Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
G
glcpro
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
POCS
glcpro
Commits
f6055194
Commit
f6055194
authored
4 years ago
by
Nicolas Pernoud
Browse files
Options
Downloads
Patches
Plain Diff
chore: refactored tokens
parent
2b74657f
No related branches found
No related tags found
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
pkg/oidc2server/oidcserver.go
+4
-4
4 additions, 4 deletions
pkg/oidc2server/oidcserver.go
pkg/tokens/tokens.go
+19
-13
19 additions, 13 deletions
pkg/tokens/tokens.go
pkg/tokens/tokens_test.go
+3
-3
3 additions, 3 deletions
pkg/tokens/tokens_test.go
with
26 additions
and
20 deletions
pkg/oidc2server/oidcserver.go
+
4
−
4
View file @
f6055194
...
...
@@ -106,7 +106,7 @@ func CreateOIDCServer() *http.ServeMux {
// Store the client data in a cookie
rd
.
State
=
query
.
Get
(
"state"
)
rd
.
Sirent
=
query
.
Get
(
"sirent"
)
tokens
.
Manager
.
StoreData
(
rd
,
"localhost"
,
"clientRequestData"
,
600
*
time
.
Second
,
w
)
// TODO : 60 seconds
tokens
.
CreateCookie
(
rd
,
"localhost"
,
"clientRequestData"
,
600
*
time
.
Second
,
w
)
// TODO : 60 seconds
// Redirect to France Connect with the callback as parameter
// TODO : France Connect parameters as env variables
...
...
@@ -180,7 +180,7 @@ func CreateOIDCServer() *http.ServeMux {
// Get back the redirect url from the cookie
rd
:=
clientRequestData
{}
_
,
err
=
tokens
.
Manager
.
ExtractAndValidateToken
(
r
,
"clientRequestData"
,
&
rd
,
false
)
_
,
err
=
tokens
.
ExtractAndValidateToken
(
r
,
"clientRequestData"
,
&
rd
,
false
)
fmt
.
Printf
(
"Request Data:%v
\n
"
,
rd
)
if
err
!=
nil
{
http
.
Error
(
w
,
"could not get the initial client request data from cookie"
,
http
.
StatusInternalServerError
)
...
...
@@ -215,7 +215,7 @@ func CreateOIDCServer() *http.ServeMux {
Id
:
i
,
E
:
s
,
}
code
,
err
:=
tokens
.
Manager
.
CreateToken
(
tokenData
,
time
.
Now
()
.
Add
(
60
*
time
.
Second
))
code
,
err
:=
tokens
.
CreateToken
(
tokenData
,
time
.
Now
()
.
Add
(
60
*
time
.
Second
))
if
err
!=
nil
{
http
.
Error
(
w
,
"could not create an authorisation code"
,
http
.
StatusInternalServerError
)
return
...
...
@@ -249,7 +249,7 @@ func CreateOIDCServer() *http.ServeMux {
}
// Get and decode the autorisation code
var
id
GLCId
_
,
err
:=
tokens
.
Manager
.
ExtractAndValidateToken
(
r
,
""
,
&
id
,
false
)
_
,
err
:=
tokens
.
ExtractAndValidateToken
(
r
,
""
,
&
id
,
false
)
if
err
!=
nil
{
http
.
Error
(
w
,
"authorization code is invalid: "
+
err
.
Error
(),
http
.
StatusBadRequest
)
return
...
...
This diff is collapsed.
Click to expand it.
pkg/tokens/tokens.go
+
19
−
13
View file @
f6055194
...
...
@@ -22,8 +22,8 @@ import (
var
(
now
=
time
.
Now
//
Manager
is the current token manager
Manager
manager
//
m
is the current token manager
m
manager
)
// manager manages tokens
...
...
@@ -34,7 +34,7 @@ type manager struct {
// Init inits the main token manager
func
init
()
{
Manager
=
newManager
()
m
=
newManager
()
}
// newManager creates a manager
...
...
@@ -54,8 +54,7 @@ func newManager() manager {
}
log
.
Logger
.
Printf
(
"Token signing key set : %v
\n
"
,
string
(
keyConfig
.
Key
))
return
manager
{
key
:
keyConfig
.
Key
,
debugMode
:
common
.
BoolValueFromEnv
(
"DEBUG_MODE"
,
false
),
key
:
keyConfig
.
Key
,
}
}
...
...
@@ -66,10 +65,10 @@ type Token struct {
Data
[]
byte
}
//
Sto
re
D
at
a
creates a token with the given data and returns it in a cookie
func
(
m
manager
)
StoreData
(
data
interface
{},
hostName
string
,
cookieName
string
,
duration
time
.
Duration
,
w
http
.
ResponseWriter
)
{
//
C
reat
eCookie
creates a token with the given data and returns it in a cookie
func
CreateCookie
(
data
interface
{},
hostName
string
,
cookieName
string
,
duration
time
.
