diff --git a/.defaults.yml b/.defaults.yml index 468c1c07..c14815ac 100644 --- a/.defaults.yml +++ b/.defaults.yml @@ -39,6 +39,7 @@ vouch: # key: headers: + sub: X-Vouch-Sub jwt: X-Vouch-Token user: X-Vouch-User success: X-Vouch-Success diff --git a/config/config.yml_example b/config/config.yml_example index 25b6b430..984a8cd7 100644 --- a/config/config.yml_example +++ b/config/config.yml_example @@ -43,6 +43,8 @@ vouch: # whiteList (optional) allows only the listed usernames - VOUCH_WHITELIST # usernames are usually email addresses (google, most oidc providers) or login/username for github and github enterprise + # if a user can change their info including email address this might be a bad idea + # see https://github.com/vouch/vouch-proxy/issues/309 and https://openid.net/specs/openid-connect-core-1_0.html#ClaimStability whiteList: - bob@yourdomain.com - alice@yourdomain.com diff --git a/do.sh b/do.sh index a0dbb97a..9f426548 100755 --- a/do.sh +++ b/do.sh @@ -13,7 +13,7 @@ fi IMAGE=voucher/vouch-proxy:latest ALPINE=voucher/vouch-proxy:alpine -GOIMAGE=golang:1.14 +GOIMAGE=golang:1.15 NAME=vouch-proxy HTTPPORT=9090 GODOC_PORT=5050 diff --git a/go.mod b/go.mod index d77cb85f..3a0afb31 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/streadway/quantile v0.0.0-20150917103942-b0c588724d25 // indirect github.com/stretchr/testify v1.5.1 github.com/theckman/go-securerandom v0.1.1 - github.com/tsenart/vegeta v12.7.0+incompatible + github.com/tsenart/vegeta/v12 v12.8.4 go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.16.0 golang.org/x/net v0.0.0-20210119194325-5f4716e94777 @@ -37,3 +37,4 @@ require ( gopkg.in/ini.v1 v1.62.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) + diff --git a/go.sum b/go.sum index f4ef29e4..bf30327d 100644 --- a/go.sum +++ b/go.sum @@ -41,6 +41,7 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/alecthomas/jsonschema v0.0.0-20180308105923-f2c93856175a/go.mod h1:qpebaTNSsyUn5rPSJMsfqEtDw71TTggXM6stUDI16HA= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -52,6 +53,7 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b h1:AP/Y7sqYicnjGDfD5VcY4CIfh1hRXBUavxrvELjTiOE= github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b/go.mod h1:ac9efd0D1fsDb3EJvhqgXRbFx7bs2wqZ10HQPeU8U/Q= +github.com/c2h5oh/datasize v0.0.0-20171227191756-4eba002a5eae/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -71,8 +73,10 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgryski/go-gk v0.0.0-20140819190930-201884a44051/go.mod h1:qm+vckxRlDt0aOla0RYJJVeqHZlWfOm2UIxHaqPB46E= github.com/dgryski/go-gk v0.0.0-20200319235926-a69029f61654 h1:XOPLOMn/zT4jIgxfxSsoXPxkrzz0FaCHwp33x5POJ+Q= github.com/dgryski/go-gk v0.0.0-20200319235926-a69029f61654/go.mod h1:qm+vckxRlDt0aOla0RYJJVeqHZlWfOm2UIxHaqPB46E= +github.com/dgryski/go-lttb v0.0.0-20180810165845-318fcdf10a77/go.mod h1:Va5MyIzkU0rAM92tn3hb3Anb7oz7KcnixF49+2wOMe4= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -123,6 +127,15 @@ github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/gonum/blas v0.0.0-20181208220705-f22b278b28ac/go.mod