nicolas
/
keycloak-client
mirror of https://github.com/nmasse-itix/keycloak-client.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

[CLOUDTRUST-1923] Fix panic if unknown issuer

master
harture 6 years ago
committed by GitHub
parent
837b7c8be1
commit
601fe352e1
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      issuer.go
  2. 6
      keycloak_client.go

15
issuer.go
View File

@ -2,6 +2,7 @@ package keycloak
import (
"context"
"errors"
"net/url"
"regexp"
"strings"
@ -12,12 +13,11 @@ import (
// IssuerManager provides URL according to a given context
type IssuerManager interface {
GetIssuer(ctx context.Context) OidcVerifierProvider
GetIssuer(ctx context.Context) (OidcVerifierProvider, error)
}
type issuerManager struct {
domainToIssuer map[string]OidcVerifierProvider
defaultIssuer OidcVerifierProvider
}
func getProtocolAndDomain(URL string) string {
@ -44,7 +44,6 @@ func NewIssuerManager(config Config) (IssuerManager, error) {
}
var domainToIssuer = make(map[string]OidcVerifierProvider)
var defaultIssuer OidcVerifierProvider
for _, value := range strings.Split(URLs, " ") {
uToken, err := url.Parse(value)
@ -53,23 +52,19 @@ func NewIssuerManager(config Config) (IssuerManager, error) {
}
issuer := NewVerifierCache(uToken, cacheTTL, errTolerance)
domainToIssuer[getProtocolAndDomain(value)] = issuer
if domainToIssuer == nil {
defaultIssuer = issuer
}
}
return &issuerManager{
domainToIssuer: domainToIssuer,
defaultIssuer: defaultIssuer,
}, nil
}
func (im *issuerManager) GetIssuer(ctx context.Context) OidcVerifierProvider {
func (im *issuerManager) GetIssuer(ctx context.Context) (OidcVerifierProvider, error) {
if rawValue := ctx.Value(cs.CtContextIssuerDomain); rawValue != nil {
// The issuer domain has been found in the context
issuerDomain := getProtocolAndDomain(rawValue.(string))
if issuer, ok := im.domainToIssuer[issuerDomain]; ok {
return issuer
return issuer, nil
}
}
return im.defaultIssuer
return nil, errors.New("Unknown issuer")
}

6
keycloak_client.go
View File

@ -140,7 +140,11 @@ func (c *Client) GetToken(realm string, username string, password string) (strin
// VerifyToken verifies a token. It returns an error it is malformed, expired,...
func (c *Client) VerifyToken(ctx context.Context, realmName string, accessToken string) error {
issuer := c.issuerManager.GetIssuer(ctx)
issuer, err := c.issuerManager.GetIssuer(ctx)
if err != nil {
return err
}
verifier, err := issuer.GetOidcVerifier(realmName)
if err != nil {
return err

Write Preview
Loading…
Cancel
Save