sso-proxy: remove default provider and unused functions

internal/proxy/oauthproxy.go

@@ -423,20 +423,21 @@ func (p *OAuthProxy) GetRedirectURL(host string) *url.URL {
 	return &u
 }
 
-func (p *OAuthProxy) redeemCode(host, code string) (s *providers.SessionState, err error) {
+func (p *OAuthProxy) redeemCode(host, code string) (*providers.SessionState, error) {
 	if code == "" {
 		return nil, errors.New("missing code")
 	}
 	redirectURL := p.GetRedirectURL(host)
-	s, err = p.provider.Redeem(redirectURL.String(), code)
+	s, err := p.provider.Redeem(redirectURL.String(), code)
 	if err != nil {
-		return
+		return s, err
 	}
 
 	if s.Email == "" {
-		s.Email, err = p.provider.GetEmailAddress(s)
+		return s, errors.New("invalid email address")
 	}
-	return
+
+	return s, nil
 }
 
 // MakeSessionCookie constructs a session cookie given the request, an expiration time and the current time.
@@ -635,7 +636,7 @@ func (p *OAuthProxy) SignOut(rw http.ResponseWriter, req *http.Request) {
 		Host:   req.Host,
 		Path:   "/",
 	}
-	fullURL := p.provider.GetSignOutURL(redirectURL)
+	fullURL := providers.GetSignOutURL(p.provider.Data(), redirectURL)
 	http.Redirect(rw, req, fullURL.String(), http.StatusFound)
 }
 
@@ -707,7 +708,7 @@ func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request, tags
 		return
 	}
 
-	signinURL := p.provider.GetSignInURL(callbackURL, encryptedState)
+	signinURL := providers.GetSignInURL(p.provider.Data(), callbackURL, encryptedState)
 	logger.WithSignInURL(signinURL).Info("starting OAuth flow")
 	http.Redirect(rw, req, signinURL.String(), http.StatusFound)
 }

internal/proxy/oauthproxy_test.go

@@ -438,51 +438,12 @@ func TestFavicon(t *testing.T) {
 	testutil.Equal(t, http.StatusNotFound, rw.Code)
 }
 
-type TestProvider struct {
-	*providers.ProviderData
-	EmailAddress string
-	ValidToken   bool
-}
-
-func NewTestProvider(providerURL *url.URL, emailAddress string) *TestProvider {
-	return &TestProvider{
-		ProviderData: &providers.ProviderData{
-			ProviderName: "Test Provider",
-			SignInURL: &url.URL{
-				Scheme: "http",
-				Host:   providerURL.Host,
-				Path:   "/oauth/authorize",
-			},
-			RedeemURL: &url.URL{
-				Scheme: "http",
-				Host:   providerURL.Host,
-				Path:   "/oauth/token",
-			},
-			ProfileURL: &url.URL{
-				Scheme: "http",
-				Host:   providerURL.Host,
-				Path:   "/api/v1/profile",
-			},
-			Scope: "profile.email",
-		},
-		EmailAddress: emailAddress,
-	}
-}
-
-func (tp *TestProvider) GetEmailAddress(session *providers.SessionState) (string, error) {
-	return tp.EmailAddress, nil
-}
-
-func (tp *TestProvider) ValidateSessionState(session *providers.SessionState, g []string) bool {
-	return tp.ValidToken
-}
-
 type ProcessCookieTest struct {
 	opts         *Options
 	proxy        *OAuthProxy
 	rw           *httptest.ResponseRecorder
 	req          *http.Request
-	provider     TestProvider
+	provider     providers.TestProvider
 	responseCode int
 	validateUser bool
 }
@@ -508,7 +469,7 @@ func NewProcessCookieTest(opts ProcessCookieTestOpts) *ProcessCookieTest {
 		return nil
 	})
 
-	pcTest.proxy.provider = &TestProvider{
+	pcTest.proxy.provider = &providers.TestProvider{
 		ValidToken: opts.providerValidateCookieResponse,
 	}
 
@@ -695,7 +656,7 @@ func TestAuthSkippedForPreflightRequests(t *testing.T) {
 	opts.Validate()
 
 	upstreamURL, _ := url.Parse(upstream.URL)
-	opts.provider = NewTestProvider(upstreamURL, "")
+	opts.provider = providers.NewTestProvider(upstreamURL, "")
 
 	proxy, _ := NewOAuthProxy(opts)
 	rw := httptest.NewRecorder()
@@ -749,7 +710,7 @@ func TestAuthSkipRequests(t *testing.T) {
 	opts.Validate()
 
 	upstreamURL, _ := url.Parse(upstream.URL)
-	opts.provider = NewTestProvider(upstreamURL, "")
+	opts.provider = providers.NewTestProvider(upstreamURL, "")
 
 	proxy, _ := NewOAuthProxy(opts)
 
@@ -829,7 +790,7 @@ func TestMultiAuthSkipRequests(t *testing.T) {
 	opts.Validate()
 
 	upstreamFooURL, _ := url.Parse(upstreamFoo.URL)
-	opts.provider = NewTestProvider(upstreamFooURL, "")
+	opts.provider = providers.NewTestProvider(upstreamFooURL, "")
 
 	proxy, _ := NewOAuthProxy(opts)
 
