Skip to content

Commit

Permalink
Propagate context in jwt strategies (ory#308)
Browse files Browse the repository at this point in the history 
Closes ory#307

Signed-off-by: Prateek Malhotra <[email protected]>

dep: add forked version of fosite for integration test
  • Loading branch information
@someone1 @yaosiang
someone1 authored and yaosiang committed Oct 8, 2018
1 parent 499af11 commit dc44df6
Show file tree
Hide file tree
Showing 10 changed files with 57 additions and 20 deletions.
5 changes: 5 additions & 0 deletions Gopkg.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,11 @@
name = "github.com/oleiade/reflections"
version = "1.0.0"

[[constraint]]
name = "github.com/ory/fosite"
source = "github.com/104corp/fosite"
branch = "master"

[[constraint]]
name = "github.com/parnurzeal/gorequest"
version = "0.2.15"
Expand Down
36 changes: 34 additions & 2 deletions HISTORY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,15 @@ bumps (`0.1.0` -> `0.2.0`).
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->


- [0.23.0](#0230)
- [0.24.0](#0240)
- [Breaking change(s)](#breaking-changes)
- [`fosite/handler/oauth2.JWTStrategy`](#fositehandleroauth2jwtstrategy)
- [`OpenIDConnectRequestValidator.ValidatePrompt`](#openidconnectrequestvalidatorvalidateprompt)
- [0.23.0](#0230)
- [Breaking change(s)](#breaking-changes-1)
- [`Hasher`](#hasher)
- [0.22.0](#0220)
- [Breaking change(s)](#breaking-changes-1)
- [Breaking change(s)](#breaking-changes-2)
- [`JWTStrategy`](#jwtstrategy)
- [0.21.0](#0210)
- [Changes to parsing of OAuth 2.0 Client `response_types`](#changes-to-parsing-of-oauth-20-client-response_types)
Expand Down Expand Up @@ -59,6 +63,34 @@ bumps (`0.1.0` -> `0.2.0`).

<!-- END doctoc generated TOC please keep comment here to allow auto update -->

## 0.24.0

This release addresses areas where the go context was missing or not propagated down the call path properly.

### Breaking change(s)

#### `fosite/handler/oauth2.JWTStrategy`

The [`fosite/handler/oauth2.JWTStrategy`](https://github.com/ory/fosite/blob/master/handler/oauth2/strategy.go) interface changed as a context
parameter was added to its method signature:

```go
type JWTStrategy interface {
- Validate(tokenType fosite.TokenType, token string) (requester fosite.Requester, err error)
+ Validate(ctx context.Context, tokenType fosite.TokenType, token string) (requester fosite.Requester, err error)
}
```

#### `OpenIDConnectRequestValidator.ValidatePrompt`

The [`OpenIDConnectRequestValidator.ValidatePrompt`](https://github.com/ory/fosite/blob/master/handler/openid/validator.go)
method signature was updated to take a go context as its first parameter:

```go
- func (v *OpenIDConnectRequestValidator) ValidatePrompt(req fosite.AuthorizeRequester) error {
+ func (v *OpenIDConnectRequestValidator) ValidatePrompt(ctx context.Context, req fosite.AuthorizeRequester) error {
```
## 0.23.0
This releases addresses inconsistencies in some of the public interfaces by passing in the go context to their signatures.
Expand Down
2 changes: 1 addition & 1 deletion handler/oauth2/introspector_jwt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ type StatelessJWTValidator struct {
}

func (v *StatelessJWTValidator) IntrospectToken(ctx context.Context, token string, tokenType fosite.TokenType, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenType, error) {
or, err := v.JWTAccessTokenStrategy.ValidateJWT(fosite.AccessToken, token)
or, err := v.JWTAccessTokenStrategy.ValidateJWT(ctx, fosite.AccessToken, token)
if err != nil {
return "", err
}
Expand Down
2 changes: 1 addition & 1 deletion handler/oauth2/strategy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ type CoreStrategy interface {
}

type JWTStrategy interface {
ValidateJWT(tokenType fosite.TokenType, token string) (requester fosite.Requester, err error)
ValidateJWT(ctx context.Context, tokenType fosite.TokenType, token string) (requester fosite.Requester, err error)
}

type AccessTokenStrategy interface {
Expand Down
20 changes: 10 additions & 10 deletions handler/oauth2/strategy_jwt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,17 +53,17 @@ func (h DefaultJWTStrategy) AccessTokenSignature(token string) string {
return h.signature(token)
}

func (h *DefaultJWTStrategy) GenerateAccessToken(_ context.Context, requester fosite.Requester) (token string, signature string, err error) {
return h.generate(fosite.AccessToken, requester)
func (h *DefaultJWTStrategy) GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error) {
return h.generate(ctx, fosite.AccessToken, requester)
}

func (h *DefaultJWTStrategy) ValidateAccessToken(_ context.Context, _ fosite.Requester, token string) error {
_, err := h.validate(token)
func (h *DefaultJWTStrategy) ValidateAccessToken(ctx context.Context, _ fosite.Requester, token string) error {
_, err := h.validate(ctx, token)
return err
}