h1:P32wAyui1PQ58Oce/KYkOqQv8cVw1zAapXOl+dRFGbc= +github.com/gonum/diff v0.0.0-20181124234638-500114f11e71/go.mod h1:22dM4PLscQl+Nzf64qNBurVJvfyvZELT0iRW2l/NN70= +github.com/gonum/floats v0.0.0-20181209220543-c233463c7e82/go.mod h1:PxC8OnwL11+aosOB5+iEPoV3picfs8tUpkVd0pDo+Kg= +github.com/gonum/integrate v0.0.0-20181209220457-a422b5c0fdf2/go.mod h1:pDgmNM6seYpwvPos3q+zxlXMsbve6mOIPucUnUOrI7Y= +github.com/gonum/internal v0.0.0-20181124074243-f884aa714029/go.mod h1:Pu4dmpkhSyOzRwuXkOgAvijx4o+4YMUJJo9OvPYMkks= +github.com/gonum/lapack v0.0.0-20181123203213-e4cdc5a0bff9/go.mod h1:XA3DeT6rxh2EAE789SSiSJNqxPaC0aE9J8NTOI0Jo/A= +github.com/gonum/mathext v0.0.0-20181121095525-8a4bf007ea55/go.mod h1:fmo8aiSEWkJeiGXUJf+sPvuDgEFgqIoZSs843ePKrGg= +github.com/gonum/matrix v0.0.0-20181209220409-c518dec07be9/go.mod h1:0EXg4mc1CNP0HCqCz+K4ts155PXIlUywf0wqN+GfPZw= +github.com/gonum/stat v0.0.0-20181125101827-41a0da705a5b/go.mod h1:Z4GIJBJO3Wa4gD4vbwQxXXZ+WHmW6E9ixmNrwvs0iZs= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -306,8 +319,8 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69 github.com/theckman/go-securerandom v0.1.1 h1:5KctSyM0D5KKFK+bsypIyLq7yik0CEaI5i2fGcUGcsQ= github.com/theckman/go-securerandom v0.1.1/go.mod h1:bmkysLfBH6i891sBpcP4xRM3XIB7jMeiKJB31jlResI= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tsenart/vegeta v12.7.0+incompatible h1:sGlrv11EMxQoKOlDuMWR23UdL90LE5VlhKw/6PWkZmU= -github.com/tsenart/vegeta v12.7.0+incompatible/go.mod h1:Smz/ZWfhKRcyDDChZkG3CyTHdj87lHzio/HOCkbndXM= +github.com/tsenart/go-tsz v0.0.0-20180814232043-cdeb9e1e981e/go.mod h1:SWZznP1z5Ki7hDT2ioqiFKEse8K9tU2OUvaRI0NeGQo= +github.com/tsenart/vegeta/v12 v12.8.4/go.mod h1:ZiJtwLn/9M4fTPdMY7bdbIeyNeFVE8/AHbWFqCsUuho= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/handlers/handlers_test.go b/handlers/handlers_test.go index 76877167..5a118bb0 100644 --- a/handlers/handlers_test.go +++ b/handlers/handlers_test.go @@ -46,7 +46,12 @@ func setUp(configFile string) { func TestVerifyUserPositiveUserInWhiteList(t *testing.T) { setUp("/config/testing/handler_whitelist.yml") - user := &structs.User{Username: "test@example.com", Email: "test@example.com", Name: "Test Name"} + user := &structs.User{ + Sub: "testsub", + Username: "test@example.com", + Email: "test@example.com", + Name: "Test Name", + } ok, err := verifyUser(*user) assert.True(t, ok) assert.Nil(t, err) @@ -55,7 +60,12 @@ func TestVerifyUserPositiveUserInWhiteList(t *testing.T) { func TestVerifyUserPositiveAllowAllUsers(t *testing.T) { setUp("/config/testing/handler_allowallusers.yml") - user := &structs.User{Username: "testuser", Email: "test@example.com", Name: "Test Name"} + user := &structs.User{ + Sub: "testsub", + Username: "testuser", + Email: "test@example.com", + Name: "Test Name", + } ok, err := verifyUser(*user) assert.True(t, ok) @@ -64,7 +74,12 @@ func TestVerifyUserPositiveAllowAllUsers(t *testing.T) { func TestVerifyUserPositiveByEmail(t *testing.T) { setUp("/config/testing/handler_email.yml") - user := &structs.User{Username: "testuser", Email: "test@example.com", Name: "Test Name"} + user := &structs.User{ + Sub: "testsub", + Username: "testuser", + Email: "test@example.com", + Name: "Test Name", + } ok, err := verifyUser(*user) assert.True(t, ok) assert.Nil(t, err) @@ -74,7 +89,12 @@ func TestVerifyUserPositiveByTeam(t *testing.T) { setUp("/config/testing/handler_teams.yml") // cfg.Cfg.TeamWhiteList = append(cfg.Cfg.TeamWhiteList, "org1/team2", "org1/team1") - user := &structs.User{Username: "testuser", Email: "test@example.com", Name: "Test Name"} + user := &structs.User{ + Sub: "testsub", + Username: "testuser", + Email: "test@example.com", + Name: "Test Name", + } user.TeamMemberships = append(user.TeamMemberships, "org1/team3") user.TeamMemberships = append(user.TeamMemberships, "org1/team1") ok, err := verifyUser(*user) @@ -84,7 +104,12 @@ func TestVerifyUserPositiveByTeam(t *testing.T) { func TestVerifyUserNegativeByTeam(t *testing.T) { setUp("/config/testing/handler_teams.yml") - user := &structs.User{Username: "testuser", Email: "test@example.com", Name: "Test Name"} + user := &structs.User{ + Sub: "testsub", + Username: "testuser", + Email: "test@example.com", + Name: "Test Name", + } // cfg.Cfg.TeamWhiteList = append(cfg.Cfg.TeamWhiteList, "org1/team1") ok, err := verifyUser(*user) @@ -95,7 +120,12 @@ func TestVerifyUserNegativeByTeam(t *testing.T) { func TestVerifyUserPositiveNoDomainsConfigured(t *testing.T) { setUp("/config/testing/handler_nodomains.yml") - user := &structs.User{Username: "testuser", Email: "test@example.com", Name: "Test Name"} + user := &structs.User{ + Sub: "testsub", + Username: "testuser", + Email: "test@example.com", + Name: "Test Name", + } cfg.Cfg.Domains = make([]string, 0) ok, err := verifyUser(*user) @@ -105,7 +135,12 @@ func TestVerifyUserPositiveNoDomainsConfigured(t *testing.T) { func TestVerifyUserNegative(t *testing.T) { setUp("/config/testing/test_config.yml") - user := &structs.User{Username: "testuser", Email: "test@example.com", Name: "Test Name"} + user := &structs.User{ + Sub: "testsub", + Username: "testuser", + Email: "test@example.com", + Name: "Test Name", + } ok, err := verifyUser(*user) assert.False(t, ok) @@ -116,6 +151,7 @@ func TestVerifyUserNegative(t *testing.T) { // it should live there but circular imports are resolved if it lives here var ( u1 = structs.User{ + Sub: "test", Username: "test@testing.com", Name: "Test Name", } @@ -141,6 +177,7 @@ func init() { // log.SetLevel(log.DebugLevel) lc = jwtmanager.VouchClaims{ + u1.Sub, u1.Username, customClaims.Claims, t1.PAccessToken, diff --git a/handlers/validate.go b/handlers/validate.go index bc01bf32..83bcebcf 100644 --- a/handlers/validate.go +++ b/handlers/validate.go @@ -25,8 +25,8 @@ import ( ) var ( - errNoJWT = errors.New("no jwt found in request") - errNoUser = errors.New("no User found in jwt") + errNoJWT = errors.New("no jwt found in request") + errNoSub = errors.New("no 'sub' found in jwt") ) // ValidateRequestHandler /validate @@ -45,8 +45,8 @@ func ValidateRequestHandler(w http.ResponseWriter, r *http.Request) { return } - if claims.Username == "" { - send401or200PublicAccess(w, r, errNoUser) + if claims.Sub == "" { + send401or200PublicAccess(w, r, errNoSub) return } @@ -59,7 +59,10 @@ func ValidateRequestHandler(w http.ResponseWriter, r *http.Request) { } generateCustomClaimsHeaders(w, claims) - w.Header().Add(cfg.Cfg.Headers.User, claims.Username) + w.Header().Add(cfg.Cfg.Headers.Sub, claims.Sub) + if claims.Username != "" { + w.Header().Add(cfg.Cfg.Headers.User, claims.Username) + } w.Header().Add(cfg.Cfg.Headers.Success, "true") if cfg.Cfg.Headers.AccessToken != "" && claims.PAccessToken != "" { diff --git a/handlers/validate_test.go b/handlers/validate_test.go index 1889d6f9..aa0bd232 100644 --- a/handlers/validate_test.go +++ b/handlers/validate_test.go @@ -19,7 +19,7 @@ import ( "time" "github.com/stretchr/testify/assert" - vegeta "github.com/tsenart/vegeta/lib" + vegeta "github.com/tsenart/vegeta/v12/lib" "github.com/vouch/vouch-proxy/pkg/cfg" "github.com/vouch/vouch-proxy/pkg/jwtmanager" @@ -28,7 +28,12 @@ import ( func BenchmarkValidateRequestHandler(b *testing.B) { setUp("/config/testing/handler_email.yml") - user := &structs.User{Username: "testuser", Email: "test@example.com", Name: "Test Name"} + user := &structs.User{ + Sub: "testsub", + Username: "testuser", + Email: "test@example.com", + Name: "Test Name", + } tokens := structs.PTokens{} customClaims := structs.CustomClaims{} @@ -67,7 +72,12 @@ func TestValidateRequestHandlerPerf(t *testing.T) { } setUp("/config/testing/handler_email.yml") - user := &structs.User{Username: "testuser", Email: "test@example.com", Name: "Test Name"} + user := &structs.User{ + Sub: "testsub", + Username: "testuser", + Email: "test@example.com", + Name: "Test Name", + } tokens := structs.PTokens{} customClaims := structs.CustomClaims{} @@ -155,7 +165,12 @@ func TestValidateRequestHandlerWithGroupClaims(t *testing.T) { tokens := structs.PTokens{} - user := &structs.User{Username: "testuser", Email: "test@example.com", Name: "Test Name"} + user := &structs.User{ + Sub: "testsub", + Username: "testuser", + Email: "test@example.com", + Name: "Test Name", + } vpjwt, err := jwtmanager.NewVPJWT(*user, customClaims, tokens) assert.NoError(t, err) @@ -208,7 +223,12 @@ func TestJWTCacheHandler(t *testing.T) { setUp("/config/testing/handler_logout_url.yml") handler := jwtmanager.JWTCacheHandler(http.HandlerFunc(ValidateRequestHandler)) - user := &structs.User{Username: "testuser", Email: "test@example.com", Name: "Test Name"} + user := &structs.User{ + Sub: "testsub", + Username: "testuser", + Email: "test@example.com", + Name: "Test Name", + } tokens := structs.PTokens{} customClaims := structs.CustomClaims{} diff --git a/pkg/cfg/cfg.go b/pkg/cfg/cfg.go index fae2bf90..e508336a 100644 --- a/pkg/cfg/cfg.go +++ b/pkg/cfg/cfg.go @@ -65,6 +65,7 @@ type Config struct { } Headers struct { + Sub string `mapstructure:"sub"` JWT string `mapstructure:"jwt"` User string `mapstructure:"user"` QueryString string `mapstructure:"querystring"` diff --git a/pkg/cfg/cfg_test.go b/pkg/cfg/cfg_test.go index 7cfe6cf0..03f11458 100644 --- a/pkg/cfg/cfg_test.go +++ b/pkg/cfg/cfg_test.go @@ -124,8 +124,7 @@ func Test_configureFromEnvCfg(t *testing.T) { t.Cleanup(cleanupEnv) // each of these env vars holds a.. // string - // get all the values - senv := []string{"VOUCH_LISTEN", "VOUCH_JWT_ISSUER", "VOUCH_JWT_SECRET", "VOUCH_HEADERS_JWT", + senv := []string{"VOUCH_LISTEN", "VOUCH_JWT_ISSUER", "VOUCH_JWT_SECRET", "VOUCH_HEADERS_JWT", "VOUCH_HEADERS_SUB", "VOUCH_HEADERS_USER", "VOUCH_HEADERS_QUERYSTRING", "VOUCH_HEADERS_REDIRECT", "VOUCH_HEADERS_SUCCESS", "VOUCH_HEADERS_ERROR", "VOUCH_HEADERS_CLAIMHEADER", "VOUCH_HEADERS_ACCESSTOKEN", "VOUCH_HEADERS_IDTOKEN", "VOUCH_COOKIE_NAME", "VOUCH_COOKIE_DOMAIN", "VOUCH_COOKIE_SAMESITE", "VOUCH_TESTURL", "VOUCH_SESSION_NAME", "VOUCH_SESSION_KEY"} @@ -162,7 +161,7 @@ func Test_configureFromEnvCfg(t *testing.T) { // run the thing configureFromEnv() - scfg := []string{Cfg.Listen, Cfg.JWT.Issuer, Cfg.JWT.Secret, Cfg.Headers.JWT, + scfg := []string{Cfg.Listen, Cfg.JWT.Issuer, Cfg.JWT.Secret, Cfg.Headers.JWT, Cfg.Headers.Sub, Cfg.Headers.User, Cfg.Headers.QueryString, Cfg.Headers.Redirect, Cfg.Headers.Success, Cfg.Headers.Error, Cfg.Headers.ClaimHeader, Cfg.Headers.AccessToken, Cfg.Headers.IDToken, Cfg.Cookie.Name, Cfg.Cookie.Domain, Cfg.Cookie.SameSite, Cfg.TestURL, Cfg.Session.Name, Cfg.Session.Key, diff --git a/pkg/jwtmanager/jwtmanager.go b/pkg/jwtmanager/jwtmanager.go index 68c4fe94..dda84a9b 100644 --- a/pkg/jwtmanager/jwtmanager.go +++ b/pkg/jwtmanager/jwtmanager.go @@ -33,6 +33,7 @@ const comma = "," // VouchClaims jwt Claims specific to vouch type VouchClaims struct { + Sub string `json:"sub"` Username string `json:"username"` CustomClaims map[string]interface{} PAccessToken string @@ -79,6 +80,7 @@ func NewVPJWT(u structs.User, customClaims structs.CustomClaims, ptokens structs // User`token` // u.PrepareUserData() claims := VouchClaims{ + u.Sub, u.Username, customClaims.Claims, ptokens.PAccessToken, diff --git a/pkg/jwtmanager/jwtmanager_test.go b/pkg/jwtmanager/jwtmanager_test.go index 9b3b7c9e..49842b5e 100644 --- a/pkg/jwtmanager/jwtmanager_test.go +++ b/pkg/jwtmanager/jwtmanager_test.go @@ -22,6 +22,7 @@ import ( var ( u1 = structs.User{ + Sub: "testsub", Username: "test@testing.com", Name: "Test Name", } @@ -49,6 +50,7 @@ func init() { Configure() lc = VouchClaims{ + u1.Sub, u1.Username, customClaims.Claims, t1.PAccessToken, diff --git a/pkg/providers/github/github.go b/pkg/providers/github/github.go index 018806ef..f30fd879 100644 --- a/pkg/providers/github/github.go +++ b/pkg/providers/github/github.go @@ -66,16 +66,13 @@ func (me Provider) GetUserInfo(r *http.Request, user *structs.User, customClaims log.Error(err) return err } - log.Debug("getUserInfoFromGitHub ghUser") - log.Debug(ghUser) - log.Debug("getUserInfoFromGitHub user") - log.Debug(user) + log.Debugf("getUserInfoFromGitHub ghUser %+v", ghUser) ghUser.PrepareUserData() + user.Sub = ghUser.Login user.Email = ghUser.Email user.Name = ghUser.Name user.Username = ghUser.Username - user.ID = ghUser.ID // user = &ghUser.User @@ -116,8 +113,7 @@ func (me Provider) GetUserInfo(r *http.Request, user *structs.User, customClaims } } - log.Debug("getUserInfoFromGitHub") - log.Debug(user) + log.Debugf("getUserInfoFromGitHub user: %+v", user) return nil } diff --git a/pkg/providers/github/github_test.go b/pkg/providers/github/github_test.go index 1caf5abc..8bace3d7 100644 --- a/pkg/providers/github/github_test.go +++ b/pkg/providers/github/github_test.go @@ -171,7 +171,6 @@ func TestGetUserInfo(t *testing.T) { Username: "test", CreatedOn: 123, Email: "email@example.com", - ID: 1, LastUpdate: 123, Name: "name", }, diff --git a/pkg/providers/openstax/openstax.go b/pkg/providers/openstax/openstax.go index b9ccf24d..c872cee1 100644 --- a/pkg/providers/openstax/openstax.go +++ b/pkg/providers/openstax/openstax.go @@ -63,7 +63,6 @@ func (Provider) GetUserInfo(r *http.Request, user *structs.User, customClaims *s user.Email = oxUser.Email user.Name = oxUser.Name user.Username = oxUser.Username - user.ID = oxUser.ID user.PrepareUserData() return nil } diff --git a/pkg/structs/structs.go b/pkg/structs/structs.go index e42c0d60..0a99d541 100644 --- a/pkg/structs/structs.go +++ b/pkg/structs/structs.go @@ -22,18 +22,12 @@ type UserI interface { // User is inherited. type User struct { - // TODO: set Provider here so that we can pass it to db - // populated by db (via mapstructure) or from provider (via json) - // Provider string `json:"provider",mapstructure:"provider"` - Username string `json:"username" mapstructure:"username"` - Name string `json:"name" mapstructure:"name"` - Email string `json:"email" mapstructure:"email"` - CreatedOn int64 `json:"createdon"` - LastUpdate int64 `json:"lastupdate"` - // don't populate ID from json https://github.com/vouch/vouch-proxy/issues/185 - ID int `json:"-" mapstructure:"id"` - // jwt.StandardClaims - + Sub string `json:"sub"` + Username string `json:"username"` + Name string `json:"name"` + Email string `json:"email"` + CreatedOn int64 `json:"createdon"` + LastUpdate int64 `json:"lastupdate"` TeamMemberships []string } @@ -42,12 +36,14 @@ func (u *User) PrepareUserData() { if u.Username == "" { u.Username = u.Email } + if u.Sub == "" { + u.Sub = u.Username + } } // AzureUser is a retrieved and authenticated user from Azure AD type AzureUser struct { User - Sub string `json:"sub"` UPN string `json:"upn"` } @@ -65,32 +61,9 @@ func (u *AzureUser) PrepareUserData() { } } -// GoogleUser is a retrieved and authentiacted user from Google. -// unused! -// TODO: see if these should be pointers to the *User object as per -// https://golang.org/doc/effective_go.html#embedding -type GoogleUser struct { - User - Sub string `json:"sub"` - GivenName string `json:"given_name"` - FamilyName string `json:"family_name"` - Profile string `json:"profile"` - Picture string `json:"picture"` - EmailVerified bool `json:"email_verified"` - Gender string `json:"gender"` - HostDomain string `json:"hd"` - // jwt.StandardClaims -} - -// PrepareUserData implement PersonalData interface -func (u *GoogleUser) PrepareUserData() { - u.Username = u.Email -} - // ADFSUser Active Directory user record type ADFSUser struct { User - Sub string `json:"sub"` UPN string `json:"upn"` // UniqueName string `json:"unique_name"` // PwdExp string `json:"pwd_exp"`