github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-16 20:38:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: Update github.com/zitadel/oidc v1 to v3 (#2585)

Browse Source 
Also removes dependency on gopkg.in/square/go-jose.v2

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
This commit is contained in:
Andrei Aaron
2024-08-05 19:11:00 +03:00
committed by GitHub
parent fa4b69954d
commit 2dea22f74a
7 changed files with 44 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/authn.go
+6 -6
View File
@@ -25,9 +25,9 @@ import (
"github.com/gorilla/securecookie"
"github.com/gorilla/sessions"
godigest "github.com/opencontainers/go-digest"
"github.com/zitadel/oidc/pkg/client/rp"
httphelper "github.com/zitadel/oidc/pkg/http"
"github.com/zitadel/oidc/pkg/oidc"
"github.com/zitadel/oidc/v3/pkg/client/rp"
httphelper "github.com/zitadel/oidc/v3/pkg/http"
"github.com/zitadel/oidc/v3/pkg/oidc"
"golang.org/x/crypto/bcrypt"
"golang.org/x/oauth2"
githubOAuth "golang.org/x/oauth2/github"
@@ -334,7 +334,7 @@ func (amw *AuthnMiddleware) tryAuthnHandlers(ctlr *Controller) mux.MiddlewareFun
for provider := range ctlr.Config.HTTP.Auth.OpenID.Providers {
if config.IsOpenIDSupported(provider) {
rp := NewRelyingPartyOIDC(ctlr.Config, provider, ctlr.Log)
rp := NewRelyingPartyOIDC(context.TODO(), ctlr.Config, provider, ctlr.Log)
ctlr.RelyingParties[provider] = rp
} else if config.IsOauth2Supported(provider) {
rp := NewRelyingPartyGithub(ctlr.Config, provider, ctlr.Log)
@@ -610,10 +610,10 @@ func (rh *RouteHandler) AuthURLHandler() http.HandlerFunc {
}
}
func NewRelyingPartyOIDC(config *config.Config, provider string, log log.Logger) rp.RelyingParty {
func NewRelyingPartyOIDC(ctx context.Context, config *config.Config, provider string, log log.Logger) rp.RelyingParty {
issuer, clientID, clientSecret, redirectURI, scopes, options := getRelyingPartyArgs(config, provider, log)
relyingParty, err := rp.NewRelyingPartyOIDC(issuer, clientID, clientSecret, redirectURI, scopes, options...)
relyingParty, err := rp.NewRelyingPartyOIDC(ctx, issuer, clientID, clientSecret, redirectURI, scopes, options...)
if err != nil {
log.Panic().Err(err).Str("issuer", issuer).Str("redirectURI", redirectURI).Strs("scopes", scopes).
Msg("failed to get new relying party oicd")
pkg/api/controller.go
+1 -1
View File
@@ -15,7 +15,7 @@ import (
"time"
"github.com/gorilla/mux"
"github.com/zitadel/oidc/pkg/client/rp"
"github.com/zitadel/oidc/v3/pkg/client/rp"
"zotregistry.dev/zot/errors"
"zotregistry.dev/zot/pkg/api/config"
pkg/api/controller_test.go
+6 -5
View File
@@ -4068,6 +4068,7 @@ func TestBearerAuthWithAllowReadAccess(t *testing.T) {
func TestNewRelyingPartyOIDC(t *testing.T) {
Convey("Test NewRelyingPartyOIDC", t, func() {
conf := config.New()
ctx := context.Background()
mockOIDCServer, err := authutils.MockOIDCRun()
if err != nil {
@@ -4098,7 +4099,7 @@ func TestNewRelyingPartyOIDC(t *testing.T) {
}
Convey("provider not found in config", func() {
So(func() { _ = api.NewRelyingPartyOIDC(conf, "notDex", log.NewLogger("debug", "")) }, ShouldPanic)
So(func() { _ = api.NewRelyingPartyOIDC(ctx, conf, "notDex", log.NewLogger("debug", "")) }, ShouldPanic)
})
Convey("key path not found on disk", func() {
@@ -4106,7 +4107,7 @@ func TestNewRelyingPartyOIDC(t *testing.T) {
oidcProviderCfg.KeyPath = "path/to/file"
conf.HTTP.Auth.OpenID.Providers["oidc"] = oidcProviderCfg
So(func() { _ = api.NewRelyingPartyOIDC(conf, "oidc", log.NewLogger("debug", "")) }, ShouldPanic)
So(func() { _ = api.NewRelyingPartyOIDC(ctx, conf, "oidc", log.NewLogger("debug", "")) }, ShouldPanic)
})
Convey("https callback", func() {
@@ -4115,7 +4116,7 @@ func TestNewRelyingPartyOIDC(t *testing.T) {
Key: ServerKey,
}