Duration
,
w
http
.
ResponseWriter
)
{
expiration
:=
now
()
.
Add
(
duration
)
value
,
err
:=
m
.
CreateToken
(
data
,
expiration
)
value
,
err
:=
CreateToken
(
data
,
expiration
)
if
err
!=
nil
{
http
.
Error
(
w
,
err
.
Error
(),
http
.
StatusInternalServerError
)
return
...
...
@@ -79,7 +78,7 @@ func (m manager) StoreData(data interface{}, hostName string, cookieName string,
}
// CreateToken creates a token with the given data
func
(
m
manager
)
CreateToken
(
data
interface
{},
expiration
time
.
Time
)
(
string
,
error
)
{
func
CreateToken
(
data
interface
{},
expiration
time
.
Time
)
(
string
,
error
)
{
// Marshall the data
d
,
err
:=
json
.
Marshal
(
data
)
if
err
!=
nil
{
...
...
@@ -97,7 +96,10 @@ func (m manager) CreateToken(data interface{}, expiration time.Time) (string, er
}
// Compress with deflate
var
csToken
bytes
.
Buffer
c
,
err
:=
flate
.
NewWriter
(
&
csToken
,
flate
.
BestCompression
)
var
c
*
flate
.
Writer
if
c
,
err
=
flate
.
NewWriter
(
&
csToken
,
flate
.
BestCompression
);
err
!=
nil
{
return
""
,
err
}
if
_
,
err
:=
c
.
Write
(
sToken
);
err
!=
nil
{
return
""
,
err
}
...
...
@@ -112,7 +114,7 @@ func (m manager) CreateToken(data interface{}, expiration time.Time) (string, er
}
// ExtractAndValidateToken extracts the token from the request, validates it, and return the data n the value pointed to by v
func
(
m
manager
)
ExtractAndValidateToken
(
r
*
http
.
Request
,
cookieName
string
,
v
interface
{},
checkXSRF
bool
)
(
bool
,
error
)
{
func
ExtractAndValidateToken
(
r
*
http
.
Request
,
cookieName
string
,
v
interface
{},
checkXSRF
bool
)
(
bool
,
error
)
{
becsToken
,
checkXSRF
,
err
:=
func
(
r
*
http
.
Request
,
checkXSRF
bool
)
(
string
,
bool
,
error
)
{
// Try to extract from the cookie
cookie
,
err
:=
r
.
Cookie
(
cookieName
)
...
...
@@ -128,13 +130,13 @@ func (m manager) ExtractAndValidateToken(r *http.Request, cookieName string, v i
}(
r
,
checkXSRF
)
if
err
==
nil
{
return
checkXSRF
,
m
.
unstoreData
(
becsToken
,
v
)
return
checkXSRF
,
unstoreData
(
becsToken
,
v
)
}
return
false
,
err
}
// unstoreData decrypt, uncompress, unserialize the token, and returns the data n the value pointed to by v
func
(
m
manager
)
unstoreData
(
becsToken
string
,
v
interface
{})
error
{
func
unstoreData
(
becsToken
string
,
v
interface
{})
error
{
// Decrypt the token
ecsToken
,
err
:=
base64
.
StdEncoding
.
DecodeString
(
becsToken
)
if
err
!=
nil
{
...
...
@@ -167,6 +169,10 @@ func (m manager) unstoreData(becsToken string, v interface{}) error {
}
// Update the data
err
=
json
.
Unmarshal
(
token
.
Data
,
v
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"failed to unmarshall data"
)
}
// Return no error if everything is fine
return
nil
}
...
...
This diff is collapsed.
Click to expand it.
pkg/tokens/tokens_test.go
+
3
−
3
View file @
f6055194
...
...
@@ -43,14 +43,14 @@ func TestManagerCreateTokenUnStoreData(t *testing.T) {
}
for
_
,
tt
:=
range
tests
{
t
.
Run
(
tt
.
name
,
func
(
t
*
testing
.
T
)
{
m
:
=
manager
{
m
=
manager
{
key
:
tt
.
fields
.
encryptKey
,
debugMode
:
tt
.
fields
.
debugMode
,
}
token
,
_
:=
m
.
CreateToken
(
tt
.
args
.
data
,
tt
.
args
.
expiration
)
token
,
_
:=
CreateToken
(
tt
.
args
.
data
,
tt
.
args
.
expiration
)
m
.
key
=
tt
.
fields
.
decryptKey
v
:=
user
{}
err
:=
m
.
unstoreData
(
token
,
&
v
)
err
:=
unstoreData
(
token
,
&
v
)
got
:=
tt
.
args
.
data
==
v
if
(
err
!=
nil
)
!=
tt
.
wantErr
{
t
.
Errorf
(
"manager.(un)storeData() error = %v, wantErr %v"
,
err
,
tt
.
wantErr
)
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment