Skip to content

Commit

Permalink
ci: Added golangci-lint github action to validate the pull request
Browse files Browse the repository at this point in the history
  • Loading branch information
erka committed Sep 16, 2021
1 parent 757d23f commit a2df6fb
Show file tree
Hide file tree
Showing 11 changed files with 72 additions and 44 deletions.
7 changes: 7 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,10 @@ jobs:
go-version: ${{ matrix.go }}
- name: Test
run: go test ./...
lint:
name: Lint
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: golangci-lint
uses: golangci/golangci-lint-action@v2
5 changes: 4 additions & 1 deletion build_logout_response.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,10 @@ func (sp *SAMLServiceProvider) BuildLogoutResponseDocumentNoSig(status string, r
}

func (sp *SAMLServiceProvider) SignLogoutResponse(el *etree.Element) (*etree.Element, error) {
ctx := sp.SigningContext()
ctx, err := sp.SigningContext()
if err != nil {
return nil, err
}

sig, err := ctx.ConstructSignature(el, true)
if err != nil {
Expand Down
21 changes: 17 additions & 4 deletions build_request.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,10 @@ func (sp *SAMLServiceProvider) BuildAuthRequestDocumentNoSig() (*etree.Document,
//
// [1] https://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd
func (sp *SAMLServiceProvider) SignAuthnRequest(el *etree.Element) (*etree.Element, error) {
ctx := sp.SigningContext()
ctx, err := sp.SigningContext()
if err != nil {
return nil, err
}

sig, err := ctx.ConstructSignature(el, true)
if err != nil {
Expand Down Expand Up @@ -164,7 +167,10 @@ func (sp *SAMLServiceProvider) buildAuthURLFromDocument(relayState, binding stri

if sp.SignAuthnRequests && binding == BindingHttpRedirect {
// Sign URL encoded query (see Section 3.4.4.1 DEFLATE Encoding of saml-bindings-2.0-os.pdf)
ctx := sp.SigningContext()
ctx, err := sp.SigningContext()
if err != nil {
return "", err
}
qs.Add("SigAlg", ctx.GetSignatureMethodIdentifier())
var rawSignature []byte
if rawSignature, err = ctx.SignString(signatureInputString(qs.Get("SAMLRequest"), qs.Get("RelayState"), qs.Get("SigAlg"))); err != nil {
Expand Down Expand Up @@ -347,7 +353,10 @@ func (sp *SAMLServiceProvider) buildLogoutRequest(includeSig bool, nameID string
}

func (sp *SAMLServiceProvider) SignLogoutRequest(el *etree.Element) (*etree.Element, error) {
ctx := sp.SigningContext()
ctx, err := sp.SigningContext()
if err != nil {
return nil, err
}

sig, err := ctx.ConstructSignature(el, true)
if err != nil {
Expand Down Expand Up @@ -477,7 +486,11 @@ func (sp *SAMLServiceProvider) buildLogoutURLFromDocument(relayState, binding st

if binding == BindingHttpRedirect {
// Sign URL encoded query (see Section 3.4.4.1 DEFLATE Encoding of saml-bindings-2.0-os.pdf)
ctx := sp.SigningContext()
ctx, err := sp.SigningContext()
if err != nil {
return "", err
}

qs.Add("SigAlg", ctx.GetSignatureMethodIdentifier())
var rawSignature []byte
//qs.Encode() sorts the keys (See https://golang.org/pkg/net/url/#Values.Encode).
Expand Down
10 changes: 5 additions & 5 deletions providertests/oktadev_test.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
// Copyright 2016 Russell Haering et al.
//
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//
// https://www.apache.org/licenses/LICENSE-2.0
//
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Expand All @@ -19,8 +19,8 @@ import (
"time"

"github.com/jonboulle/clockwork"
"github.com/russellhaering/gosaml2"
"github.com/russellhaering/goxmldsig"
saml2 "github.com/russellhaering/gosaml2"
dsig "github.com/russellhaering/goxmldsig"
)

var oktaScenarioErrors = map[int]string{
Expand Down
8 changes: 4 additions & 4 deletions providertests/onelogin_test.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
// Copyright 2016 Russell Haering et al.
//
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//
// https://www.apache.org/licenses/LICENSE-2.0
//
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Expand All @@ -17,7 +17,7 @@ import (
"fmt"
"testing"

"github.com/russellhaering/gosaml2"
saml2 "github.com/russellhaering/gosaml2"
)

var oneLoginScenarioErrors = map[int]string{
Expand Down
8 changes: 4 additions & 4 deletions providertests/pingfed_test.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
// Copyright 2016 Russell Haering et al.
//
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//
// https://www.apache.org/licenses/LICENSE-2.0
//
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Expand All @@ -17,7 +17,7 @@ import (
"fmt"
"testing"

"github.com/russellhaering/gosaml2"
saml2 "github.com/russellhaering/gosaml2"
)

var pingFedScenarioErrors = map[int]string{
Expand Down
14 changes: 7 additions & 7 deletions providertests/providers_test.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
// Copyright 2016 Russell Haering et al.
//
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//
// https://www.apache.org/licenses/LICENSE-2.0
//
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Expand All @@ -18,8 +18,8 @@ import (
"time"