@@ -921,7 +882,7 @@ func NewSignatureTest(key string) *SignatureTest {
 	}
 	provider := httptest.NewServer(http.HandlerFunc(providerHandler))
 	providerURL, _ := url.Parse(provider.URL)
-	opts.provider = NewTestProvider(providerURL, "email1@example.com")
+	opts.provider = providers.NewTestProvider(providerURL, "email1@example.com")
 	opts.upstreamConfigs = generateSignatureTestUpstreamConfigs(key, upstream.URL)
 	opts.Validate()
 
@@ -1041,7 +1002,7 @@ func TestHeadersSentToUpstreams(t *testing.T) {
 	opts.upstreamConfigs = generateTestUpstreamConfigs(upstream.URL)
 	opts.Validate()
 	providerURL, _ := url.Parse("http://sso-auth.example.com/")
-	opts.provider = NewTestProvider(providerURL, "")
+	opts.provider = providers.NewTestProvider(providerURL, "")
 
 	state := testSession()
 	state.Email = "foo@example.com"
@@ -1102,6 +1063,7 @@ type testAuthenticateProvider struct {
 	*providers.ProviderData
 	refreshSessionFunc  func(*providers.SessionState, []string) (bool, error)
 	validateSessionFunc func(*providers.SessionState, []string) bool
+	redeemFunc          func(string, string) (*providers.SessionState, error)
 }
 
 func (tap *testAuthenticateProvider) RefreshSession(s *providers.SessionState, g []string) (bool, error) {
@@ -1112,6 +1074,17 @@ func (tap *testAuthenticateProvider) ValidateSessionState(s *providers.SessionSt
 	return tap.validateSessionFunc(s, g)
 }
 
+func (tap *testAuthenticateProvider) Redeem(redirectURL string, token string) (*providers.SessionState, error) {
+	return tap.redeemFunc(redirectURL, token)
+}
+
+func (tap *testAuthenticateProvider) UserGroups(string, []string) ([]string, error) {
+	return nil, nil
+}
+func (tap *testAuthenticateProvider) ValidateGroup(string, []string) ([]string, bool, error) {
+	return nil, false, nil
+}
+
 func TestAuthenticate(t *testing.T) {
 	// Constants to represent possible cookie behaviors.
 	const (
@@ -1518,7 +1491,7 @@ func TestPing(t *testing.T) {
 	opts.Validate()
 
 	providerURL, _ := url.Parse("http://sso-auth.example.com/")
-	opts.provider = NewTestProvider(providerURL, "")
+	opts.provider = providers.NewTestProvider(providerURL, "")
 
 	proxy, _ := NewOAuthProxy(opts)
 	state := testSession()
@@ -1597,7 +1570,7 @@ func TestSecurityHeaders(t *testing.T) {
 	opts.Validate()
 
 	providerURL, _ := url.Parse("http://sso-auth.example.com/")
-	opts.provider = NewTestProvider(providerURL, "")
+	opts.provider = providers.NewTestProvider(providerURL, "")
 
 	proxy, _ := NewOAuthProxy(opts, testValidatorFunc(true))
 
@@ -1741,7 +1714,7 @@ func TestHeaderOverrides(t *testing.T) {
 			opts.Validate()
 
 			providerURL, _ := url.Parse("http://sso-auth.example.com/")
-			opts.provider = NewTestProvider(providerURL, "")
+			opts.provider = providers.NewTestProvider(providerURL, "")
 
 			proxy, _ := NewOAuthProxy(opts, testValidatorFunc(true))
 
@@ -1785,7 +1758,7 @@ func TestHTTPSRedirect(t *testing.T) {
 	defer upstream.Close()
 
 	providerURL, _ := url.Parse("http://sso-auth.example.com/")
-	provider := NewTestProvider(providerURL, "")
+	provider := providers.NewTestProvider(providerURL, "")
 	state := testSession()
 
 	testCases := []struct {

internal/proxy/providers/internal_util.go

@@ -1,8 +1,6 @@
 package providers
 
 import (
-	"io/ioutil"
-	"net/http"
 	"net/url"
 
 	log "github.com/buzzfeed/sso/internal/pkg/logging"
@@ -45,41 +43,3 @@ func stripParam(param, endpoint string) string {
 
 	return endpoint
 }
-
-// validateToken returns true if token is valid
-func validateToken(p Provider, accessToken string, header http.Header) bool {
-	logger := log.NewLogEntry()
-
-	if accessToken == "" || p.Data().ValidateURL == nil {
-		return false
-	}
-	endpoint := p.Data().ValidateURL.String()
-	if len(header) == 0 {
-		params := url.Values{"access_token": {accessToken}}
-		endpoint = endpoint + "?" + params.Encode()
-	}
-
-	req, err := http.NewRequest("GET", endpoint, nil)
-	if err != nil {
-		logger.Error(err, "token validation request failed")
-		return false
-	}
-	req.Header = header
-
-	resp, err := httpClient.Do(req)
-	if err != nil {
-		logger.Error(err, "token validation request failed")
-		return false
-	}
-
-	body, _ := ioutil.ReadAll(resp.Body)
-	resp.Body.Close()
-	logger.Printf("%d GET %s %s", resp.StatusCode, stripToken(endpoint), body)
-
-	if resp.StatusCode == 200 {
-		return true
-	}
-	logger.WithHTTPStatus(resp.StatusCode).WithResponseBody(body).Info(
-		"token validation request failed")
-	return false
-}