Skip to content

Commit

Permalink
Add common token fields to OIDC login response (#67)
Browse files Browse the repository at this point in the history
This PR also reduces the chance of "too many open files" errors during
tests by closing httptest servers.

Fixes #66
  • Loading branch information
Jim Kalafut authored Aug 15, 2019
1 parent 5e4c92d commit 5fa0eef
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 23 deletions.
20 changes: 18 additions & 2 deletions path_login_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,17 @@ type testConfig struct {
groupsClaim string
}

func setupBackend(t *testing.T, cfg testConfig) (logical.Backend, logical.Storage) {
type closeableBackend struct {
logical.Backend

closeServerFunc func()
}

func setupBackend(t *testing.T, cfg testConfig) (closeableBackend, logical.Storage) {
cb := closeableBackend{
closeServerFunc: func() {},
}

b, storage := getBackend(t)

if cfg.groupsClaim == "" {
Expand All @@ -53,6 +63,8 @@ func setupBackend(t *testing.T, cfg testConfig) (logical.Backend, logical.Storag
}
} else {
p := newOIDCProvider(t)
cb.closeServerFunc = p.server.Close

cert, err := p.getTLSCert()
if err != nil {
t.Fatal(err)
Expand Down Expand Up @@ -124,7 +136,9 @@ func setupBackend(t *testing.T, cfg testConfig) (logical.Backend, logical.Storag
t.Fatalf("err:%s resp:%#v\n", err, resp)
}

return b, storage
cb.Backend = b

return cb, storage
}

func getTestJWT(t *testing.T, privKey string, cl jwt.Claims, privateCl interface{}) (string, *ecdsa.PrivateKey) {
Expand Down Expand Up @@ -852,6 +866,7 @@ func testLogin_ExpiryClaims(t *testing.T, jwks bool) {
} else if !tt.Valid && !resp.IsError() {
t.Fatalf("[test %d: %s jws: %v] expected token expired error, got : %v", i, tt.Context, tt.JWKS, *resp)
}
b.closeServerFunc()
}
}

Expand Down Expand Up @@ -929,6 +944,7 @@ func testLogin_NotBeforeClaims(t *testing.T, jwks bool) {
} else if !tt.Valid && !resp.IsError() {
t.Fatalf("[test %d: %s jws: %v] expected token not valid yet error, got : %v", i, tt.Context, *resp, tt.JWKS)
}
b.closeServerFunc()
}
}

Expand Down
40 changes: 22 additions & 18 deletions path_oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -199,25 +199,29 @@ func (b *jwtAuthBackend) pathCallback(ctx context.Context, req *logical.Request,
tokenMetadata[k] = v
}

resp := &logical.Response{
Auth: &logical.Auth{
Policies: role.Policies,
DisplayName: alias.Name,
Period: role.Period,
NumUses: role.NumUses,
Alias: alias,
GroupAliases: groupAliases,
InternalData: map[string]interface{}{
"role": roleName,
},
Metadata: tokenMetadata,
LeaseOptions: logical.LeaseOptions{
Renewable: true,
TTL: role.TTL,
MaxTTL: role.MaxTTL,
},
BoundCIDRs: role.BoundCIDRs,
auth := &logical.Auth{
Policies: role.Policies,
DisplayName: alias.Name,
Period: role.Period,
NumUses: role.NumUses,
Alias: alias,
GroupAliases: groupAliases,
InternalData: map[string]interface{}{
"role": roleName,
},
Metadata: tokenMetadata,
LeaseOptions: logical.LeaseOptions{
Renewable: true,
TTL: role.TTL,
MaxTTL: role.MaxTTL,
},
BoundCIDRs: role.BoundCIDRs,
}

role.PopulateTokenAuth(auth)

resp := &logical.Response{
Auth: auth,
}

return resp, nil
Expand Down
8 changes: 5 additions & 3 deletions path_oidc_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,7 @@ func TestOIDC_Callback(t *testing.T) {
"color": "green",
"size": "medium",
},
NumUses: 10,
}
if useBoundCIDRs {
sock, err := sockaddr.NewSockAddr("127.0.0.42")
Expand Down Expand Up @@ -896,9 +897,10 @@ func getBackendAndServer(t *testing.T, boundCIDRs bool) (logical.Backend, logica
"COLOR": "color",
"/nested/Size": "size",
},
"groups_claim": "/nested/Groups",
"ttl": "3m",
"max_ttl": "5m",
"groups_claim": "/nested/Groups",
"token_ttl": "3m",
"token_num_uses": 10,
"max_ttl": "5m",
"bound_claims": map[string]interface{}{
"password": "foo",
"sk": "42",
Expand Down

0 comments on commit 5fa0eef

Please sign in to comment.