rp := api.NewRelyingPartyOIDC(conf, "oidc", log.NewLogger("debug", ""))
rp := api.NewRelyingPartyOIDC(ctx, conf, "oidc", log.NewLogger("debug", ""))
So(rp, ShouldNotBeNil)
})
@@ -4124,7 +4125,7 @@ func TestNewRelyingPartyOIDC(t *testing.T) {
oidcProvider.ClientSecret = ""
conf.HTTP.Auth.OpenID.Providers["oidc"] = oidcProvider
rp := api.NewRelyingPartyOIDC(conf, "oidc", log.NewLogger("debug", ""))
rp := api.NewRelyingPartyOIDC(ctx, conf, "oidc", log.NewLogger("debug", ""))
So(rp, ShouldNotBeNil)
})
@@ -4133,7 +4134,7 @@ func TestNewRelyingPartyOIDC(t *testing.T) {
oidcProvider.Issuer = ""
conf.HTTP.Auth.OpenID.Providers["oidc"] = oidcProvider
So(func() { _ = api.NewRelyingPartyOIDC(conf, "oidc", log.NewLogger("debug", "")) }, ShouldPanic)
So(func() { _ = api.NewRelyingPartyOIDC(ctx, conf, "oidc", log.NewLogger("debug", "")) }, ShouldPanic)
})
})
}
pkg/api/routes.go
+12 -9
View File
@@ -29,8 +29,8 @@ import (
"github.com/opencontainers/distribution-spec/specs-go/v1/extensions"
godigest "github.com/opencontainers/go-digest"
ispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/zitadel/oidc/pkg/client/rp"
"github.com/zitadel/oidc/pkg/oidc"
"github.com/zitadel/oidc/v3/pkg/client/rp"
"github.com/zitadel/oidc/v3/pkg/oidc"
zerr "zotregistry.dev/zot/errors"
"zotregistry.dev/zot/pkg/api/config"
@@ -1873,9 +1873,9 @@ func (rh *RouteHandler) Logout(response http.ResponseWriter, request *http.Reque
}
// github Oauth2 CodeExchange callback.
func (rh *RouteHandler) GithubCodeExchangeCallback() rp.CodeExchangeCallback {
func (rh *RouteHandler) GithubCodeExchangeCallback() rp.CodeExchangeCallback[*oidc.IDTokenClaims] {
return func(w http.ResponseWriter, r *http.Request,
tokens *oidc.Tokens, state string, relyingParty rp.RelyingParty,
tokens *oidc.Tokens[*oidc.IDTokenClaims], state string, relyingParty rp.RelyingParty,
) {
ctx := r.Context()
@@ -1908,11 +1908,14 @@ func (rh *RouteHandler) GithubCodeExchangeCallback() rp.CodeExchangeCallback {
}
// Openid CodeExchange callback.
func (rh *RouteHandler) OpenIDCodeExchangeCallback() rp.CodeExchangeUserinfoCallback {
return func(w http.ResponseWriter, r *http.Request, tokens *oidc.Tokens, state string,
relyingParty rp.RelyingParty, info oidc.UserInfo,
func (rh *RouteHandler) OpenIDCodeExchangeCallback() rp.CodeExchangeUserinfoCallback[
*oidc.IDTokenClaims,
*oidc.UserInfo,
] {
return func(w http.ResponseWriter, r *http.Request, tokens *oidc.Tokens[*oidc.IDTokenClaims], state string,
relyingParty rp.RelyingParty, info *oidc.UserInfo,
) {
email := info.GetEmail()
email := info.UserInfoEmail.Email
if email == "" {
rh.c.Log.Error().Msg("failed to set user record for empty email value")
w.WriteHeader(http.StatusUnauthorized)
@@ -1922,7 +1925,7 @@ func (rh *RouteHandler) OpenIDCodeExchangeCallback() rp.CodeExchangeUserinfoCall
var groups []string
val, ok := info.GetClaim("groups").([]interface{})
val, ok := info.Claims["groups"].([]interface{})
if !ok {
rh.c.Log.Info().Msgf("failed to find any 'groups' claim for user %s", email)
}
pkg/api/routes_test.go
+3 -3
View File
@@ -19,8 +19,8 @@ import (
ispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/project-zot/mockoidc"
. "github.com/smartystreets/goconvey/convey"
"github.com/zitadel/oidc/pkg/client/rp"
"github.com/zitadel/oidc/pkg/oidc"
"github.com/zitadel/oidc/v3/pkg/client/rp"
"github.com/zitadel/oidc/v3/pkg/oidc"
"golang.org/x/oauth2"
zerr "zotregistry.dev/zot/errors"
@@ -105,7 +105,7 @@ func TestRoutes(t *testing.T) {
request, _ := http.NewRequestWithContext(ctx, http.MethodGet, baseURL, nil)
response := httptest.NewRecorder()
tokens := &oidc.Tokens{}
tokens := &oidc.Tokens[*oidc.IDTokenClaims]{}
relyingParty, err := rp.NewRelyingPartyOAuth(&oauth2.Config{})
So(err, ShouldBeNil)