nicolas
/
keycloak-client
mirror of https://github.com/nmasse-itix/keycloak-client.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

[CLOUDTRUST-1923] Fix panic if unknown issuer

master
harture 6 years ago
committed by GitHub
parent
837b7c8be1
commit
601fe352e1
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      issuer.go
  2. 6
      keycloak_client.go

15
issuer.go
View File

@ -2,6 +2,7 @@ package keycloak
import ( import (
"context" "context"
"errors"
"net/url" "net/url"
"regexp" "regexp"
"strings" "strings"
@ -12,12 +13,11 @@ import (
// IssuerManager provides URL according to a given context // IssuerManager provides URL according to a given context
type IssuerManager interface { type IssuerManager interface {
GetIssuer(ctx context.Context) OidcVerifierProvider GetIssuer(ctx context.Context) (OidcVerifierProvider, error)
} }
type issuerManager struct { type issuerManager struct {
domainToIssuer map[string]OidcVerifierProvider domainToIssuer map[string]OidcVerifierProvider
defaultIssuer OidcVerifierProvider
} }
func getProtocolAndDomain(URL string) string { func getProtocolAndDomain(URL string) string {
@ -44,7 +44,6 @@ func NewIssuerManager(config Config) (IssuerManager, error) {
} }
var domainToIssuer = make(map[string]OidcVerifierProvider) var domainToIssuer = make(map[string]OidcVerifierProvider)
var defaultIssuer OidcVerifierProvider
for _, value := range strings.Split(URLs, " ") { for _, value := range strings.Split(URLs, " ") {
uToken, err := url.Parse(value) uToken, err := url.Parse(value)
@ -53,23 +52,19 @@ func NewIssuerManager(config Config) (IssuerManager, error) {
} }
issuer := NewVerifierCache(uToken, cacheTTL, errTolerance) issuer := NewVerifierCache(uToken, cacheTTL, errTolerance)
domainToIssuer[getProtocolAndDomain(value)] = issuer domainToIssuer[getProtocolAndDomain(value)] = issuer
if domainToIssuer == nil {
defaultIssuer = issuer
}
} }
return &issuerManager{ return &issuerManager{
domainToIssuer: domainToIssuer, domainToIssuer: domainToIssuer,
defaultIssuer: defaultIssuer,
}, nil }, nil
} }
func (im *issuerManager) GetIssuer(ctx context.Context) OidcVerifierProvider { func (im *issuerManager) GetIssuer(ctx context.Context) (OidcVerifierProvider, error) {
if rawValue := ctx.Value(cs.CtContextIssuerDomain); rawValue != nil { if rawValue := ctx.Value(cs.CtContextIssuerDomain); rawValue != nil {
// The issuer domain has been found in the context // The issuer domain has been found in the context
issuerDomain := getProtocolAndDomain(rawValue.(string)) issuerDomain := getProtocolAndDomain(rawValue.(string))
if issuer, ok := im.domainToIssuer[issuerDomain]; ok { if issuer, ok := im.domainToIssuer[issuerDomain]; ok {
return issuer return issuer, nil
} }
} }
return im.defaultIssuer return nil, errors.New("Unknown issuer")
} }

6
keycloak_client.go
View File

@ -140,7 +140,11 @@ func (c *Client) GetToken(realm string, username string, password string) (strin
// VerifyToken verifies a token. It returns an error it is malformed, expired,... // VerifyToken verifies a token. It returns an error it is malformed, expired,...
func (c *Client) VerifyToken(ctx context.Context, realmName string, accessToken string) error { func (c *Client) VerifyToken(ctx context.Context, realmName string, accessToken string) error {
issuer := c.issuerManager.GetIssuer(ctx) issuer, err := c.issuerManager.GetIssuer(ctx)
if err != nil {
return err
}
verifier, err := issuer.GetOidcVerifier(realmName) verifier, err := issuer.GetOidcVerifier(realmName)
if err != nil { if err != nil {
return err return err

Write Preview
Loading…
Cancel
Save