auth: remove redirect config

buzzfeed · Jun 3, 2019 · 7e0161a · 7e0161a
1 parent f2e3bdb
commit 7e0161a
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 33 deletions.
diff --git a/internal/auth/authenticator_test.go b/internal/auth/authenticator_test.go
@@ -80,6 +80,17 @@ func setRedirectURL(redirectURL *url.URL) func(*Authenticator) error {
 	}
 }
 
+func setMockRedirectURL() func(*Authenticator) error {
+	return func(a *Authenticator) error {
+		a.redirectURL = &url.URL{
+			Scheme: "http",
+			Host:   "example.com",
+			Path:   "/",
+		}
+		return nil
+	}
+}
+
 func assignProvider(opts *Options) func(*Authenticator) error {
 	return func(a *Authenticator) error {
 		var err error
@@ -108,7 +119,6 @@ func testOpts(t *testing.T, proxyClientID, proxyClientSecret string) *Options {
 	opts.EmailDomains = []string{"*"}
 	opts.StatsdPort = 8125
 	opts.StatsdHost = "localhost"
-	opts.RedirectURL = "http://example.com"
 	return opts
 }
 
@@ -459,13 +469,13 @@ func TestSignIn(t *testing.T) {
 				setMockValidator(tc.validEmail),
 				setMockSessionStore(tc.mockSessionStore),
 				setMockTempl(),
-				setRedirectURL(opts.redirectURL),
+				setMockRedirectURL(),
 				setMockAuthCodeCipher(tc.mockAuthCodeCipher, nil),
 			)
 			testutil.Ok(t, err)
 
 			// set test provider
-			u, _ := url.Parse("http://example.com")
+			u, _ := url.Parse("http://example.com/")
 			provider := providers.NewTestProvider(u)
 			provider.Refresh = tc.refreshResponse.OK
 			provider.RefreshError = tc.refreshResponse.Error
@@ -1574,14 +1584,13 @@ func TestOAuthStart(t *testing.T) {
 		t.Run(tc.Name, func(t *testing.T) {
 
 			opts := testOpts(t, "abced", "testtest")
-			opts.RedirectURL = "https://example.com/"
 			opts.Validate()
 			u, _ := url.Parse("http://example.com")
 			provider := providers.NewTestProvider(u)
 			proxy, _ := NewAuthenticator(opts,
 				setTestProvider(provider),
 				setMockValidator(true),
-				setRedirectURL(opts.redirectURL),
+				setMockRedirectURL(),
 				setMockCSRFStore(&sessions.MockCSRFStore{}),
 			)
 

diff --git a/internal/auth/mux_test.go b/internal/auth/mux_test.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
-	"net/url"
 	"testing"
 )
 
@@ -54,12 +53,6 @@ func TestHostHeader(t *testing.T) {
 				t.Fatalf("unexpected opts error: %v", err)
 			}
 
-			opts.redirectURL = &url.URL{
-				Host:   tc.Host,
-				Path:   "/callback",
-				Scheme: "https",
-			}
-
 			authMux, err := NewAuthenticatorMux(opts, nil)
 			if err != nil {
 				t.Fatalf("unexpected err creating auth mux: %v", err)

diff --git a/internal/auth/options.go b/internal/auth/options.go
@@ -19,7 +19,6 @@ import (
 )
 
 // Options are config options that can be set by environment variables
-// RedirectURL - string - the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\
 // ClientID - string - the OAuth ClientID ie "123456.apps.googleusercontent.com"
 // ClientSecret string - the OAuth Client Secret
 // OrgName - string - if using Okta as the provider, the Okta domain to use
@@ -50,7 +49,6 @@ import (
 // StatsdPort - port where statsd client listens
 // StatsdHost - host where statsd client listens
 type Options struct {
-	RedirectURL       string `mapstructure:"redirect_url" `
 	ClientID          string `mapstructure:"client_id"`
 	ClientSecret      string `mapstructure:"client_secret"`
 	ProxyClientID     string `mapstructure:"proxy_client_id"`
@@ -99,7 +97,6 @@ type Options struct {
 	StatsdHost string `mapstructure:"statsd_host"`
 
 	// internal values that are set after config validation
-	redirectURL         *url.URL
 	decodedCookieSecret []byte
 	GroupsCacheStopFunc func()
 }
@@ -210,8 +207,6 @@ func (o *Options) Validate() error {
 		o.ProviderServerID = strings.Trim(o.ProviderServerID, `"`)
 	}
 
-	o.redirectURL, msgs = parseURL(o.RedirectURL, "redirect", msgs)
-
 	decodedCookieSecret, err := base64.StdEncoding.DecodeString(o.CookieSecret)
 	if err != nil {
 		msgs = append(msgs, "Invalid value for COOKIE_SECRET; expected base64-encoded bytes, as from `openssl rand 32 -base64`")
@@ -339,10 +334,9 @@ func SetStatsdClient(statsdClient *statsd.Client) func(*Authenticator) error {
 // url callback using the slug and configured redirect url.
 func SetRedirectURL(opts *Options, slug string) func(*Authenticator) error {
 	return func(a *Authenticator) error {
-		redirectURL := new(url.URL)
-		*redirectURL = *opts.redirectURL
-		redirectURL.Path = path.Join(slug, "callback")
-		a.redirectURL = redirectURL
+		a.redirectURL = &url.URL{
+			Path: path.Join(slug, "callback"),
+		}
 		return nil
 	}
 }
diff --git a/internal/auth/options_test.go b/internal/auth/options_test.go
@@ -2,7 +2,6 @@ package auth
 
 import (
 	"fmt"
-	"net/url"
 	"strings"
 	"testing"
 	"time"
@@ -64,17 +63,6 @@ func TestInitializedOptions(t *testing.T) {
 	testutil.Equal(t, nil, o.Validate())
 }
 
-// Note that it's not worth testing nonparseable URLs, since url.Parse()
-// seems to parse damn near anything.
-func TestRedirectURL(t *testing.T) {
-	o := testOptions(t)
-	o.RedirectURL = "https://myhost.com/callback"
-	testutil.Equal(t, nil, o.Validate())
-	expected := &url.URL{
-		Scheme: "https", Host: "myhost.com", Path: "/callback"}
-	testutil.Equal(t, expected, o.redirectURL)
-}
-
 func TestCookieRefreshMustBeLessThanCookieExpire(t *testing.T) {
 	o := testOptions(t)
 	testutil.Equal(t, nil, o.Validate())