From d118cb7bbb0a71718ec33fb7060bee21e23b393c Mon Sep 17 00:00:00 2001
From: Joshua Carp <jm.carp@gmail.com>
Date: Sat, 7 Oct 2017 23:36:48 -0400
Subject: [PATCH] Drop deprecated MyUSA provider.
[Resolves #390]
---
README.md | 5 --
providers/internal_util.go | 5 ++
providers/myusa.go | 58 ---------------
providers/myusa_test.go | 141 -------------------------------------
providers/providers.go | 2 -
5 files changed, 5 insertions(+), 206 deletions(-)
delete mode 100644 providers/myusa.go
delete mode 100644 providers/myusa_test.go
diff --git a/README.md b/README.md
index 79de61e7..555e0676 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,6 @@ Valid providers are :
* [GitHub](#github-auth-provider)
* [GitLab](#gitlab-auth-provider)
* [LinkedIn](#linkedin-auth-provider)
-* [MyUSA](#myusa-auth-provider)
The provider can be selected using the `provider` configuration value.
@@ -129,10 +128,6 @@ For LinkedIn, the registration steps are:
3. Fill in the remaining required fields and Save.
4. Take note of the **Consumer Key / API Key** and **Consumer Secret / Secret Key**
-### MyUSA Auth Provider
-
-The [MyUSA](https://alpha.my.usa.gov) authentication service ([GitHub](https://github.com/18F/myusa))
-
### Microsoft Azure AD Provider
For adding an application to the Microsoft Azure AD follow [these steps to add an application](https://azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/).
diff --git a/providers/internal_util.go b/providers/internal_util.go
index b396993b..924d4119 100644
--- a/providers/internal_util.go
+++ b/providers/internal_util.go
@@ -72,3 +72,8 @@ func validateToken(p Provider, access_token string, header http.Header) bool {
log.Printf("token validation request failed: status %d - %s", resp.StatusCode, body)
return false
}
+
+func updateURL(url *url.URL, hostname string) {
+ url.Scheme = "http"
+ url.Host = hostname
+}
diff --git a/providers/myusa.go b/providers/myusa.go
deleted file mode 100644
index ae76d343..00000000
--- a/providers/myusa.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package providers
-
-import (
- "log"
- "net/http"
- "net/url"
-
- "github.com/bitly/oauth2_proxy/api"
-)
-
-type MyUsaProvider struct {
- *ProviderData
-}
-
-func NewMyUsaProvider(p *ProviderData) *MyUsaProvider {
- const myUsaHost string = "alpha.my.usa.gov"
-
- p.ProviderName = "MyUSA"
- if p.LoginURL.String() == "" {
- p.LoginURL = &url.URL{Scheme: "https",
- Host: myUsaHost,
- Path: "/oauth/authorize"}
- }
- if p.RedeemURL.String() == "" {
- p.RedeemURL = &url.URL{Scheme: "https",
- Host: myUsaHost,
- Path: "/oauth/token"}
- }
- if p.ProfileURL.String() == "" {
- p.ProfileURL = &url.URL{Scheme: "https",
- Host: myUsaHost,
- Path: "/api/v1/profile"}
- }
- if p.ValidateURL.String() == "" {
- p.ValidateURL = &url.URL{Scheme: "https",
- Host: myUsaHost,
- Path: "/api/v1/tokeninfo"}
- }
- if p.Scope == "" {
- p.Scope = "profile.email"
- }
- return &MyUsaProvider{ProviderData: p}
-}
-
-func (p *MyUsaProvider) GetEmailAddress(s *SessionState) (string, error) {
- req, err := http.NewRequest("GET",
- p.ProfileURL.String()+"?access_token="+s.AccessToken, nil)
- if err != nil {
- log.Printf("failed building request %s", err)
- return "", err
- }
- json, err := api.Request(req)
- if err != nil {
- log.Printf("failed making request %s", err)
- return "", err
- }
- return json.Get("email").String()
-}
diff --git a/providers/myusa_test.go b/providers/myusa_test.go
deleted file mode 100644
index d058845c..00000000
--- a/providers/myusa_test.go
+++ /dev/null
@@ -1,141 +0,0 @@
-package providers
-
-import (
- "net/http"
- "net/http/httptest"
- "net/url"
- "testing"
-
- "github.com/bmizerany/assert"
-)
-
-func updateURL(url *url.URL, hostname string) {
- url.Scheme = "http"
- url.Host = hostname
-}
-
-func testMyUsaProvider(hostname string) *MyUsaProvider {
- p := NewMyUsaProvider(
- &ProviderData{
- ProviderName: "",
- LoginURL: &url.URL{},
- RedeemURL: &url.URL{},
- ProfileURL: &url.URL{},
- ValidateURL: &url.URL{},
- Scope: ""})
- if hostname != "" {
- updateURL(p.Data().LoginURL, hostname)
- updateURL(p.Data().RedeemURL, hostname)
- updateURL(p.Data().ProfileURL, hostname)
- updateURL(p.Data().ValidateURL, hostname)
- }
- return p
-}
-
-func testMyUsaBackend(payload string) *httptest.Server {
- path := "/api/v1/profile"
- query := "access_token=imaginary_access_token"
-
- return httptest.NewServer(http.HandlerFunc(
- func(w http.ResponseWriter, r *http.Request) {
- url := r.URL
- if url.Path != path || url.RawQuery != query {
- w.WriteHeader(404)
- } else {
- w.WriteHeader(200)
- w.Write([]byte(payload))
- }
- }))
-}
-
-func TestMyUsaProviderDefaults(t *testing.T) {
- p := testMyUsaProvider("")
- assert.NotEqual(t, nil, p)
- assert.Equal(t, "MyUSA", p.Data().ProviderName)
- assert.Equal(t, "https://alpha.my.usa.gov/oauth/authorize",
- p.Data().LoginURL.String())
- assert.Equal(t, "https://alpha.my.usa.gov/oauth/token",
- p.Data().RedeemURL.String())
- assert.Equal(t, "https://alpha.my.usa.gov/api/v1/profile",
- p.Data().ProfileURL.String())
- assert.Equal(t, "https://alpha.my.usa.gov/api/v1/tokeninfo",
- p.Data().ValidateURL.String())
- assert.Equal(t, "profile.email", p.Data().Scope)
-}
-
-func TestMyUsaProviderOverrides(t *testing.T) {
- p := NewMyUsaProvider(
- &ProviderData{
- LoginURL: &url.URL{
- Scheme: "https",
- Host: "example.com",
- Path: "/oauth/auth"},
- RedeemURL: &url.URL{
- Scheme: "https",
- Host: "example.com",
- Path: "/oauth/token"},
- ProfileURL: &url.URL{
- Scheme: "https",
- Host: "example.com",
- Path: "/oauth/profile"},
- ValidateURL: &url.URL{
- Scheme: "https",
- Host: "example.com",
- Path: "/oauth/tokeninfo"},
- Scope: "profile"})
- assert.NotEqual(t, nil, p)
- assert.Equal(t, "MyUSA", p.Data().ProviderName)
- assert.Equal(t, "https://example.com/oauth/auth",
- p.Data().LoginURL.String())
- assert.Equal(t, "https://example.com/oauth/token",
- p.Data().RedeemURL.String())
- assert.Equal(t, "https://example.com/oauth/profile",
- p.Data().ProfileURL.String())
- assert.Equal(t, "https://example.com/oauth/tokeninfo",
- p.Data().ValidateURL.String())
- assert.Equal(t, "profile", p.Data().Scope)
-}
-
-func TestMyUsaProviderGetEmailAddress(t *testing.T) {
- b := testMyUsaBackend("{\"email\": \"michael.bland@gsa.gov\"}")
- defer b.Close()
-
- b_url, _ := url.Parse(b.URL)
- p := testMyUsaProvider(b_url.Host)
-
- session := &SessionState{AccessToken: "imaginary_access_token"}
- email, err := p.GetEmailAddress(session)
- assert.Equal(t, nil, err)
- assert.Equal(t, "michael.bland@gsa.gov", email)
-}
-
-// Note that trying to trigger the "failed building request" case is not
-// practical, since the only way it can fail is if the URL fails to parse.
-func TestMyUsaProviderGetEmailAddressFailedRequest(t *testing.T) {
- b := testMyUsaBackend("unused payload")
- defer b.Close()
-
- b_url, _ := url.Parse(b.URL)
- p := testMyUsaProvider(b_url.Host)
-
- // We'll trigger a request failure by using an unexpected access
- // token. Alternatively, we could allow the parsing of the payload as
- // JSON to fail.
- session := &SessionState{AccessToken: "unexpected_access_token"}
- email, err := p.GetEmailAddress(session)
- assert.NotEqual(t, nil, err)
- assert.Equal(t, "", email)
-}
-
-func TestMyUsaProviderGetEmailAddressEmailNotPresentInPayload(t *testing.T) {
- b := testMyUsaBackend("{\"foo\": \"bar\"}")
- defer b.Close()
-
- b_url, _ := url.Parse(b.URL)
- p := testMyUsaProvider(b_url.Host)
-
- session := &SessionState{AccessToken: "imaginary_access_token"}
- email, err := p.GetEmailAddress(session)
- assert.NotEqual(t, nil, err)
- assert.Equal(t, "", email)
-}
diff --git a/providers/providers.go b/providers/providers.go
index 3aa4f398..8a4e7caf 100644
--- a/providers/providers.go
+++ b/providers/providers.go
@@ -18,8 +18,6 @@ type Provider interface {
func New(provider string, p *ProviderData) Provider {
switch provider {
- case "myusa":
- return NewMyUsaProvider(p)
case "linkedin":
return NewLinkedInProvider(p)
case "facebook":