From 362d99202c325e6c865f62289e798c0b62843e23 Mon Sep 17 00:00:00 2001 From: Henning Perl Date: Fri, 15 Dec 2023 14:40:47 +0100 Subject: [PATCH] fix: handle token hook auth config --- .github/workflows/ci.yaml | 2 +- driver/config/provider.go | 10 +++++++--- driver/config/provider_test.go | 23 +++++++++++++++-------- go.mod | 2 +- go.sum | 2 ++ oauth2/oauth2_auth_code_test.go | 8 ++++++-- oauth2/oauth2_client_credentials_test.go | 8 ++++++-- oauth2/token_hook.go | 15 +++------------ 8 files changed, 41 insertions(+), 29 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 76c7b32da18..c9672ccffc6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -94,7 +94,7 @@ jobs: GOGC: 100 with: args: --timeout 10m0s - version: v1.53.2 + version: v1.53.3 skip-pkg-cache: true - name: Run go-acc (tests) run: | diff --git a/driver/config/provider.go b/driver/config/provider.go index abacc3e4394..ba1869498fe 100644 --- a/driver/config/provider.go +++ b/driver/config/provider.go @@ -5,7 +5,6 @@ package config import ( "context" - "encoding/json" "fmt" "net/http" "net/url" @@ -482,8 +481,13 @@ func (p *DefaultProvider) AccessTokenStrategy(ctx context.Context, additionalSou type ( Auth struct { - Type string `json:"type"` - Config json.RawMessage `json:"config"` + Type string `json:"type"` + Config AuthConfig `json:"config"` + } + AuthConfig struct { + In string `json:"in"` + Name string `json:"name"` + Value string `json:"value"` } HookConfig struct { URL string `json:"url"` diff --git a/driver/config/provider_test.go b/driver/config/provider_test.go index 1b175aa919b..8e5c44a9e2e 100644 --- a/driver/config/provider_test.go +++ b/driver/config/provider_test.go @@ -443,18 +443,25 @@ func TestHookConfigs(t *testing.T) { require.NotNil(t, hc) assert.EqualValues(t, "http://localhost:8080/hook", hc.URL) - c.MustSet(ctx, key, map[string]any{ - "url": "http://localhost:8080/hook2", - "auth": map[string]any{ - "type": "api_key", - "config": json.RawMessage(`{"in":"header","name":"my-header","value":"my-value"}`), - }, - }) + c.MustSet(ctx, key, ` +{ + "url": "http://localhost:8080/hook2", + "auth": { + "type": "api_key", + "config": { + "in": "header", + "name": "my-header", + "value": "my-value" + } + } +}`) hc = getFunc(ctx) require.NotNil(t, hc) assert.EqualValues(t, "http://localhost:8080/hook2", hc.URL) assert.EqualValues(t, "api_key", hc.Auth.Type) - assert.JSONEq(t, `{"in":"header","name":"my-header","value":"my-value"}`, string(hc.Auth.Config)) + rawConfig, err := json.Marshal(hc.Auth.Config) + require.NoError(t, err) + assert.JSONEq(t, `{"in":"header","name":"my-header","value":"my-value"}`, string(rawConfig)) } } diff --git a/go.mod b/go.mod index a39bdcd2a0f..bcb1847b918 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 github.com/oleiade/reflections v1.0.1 github.com/ory/analytics-go/v5 v5.0.1 - github.com/ory/fosite v0.44.1-0.20231213153202-0d631f345034 + github.com/ory/fosite v0.44.1-0.20231218095112-ac9ae4bd99d7 github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe github.com/ory/graceful v0.1.3 github.com/ory/herodot v0.10.3-0.20230626083119-d7e5192f0d88 diff --git a/go.sum