func (h *DefaultJWTStrategy) ValidateJWT(tokenType fosite.TokenType, token string) (requester fosite.Requester, err error) {
t, err := h.validate(token)
func (h *DefaultJWTStrategy) ValidateJWT(ctx context.Context, tokenType fosite.TokenType, token string) (requester fosite.Requester, err error) {
t, err := h.validate(ctx, token)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -115,8 +115,8 @@ func (h *DefaultJWTStrategy) ValidateAuthorizeCode(ctx context.Context, req fosi
return h.HMACSHAStrategy.ValidateAuthorizeCode(ctx, req, token)
}

func (h *DefaultJWTStrategy) validate(token string) (t *jwtx.Token, err error) {
t, err = h.JWTStrategy.Decode(context.TODO(), token)
func (h *DefaultJWTStrategy) validate(ctx context.Context, token string) (t *jwtx.Token, err error) {
t, err = h.JWTStrategy.Decode(ctx, token)

if err == nil {
err = t.Claims.Valid()
Expand Down Expand Up @@ -154,7 +154,7 @@ func (h *DefaultJWTStrategy) validate(token string) (t *jwtx.Token, err error) {
return
}

func (h *DefaultJWTStrategy) generate(tokenType fosite.TokenType, requester fosite.Requester) (string, string, error) {
func (h *DefaultJWTStrategy) generate(ctx context.Context, tokenType fosite.TokenType, requester fosite.Requester) (string, string, error) {
if jwtSession, ok := requester.GetSession().(JWTSessionContainer); !ok {
return "", "", errors.New("Session must be of type JWTSessionContainer")
} else if jwtSession.GetJWTClaims() == nil {
Expand All @@ -173,6 +173,6 @@ func (h *DefaultJWTStrategy) generate(tokenType fosite.TokenType, requester fosi

claims.Scope = requester.GetGrantedScopes()

return h.JWTStrategy.Generate(context.TODO(), claims.ToMapClaims(), jwtSession.GetJWTHeader())
return h.JWTStrategy.Generate(ctx, claims.ToMapClaims(), jwtSession.GetJWTHeader())
}
}
2 changes: 1 addition & 1 deletion handler/openid/flow_explicit_auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func (c *OpenIDConnectExplicitHandler) HandleAuthorizeEndpointRequest(ctx contex
return errors.WithStack(fosite.ErrMisconfiguration.WithDebug("The authorization code has not been issued yet, indicating a broken code configuration."))
}

if err := c.OpenIDConnectRequestValidator.ValidatePrompt(ar); err != nil {
if err := c.OpenIDConnectRequestValidator.ValidatePrompt(ctx, ar); err != nil {
return err
}

Expand Down
2 changes: 1 addition & 1 deletion handler/openid/flow_hybrid.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ func (c *OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest(ctx context.
return errors.WithStack(ErrInvalidSession)
}

if err := c.OpenIDConnectRequestValidator.ValidatePrompt(ar); err != nil {
if err := c.OpenIDConnectRequestValidator.ValidatePrompt(ctx, ar); err != nil {
return err
}

Expand Down
2 changes: 1 addition & 1 deletion handler/openid/flow_implicit.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ func (c *OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest(ctx contex
return errors.WithStack(ErrInvalidSession)
}

if err := c.OpenIDConnectRequestValidator.ValidatePrompt(ar); err != nil {
if err := c.OpenIDConnectRequestValidator.ValidatePrompt(ctx, ar); err != nil {
return err
}

Expand Down
4 changes: 2 additions & 2 deletions handler/openid/validator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ func NewOpenIDConnectRequestValidator(prompt []string, strategy jwt.JWTStrategy)
}
}

func (v *OpenIDConnectRequestValidator) ValidatePrompt(req fosite.AuthorizeRequester) error {
func (v *OpenIDConnectRequestValidator) ValidatePrompt(ctx context.Context, req fosite.AuthorizeRequester) error {
// prompt is case sensitive!
prompt := stringsx.Splitx(req.GetRequestForm().Get("prompt"), " ")

Expand Down Expand Up @@ -142,7 +142,7 @@ func (v *OpenIDConnectRequestValidator) ValidatePrompt(req fosite.AuthorizeReque
return nil
}

tokenHint, err := v.Strategy.Decode(context.TODO(), idTokenHint)
tokenHint, err := v.Strategy.Decode(ctx, idTokenHint)
if ve, ok := errors.Cause(err).(*jwtgo.ValidationError); ok && ve.Errors == jwtgo.ValidationErrorExpired {
// Expired tokens are ok
} else if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion handler/openid/validator_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ func TestValidatePrompt(t *testing.T) {
} {
t.Run(fmt.Sprintf("case=%d/description=%s", k, tc.d), func(t *testing.T) {
t.Logf("%s", tc.idTokenHint)
err := v.ValidatePrompt(&fosite.AuthorizeRequest{
err := v.ValidatePrompt(context.TODO(), &fosite.AuthorizeRequest{
Request: fosite.Request{
Form: url.Values{"prompt": {tc.prompt}, "id_token_hint": {tc.idTokenHint}},
Client: &fosite.DefaultClient{Public: tc.isPublic},
Expand Down

0 comments on commit dc44df6

Please sign in to comment.