go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-28 09:08:44 +02:00
Code Issues Releases Activity

Ensure claim extractor does not attempt profile call when URL is empty

Browse Source
This commit is contained in:
Joel Speed 2022-02-18 14:09:07 +00:00
parent 07aba7db09
commit 25ef843115
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB
3 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -9,6 +9,7 @@
## Changes since v7.2.1
- [#1561](https://github.com/oauth2-proxy/oauth2-proxy/pull/1561) Add ppc64le support (@mgiessing)
- [#1563](https://github.com/oauth2-proxy/oauth2-proxy/pull/1563) Ensure claim extractor does not attempt profile call when URL is empty (@JoelSpeed)
- [#1560](https://github.com/oauth2-proxy/oauth2-proxy/pull/1560) Fix provider data initialisation (@JoelSpeed)
- [#1555](https://github.com/oauth2-proxy/oauth2-proxy/pull/1555) Refactor provider configuration into providers package (@JoelSpeed)
- [#1394](https://github.com/oauth2-proxy/oauth2-proxy/pull/1394) Add generic claim extractor to get claims from ID Tokens (@JoelSpeed)

2
pkg/providers/util/claim_extractor.go
View File

@ -86,7 +86,7 @@ func (c *claimExtractor) GetClaim(claim string) (interface{}, bool, error) {
// loadProfileClaims will fetch the profileURL using the provided headers as
// authentication.
func (c *claimExtractor) loadProfileClaims() (*simplejson.Json, error) {
if c.profileURL == nil || c.requestHeaders == nil {
if c.profileURL == nil || c.profileURL.String() == "" || c.requestHeaders == nil {
// When no profileURL is set, we return a non-empty map so that
// we don't attempt to populate the profile claims again.
// If there are no headers, the request would be unauthorized so we also skip

18
pkg/providers/util/claim_extractor_test.go
View File

@ -259,6 +259,24 @@ var _ = Describe("Claim Extractor Suite", func() {
Expect(counter).To(BeEquivalentTo(1))
})
It("GetClaim should not return an error with a non-nil empty ProfileURL", func() {
claims, serverClose, err := newTestClaimExtractor(testClaimExtractorOpts{
idTokenPayload: "{}",
profileRequestHeaders: newAuthorizedHeader(),
})
Expect(err).ToNot(HaveOccurred())
if serverClose != nil {
defer serverClose()
}
// Set the ProfileURL to be empty, but not nil
claims.(*claimExtractor).profileURL = &url.URL{}
value, exists, err := claims.GetClaim("user")
Expect(err).ToNot(HaveOccurred())
Expect(exists).To(BeFalse())
Expect(value).To(BeNil())
})
type getClaimIntoTableInput struct {
testClaimExtractorOpts
into interface{}