"github.com/jonboulle/clockwork"
"github.com/russellhaering/gosaml2"
"github.com/russellhaering/goxmldsig"
saml2 "github.com/russellhaering/gosaml2"
dsig "github.com/russellhaering/goxmldsig"
)

func TestValidateResponses(t *testing.T) {
Expand Down Expand Up @@ -107,7 +107,7 @@ func TestValidateResponses(t *testing.T) {
AudienceURI: "{audience}",
SkipSignatureValidation: false,
AllowMissingAttributes: true,
Clock: dsig.NewFakeClock(clockwork.NewFakeClockAt(time.Date(2017, 3, 8, 7, 51, 0, 0, time.UTC))),
Clock: dsig.NewFakeClock(clockwork.NewFakeClockAt(time.Date(2017, 3, 8, 7, 51, 0, 0, time.UTC))),
},
},
{
Expand All @@ -121,7 +121,7 @@ func TestValidateResponses(t *testing.T) {
AudienceURI: "JSAuth",
SkipSignatureValidation: false,
AllowMissingAttributes: true,
Clock: dsig.NewFakeClock(clockwork.NewFakeClockAt(time.Date(2016, 12, 12, 16, 55, 0, 0, time.UTC))),
Clock: dsig.NewFakeClock(clockwork.NewFakeClockAt(time.Date(2016, 12, 12, 16, 55, 0, 0, time.UTC))),
},
},
}
Expand Down
10 changes: 5 additions & 5 deletions providertests/utils.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
// Copyright 2016 Russell Haering et al.
//
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//
// https://www.apache.org/licenses/LICENSE-2.0
//
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Expand All @@ -26,9 +26,9 @@ import (
"time"

"github.com/jonboulle/clockwork"
"github.com/russellhaering/gosaml2"
saml2 "github.com/russellhaering/gosaml2"
"github.com/russellhaering/gosaml2/types"
"github.com/russellhaering/goxmldsig"
dsig "github.com/russellhaering/goxmldsig"
"github.com/stretchr/testify/require"
)

Expand Down
11 changes: 7 additions & 4 deletions saml.go
Original file line number Diff line number Diff line change
Expand Up @@ -229,25 +229,28 @@ func (sp *SAMLServiceProvider) GetSigningCertBytes() ([]byte, error) {
}
}

func (sp *SAMLServiceProvider) SigningContext() *dsig.SigningContext {
func (sp *SAMLServiceProvider) SigningContext() (*dsig.SigningContext, error) {
sp.signingContextMu.RLock()
signingContext := sp.signingContext
sp.signingContextMu.RUnlock()

if signingContext != nil {
return signingContext
return signingContext, nil
}

sp.signingContextMu.Lock()
defer sp.signingContextMu.Unlock()

sp.signingContext = dsig.NewDefaultSigningContext(sp.GetSigningKey())
sp.signingContext.SetSignatureMethod(sp.SignAuthnRequestsAlgorithm)
err := sp.signingContext.SetSignatureMethod(sp.SignAuthnRequestsAlgorithm)
if err != nil {
return nil, err
}
if sp.SignAuthnRequestsCanonicalizer != nil {
sp.signingContext.Canonicalizer = sp.SignAuthnRequestsCanonicalizer
}

return sp.signingContext
return sp.signingContext, nil
}

type ProxyRestriction struct {
Expand Down
17 changes: 11 additions & 6 deletions saml_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,9 @@ func TestDecode(t *testing.T) {
}
decoded := make([]byte, len(f))

base64.StdEncoding.Decode(decoded, f)
_, err = base64.StdEncoding.Decode(decoded, f)
require.NoError(t, err)

response := &types.Response{}

err = xml.Unmarshal(decoded, response)
Expand Down Expand Up @@ -102,8 +104,9 @@ func signResponse(t *testing.T, resp string, sp *SAMLServiceProvider) string {
parent := sig.Parent()
parent.RemoveChild(sig)
}

el, err = sp.SigningContext().SignEnveloped(el)
signingCtx, err := sp.SigningContext()
require.NoError(t, err)
el, err = signingCtx.SignEnveloped(el)
require.NoError(t, err)

doc0 := etree.NewDocument()
Expand Down Expand Up @@ -146,6 +149,7 @@ func TestSAML(t *testing.T) {
IDPCertificateStore: &certStore,
SPKeyStore: randomKeyStore,
NameIdFormat: NameIdFormatPersistent,
SignAuthnRequestsAlgorithm: dsig.RSASHA1SignatureMethod,
}

authRequestURL, err := sp.BuildAuthURL("/some/link/here")
Expand Down Expand Up @@ -308,9 +312,10 @@ func TestInvalidResponseBadXML(t *testing.T) {
compressor, err := flate.NewWriter(compressed, flate.BestCompression)
require.NoError(t, err)

compressor.Write([]byte(">Definitely&Invalid XML"))
compressor.Close()

_, err = compressor.Write([]byte(">Definitely&Invalid XML"))
require.NoError(t, err)
err = compressor.Close()
require.NoError(t, err)
b64Response := base64.StdEncoding.EncodeToString(compressed.Bytes())

response, err := sp.ValidateEncodedResponse(b64Response)
Expand Down
Loading

0 comments on commit a2df6fb

Please sign in to comment.