go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-04-25 12:24:41 +02:00
Code Issues Releases Activity

Implement ValidateSessionState for GitHubProvider (#385)

Browse Source 
Refactors the setting of the Authorization header into getGitHubHeader.

Refs #382

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
This commit is contained in:
Iain Buclaw 2020-02-15 16:11:14 +01:00 committed by GitHub
parent 7a6204c8fd
commit 2033ce81c3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -9,6 +9,7 @@
## Changes since v5.0.0 ## Changes since v5.0.0
- [#385](https://github.com/pusher/oauth2_proxy/pull/385) Use the `Authorization` header instead of `access_token` for refreshing GitHub Provider sessions (@ibuclaw)
- [#372](https://github.com/pusher/oauth2_proxy/pull/372) Allow fallback to secondary verified email address in GitHub provider (@dmnemec) - [#372](https://github.com/pusher/oauth2_proxy/pull/372) Allow fallback to secondary verified email address in GitHub provider (@dmnemec)
- [#335](https://github.com/pusher/oauth2_proxy/pull/335) OIDC Provider support for empty id_tokens in the access token refresh response (@howzat) - [#335](https://github.com/pusher/oauth2_proxy/pull/335) OIDC Provider support for empty id_tokens in the access token refresh response (@howzat)
- [#363](https://github.com/pusher/oauth2_proxy/pull/363) Extension of Redis Session Store to Support Redis Cluster (@yan-dblinf) - [#363](https://github.com/pusher/oauth2_proxy/pull/363) Extension of Redis Session Store to Support Redis Cluster (@yan-dblinf)

22
providers/github.go
View File

@ -53,6 +53,13 @@ func NewGitHubProvider(p *ProviderData) *GitHubProvider {
return &GitHubProvider{ProviderData: p} return &GitHubProvider{ProviderData: p}
} }
func getGitHubHeader(accessToken string) http.Header {
header := make(http.Header)
header.Set("Accept", "application/vnd.github.v3+json")
header.Set("Authorization", fmt.Sprintf("token %s", accessToken))
return header
}
// SetOrgTeam adds GitHub org reading parameters to the OAuth2 scope // SetOrgTeam adds GitHub org reading parameters to the OAuth2 scope
func (p *GitHubProvider) SetOrgTeam(org, team string) { func (p *GitHubProvider) SetOrgTeam(org, team string) {
p.Org = org p.Org = org
@ -87,8 +94,7 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {
RawQuery: params.Encode(), RawQuery: params.Encode(),
} }
req, _ := http.NewRequest("GET", endpoint.String(), nil) req, _ := http.NewRequest("GET", endpoint.String(), nil)
req.Header.Set("Accept", "application/vnd.github.v3+json") req.Header = getGitHubHeader(accessToken)
req.Header.Set("Authorization", fmt.Sprintf("token %s", accessToken))
resp, err := http.DefaultClient.Do(req) resp, err := http.DefaultClient.Do(req)
if err != nil { if err != nil {
return false, err return false, err
@ -164,8 +170,7 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
} }
req, _ := http.NewRequest("GET", endpoint.String(), nil) req, _ := http.NewRequest("GET", endpoint.String(), nil)
req.Header.Set("Accept", "application/vnd.github.v3+json") req.Header = getGitHubHeader(accessToken)
req.Header.Set("Authorization", fmt.Sprintf("token %s", accessToken))
resp, err := http.DefaultClient.Do(req) resp, err := http.DefaultClient.Do(req)
if err != nil { if err != nil {
return false, err return false, err
@ -283,7 +288,7 @@ func (p *GitHubProvider) GetEmailAddress(s *sessions.SessionState) (string, erro
Path: path.Join(p.ValidateURL.Path, "/user/emails"), Path: path.Join(p.ValidateURL.Path, "/user/emails"),
} }
req, _ := http.NewRequest("GET", endpoint.String(), nil) req, _ := http.NewRequest("GET", endpoint.String(), nil)
req.Header.Set("Authorization", fmt.Sprintf("token %s", s.AccessToken)) req.Header = getGitHubHeader(s.AccessToken)
resp, err := http.DefaultClient.Do(req) resp, err := http.DefaultClient.Do(req)
if err != nil { if err != nil {
return "", err return "", err
@ -336,7 +341,7 @@ func (p *GitHubProvider) GetUserName(s *sessions.SessionState) (string, error) {
return "", fmt.Errorf("could not create new GET request: %v", err) return "", fmt.Errorf("could not create new GET request: %v", err)
} }
req.Header.Set("Authorization", fmt.Sprintf("token %s", s.AccessToken)) req.Header = getGitHubHeader(s.AccessToken)
resp, err := http.DefaultClient.Do(req) resp, err := http.DefaultClient.Do(req)
if err != nil { if err != nil {
return "", err return "", err
@ -361,3 +366,8 @@ func (p *GitHubProvider) GetUserName(s *sessions.SessionState) (string, error) {
return user.Login, nil return user.Login, nil
} }
// ValidateSessionState validates the AccessToken
func (p *GitHubProvider) ValidateSessionState(s *sessions.SessionState) bool {
return validateToken(p, s.AccessToken, getGitHubHeader(s.AccessToken))
}