b/go.sum index f72289a310d..33c1a3d331e 100644 --- a/go.sum +++ b/go.sum @@ -591,6 +591,8 @@ github.com/ory/fosite v0.44.1-0.20230807113540-d4605bb2b3a6 h1:pJLf9Gx4CfhE+M0lP github.com/ory/fosite v0.44.1-0.20230807113540-d4605bb2b3a6/go.mod h1:fkMPsnm/UjiefE9dE9CdZQGOH48TWJLIzUcdGIXg8Kk= github.com/ory/fosite v0.44.1-0.20231213153202-0d631f345034 h1:0afOTtuICtxga4Ni/PLQwsr45I0jAzsYXg/MaCoXFQs= github.com/ory/fosite v0.44.1-0.20231213153202-0d631f345034/go.mod h1:fkMPsnm/UjiefE9dE9CdZQGOH48TWJLIzUcdGIXg8Kk= +github.com/ory/fosite v0.44.1-0.20231218095112-ac9ae4bd99d7 h1:EZEUk9sdC9cIKSqXipBz4eO84byOLLeVUnptgX7QFvM= +github.com/ory/fosite v0.44.1-0.20231218095112-ac9ae4bd99d7/go.mod h1:fkMPsnm/UjiefE9dE9CdZQGOH48TWJLIzUcdGIXg8Kk= github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe h1:rvu4obdvqR0fkSIJ8IfgzKOWwZ5kOT2UNfLq81Qk7rc= github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe/go.mod h1:z4n3u6as84LbV4YmgjHhnwtccQqzf4cZlSk9f1FhygI= github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTsTS8= diff --git a/oauth2/oauth2_auth_code_test.go b/oauth2/oauth2_auth_code_test.go index f76712c8114..69e9d42e427 100644 --- a/oauth2/oauth2_auth_code_test.go +++ b/oauth2/oauth2_auth_code_test.go @@ -1006,8 +1006,12 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) { reg.Config().MustSet(ctx, config.KeyTokenHook, &config.HookConfig{ URL: hs.URL, Auth: &config.Auth{ - Type: "api_key", - Config: json.RawMessage(`{"in": "header", "name": "Authorization", "value": "Bearer secret value"}`), + Type: "api_key", + Config: config.AuthConfig{ + In: "header", + Name: "Authorization", + Value: "Bearer secret value", + }, }, }) diff --git a/oauth2/oauth2_client_credentials_test.go b/oauth2/oauth2_client_credentials_test.go index 34b260dc2b6..40696ac1238 100644 --- a/oauth2/oauth2_client_credentials_test.go +++ b/oauth2/oauth2_client_credentials_test.go @@ -290,8 +290,12 @@ func TestClientCredentials(t *testing.T) { reg.Config().MustSet(ctx, config.KeyTokenHook, &config.HookConfig{ URL: hs.URL, Auth: &config.Auth{ - Type: "api_key", - Config: json.RawMessage(`{"in": "header", "name": "Authorization", "value": "Bearer secret value"}`), + Type: "api_key", + Config: config.AuthConfig{ + In: "header", + Name: "Authorization", + Value: "Bearer secret value", + }, }, }) diff --git a/oauth2/token_hook.go b/oauth2/token_hook.go index 377d15d0004..d32cadd7e4d 100644 --- a/oauth2/token_hook.go +++ b/oauth2/token_hook.go @@ -71,20 +71,11 @@ func applyAuth(req *retryablehttp.Request, auth *config.Auth) error { switch auth.Type { case "api_key": - c := struct { - In string `json:"in"` - Name string `json:"name"` - Value string `json:"value"` - }{} - if err := json.Unmarshal(auth.Config, &c); err != nil { - return err - } - - switch c.In { + switch auth.Config.In { case "header": - req.Header.Set(c.Name, c.Value) + req.Header.Set(auth.Config.Name, auth.Config.Value) case "cookie": - req.AddCookie(&http.Cookie{Name: c.Name, Value: c.Value}) + req.AddCookie(&http.Cookie{Name: auth.Config.Name, Value: auth.Config.Value}) } default: return errors.Errorf("unsupported auth type %q", auth.Type)