac.DefaultValidationCertificate, err = ioutil.ReadFile(*validationCrtPath); err != nil {
-			log.Fatal("failed to read validation certificate: ", err)
-		}
-	*/
 	cAPI := &companionapi.CompanionAPI{
 		Client:     getBackEndClient(),
 		AdminToken: *adminToken,

diff --git a/go.sum b/go.sum
@@ -194,6 +194,7 @@ github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20180323154445-8b799c424f57/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
@@ -229,6 +230,7 @@ github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGV
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pelletier/go-toml v1.4.0 h1:u3Z1r+oOXJIkxqw34zVhyPgjBsm6X2wn21NWs/HfSeg=
 github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
@@ -282,21 +284,25 @@ github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.1 h1:qgMbHoJbPbw579P+1zVY+6n4nIFuIchaIjzZ/I/Yq8M=
 github.com/spf13/afero v1.2.1/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s=
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
 github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/viper v1.3.1 h1:5+8j8FTpnFV4nEImW/ofkzEt8VoOiLXxdYIDsB73T38=
 github.com/spf13/viper v1.3.1/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/spf13/viper v1.4.0 h1:yXHLWeravcrgGyFSyCgdYpXQ9dR9c/WED3pg1RhxqEU=
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

diff --git a/pkg/companion-api/api/oauth.go b/pkg/companion-api/api/oauth.go
@@ -139,12 +139,12 @@ func (cApi *CompanionAPI) callback(request *restful.Request, response *restful.R
 		return
 	}
 
-	id := safeStringValue(clientIdentity, "id")
-	name := safeStringValue(clientIdentity, "name")
-	email := safeStringValue(clientIdentity, "email")
+	id := stringValue(clientIdentity, "id")
+	name := stringValue(clientIdentity, "name")
+	email := stringValue(clientIdentity, "email")
 
 	if len(id) == 0 {
-		id = safeStringValue(clientIdentity, "sub") // different between some oauth providers
+		id = stringValue(clientIdentity, "sub") // different between some oauth providers
 		if len(id) == 0 {
 			response.WriteErrorString(http.StatusUnprocessableEntity, "client identity given by oauth is unprocessable")
 			return
@@ -184,7 +184,7 @@ func (cApi *CompanionAPI) callback(request *restful.Request, response *restful.R
 	response.WriteHeader(http.StatusOK)
 }
 
-func safeStringValue(m map[string]interface{}, field string) string {
+func stringValue(m map[string]interface{}, field string) string {
 	v, ok := m[field]
 	if !ok {
 		return ""
-Original file line number
+Diff line change
@@ Expand Up @@
     		return
     	}
+    	user = &User{}
     	err = json.Unmarshal(resp.Kvs[0].Value, user)
     	return
     }
@@ Expand Down @@