mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-01-10 04:18:14 +02:00
Merge pull request #1563 from oauth2-proxy/fix-profile-url
Ensure claim extractor does not attempt profile call when URL is empty
This commit is contained in:
commit
1578d90d0b
@ -9,6 +9,7 @@
|
||||
## Changes since v7.2.1
|
||||
|
||||
- [#1561](https://github.com/oauth2-proxy/oauth2-proxy/pull/1561) Add ppc64le support (@mgiessing)
|
||||
- [#1563](https://github.com/oauth2-proxy/oauth2-proxy/pull/1563) Ensure claim extractor does not attempt profile call when URL is empty (@JoelSpeed)
|
||||
- [#1560](https://github.com/oauth2-proxy/oauth2-proxy/pull/1560) Fix provider data initialisation (@JoelSpeed)
|
||||
- [#1555](https://github.com/oauth2-proxy/oauth2-proxy/pull/1555) Refactor provider configuration into providers package (@JoelSpeed)
|
||||
- [#1394](https://github.com/oauth2-proxy/oauth2-proxy/pull/1394) Add generic claim extractor to get claims from ID Tokens (@JoelSpeed)
|
||||
|
1
go.mod
1
go.mod
@ -61,7 +61,6 @@ require (
|
||||
github.com/prometheus/common v0.15.0 // indirect
|
||||
github.com/prometheus/procfs v0.2.0 // indirect
|
||||
github.com/spf13/afero v1.1.2 // indirect
|
||||
github.com/spf13/cast v1.3.0 // indirect
|
||||
github.com/spf13/jwalterweatherman v1.0.0 // indirect
|
||||
github.com/subosito/gotenv v1.2.0 // indirect
|
||||
github.com/vmihailenco/tagparser v0.1.1 // indirect
|
||||
|
@ -86,7 +86,7 @@ func (c *claimExtractor) GetClaim(claim string) (interface{}, bool, error) {
|
||||
// loadProfileClaims will fetch the profileURL using the provided headers as
|
||||
// authentication.
|
||||
func (c *claimExtractor) loadProfileClaims() (*simplejson.Json, error) {
|
||||
if c.profileURL == nil || c.requestHeaders == nil {
|
||||
if c.profileURL == nil || c.profileURL.String() == "" || c.requestHeaders == nil {
|
||||
// When no profileURL is set, we return a non-empty map so that
|
||||
// we don't attempt to populate the profile claims again.
|
||||
// If there are no headers, the request would be unauthorized so we also skip
|
||||
|
@ -259,6 +259,24 @@ var _ = Describe("Claim Extractor Suite", func() {
|
||||
Expect(counter).To(BeEquivalentTo(1))
|
||||
})
|
||||
|
||||
It("GetClaim should not return an error with a non-nil empty ProfileURL", func() {
|
||||
claims, serverClose, err := newTestClaimExtractor(testClaimExtractorOpts{
|
||||
idTokenPayload: "{}",
|
||||
profileRequestHeaders: newAuthorizedHeader(),
|
||||
})
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
if serverClose != nil {
|
||||
defer serverClose()
|
||||
}
|
||||
// Set the ProfileURL to be empty, but not nil
|
||||
claims.(*claimExtractor).profileURL = &url.URL{}
|
||||
|
||||
value, exists, err := claims.GetClaim("user")
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(exists).To(BeFalse())
|
||||
Expect(value).To(BeNil())
|
||||
})
|
||||
|
||||
type getClaimIntoTableInput struct {
|
||||
testClaimExtractorOpts
|
||||
into interface{}
|
||||
|
Loading…
Reference in New Issue
Block a user