Skip to content

Commit

Permalink
Merge branch 'master' into add-auth-error-http-handler
Browse files Browse the repository at this point in the history
  • Loading branch information
@cyb3r4nt
cyb3r4nt committed Sep 2, 2024
2 parents 9063abe + d5ed87f commit 36abe89
Show file tree
Hide file tree
Showing 7 changed files with 65 additions and 36 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -533,7 +533,7 @@ Follow to next steps for configuring on the Apple side:

After completing the previous steps, you can proceed with configuring the Apple auth provider. Here are the parameters for AppleConfig:

- _ClientID_ (**required**) - Service ID identifier which is used for Sign with Apple
- _ClientID_ (**required**) - Service ID (or App ID) which is used for Sign with Apple
- _TeamID_ (**required**) - Identifier a developer account (use as prefix for all App ID)
- _KeyID_ (**required**) - Identifier a generated key for Sign with Apple
- _ResponseMode_ - Response Mode, please see [documentation](https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168) for reference, default is `form_post`
Expand All @@ -542,7 +542,7 @@ After completing the previous steps, you can proceed with configuring the Apple
// apple config parameters
appleCfg := provider.AppleConfig{
TeamID: os.Getenv("AEXMPL_APPLE_TID"), // developer account identifier
ClientID: os.Getenv("AEXMPL_APPLE_CID"), // service identifier
ClientID: os.Getenv("AEXMPL_APPLE_CID"), // Service ID (or App ID)
KeyID: os.Getenv("AEXMPL_APPLE_KEYID"), // private key identifier
}
```
Expand Down
2 changes: 1 addition & 1 deletion provider/apple_pubkeys.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ type appleKeySet struct {

// get return Apple public key with specific KeyID (kid)
func (aks *appleKeySet) get(kid string) (keys *applePublicKey, err error) {
if aks.keys == nil || len(aks.keys) == 0 {
if len(aks.keys) == 0 {
return nil, fmt.Errorf("failed to get key in appleKeySet, key set is nil or empty")
}

Expand Down
8 changes: 4 additions & 4 deletions provider/apple_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ import (
"crypto/rsa"
"crypto/sha1"
"encoding/base64"
"encoding/binary"
"encoding/json"
"fmt"
"io"
"log"
"math/big"
"net/http"
"net/http/cookiejar"
"net/url"
Expand Down Expand Up @@ -659,8 +659,8 @@ ODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy
n := base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(publicKey.N.Bytes())

// convert exponent
eBuff := make([]byte, 4)
binary.LittleEndian.PutUint32(eBuff, uint32(publicKey.E))
require.Positive(t, publicKey.E, "RSA exponent must be positive")
eBuff := big.NewInt(int64(publicKey.E)).Bytes()
e := base64.StdEncoding.WithPadding(base64.NoPadding).EncodeToString(eBuff)

JWK := struct {
Expand All @@ -670,7 +670,7 @@ ODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy
Kid string `json:"kid"`
E string `json:"e"`
N string `json:"n"`
}{Alg: "RS256", Kty: "RSA", Use: "sig", Kid: "112233", N: n, E: e[:4]}
}{Alg: "RS256", Kty: "RSA", Use: "sig", Kid: "112233", N: n, E: e}

var buffJwk []byte
buffJwk, err = json.Marshal(JWK)
Expand Down
39 changes: 27 additions & 12 deletions provider/telegram_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,22 +89,37 @@ func TestTelegramUnconfirmedRequest(t *testing.T) {

func TestTelegramConfirmedRequest(t *testing.T) {
var servedToken string
var mu sync.Mutex

// is set when token becomes used,
// no sync is required because only a single goroutine in TelegramHandler.Run() reads and writes it
var tokenAlreadyUsed bool

var wgToken sync.WaitGroup
wgToken.Add(1)
defer func() {
if t.Failed() && servedToken == "" {
wgToken.Done() // for the case when test fails before token is generated
}
}()

m := &TelegramAPIMock{
GetUpdatesFunc: func(ctx context.Context) (*telegramUpdate, error) {
var upd telegramUpdate
wgToken.Wait()

mu.Lock()
defer mu.Unlock()
if servedToken != "" {
resp := fmt.Sprintf(getUpdatesResp, servedToken)
if tokenAlreadyUsed || t.Failed() {
return nil, fmt.Errorf("token %s has been already used", servedToken)
}

err := json.Unmarshal([]byte(resp), &upd)
if err != nil {
t.Fatal(err)
}
var upd telegramUpdate
resp := fmt.Sprintf(getUpdatesResp, servedToken)
err := json.Unmarshal([]byte(resp), &upd)
if err != nil {
t.Fatal(err)
}

// token is served only once
tokenAlreadyUsed = true

return &upd, nil
},
AvatarFunc: func(ctx context.Context, userID int) (string, error) {
Expand Down Expand Up @@ -147,10 +162,10 @@ func TestTelegramConfirmedRequest(t *testing.T) {
err := json.Unmarshal(w.Body.Bytes(), &resp)
assert.NoError(t, err)
assert.Equal(t, "my_auth_bot", resp.Bot)
assert.NotEmpty(t, resp.Token)

mu.Lock()
servedToken = resp.Token
mu.Unlock()
wgToken.Done()

// Check the token confirmation
assert.Eventually(t, func() bool {
Expand Down
2 changes: 1 addition & 1 deletion v2/provider/apple_pubkeys.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ type appleKeySet struct {

// get return Apple public key with specific KeyID (kid)
func (aks *appleKeySet) get(kid string) (keys *applePublicKey, err error) {
if aks.keys == nil || len(aks.keys) == 0 {
if len(aks.keys) == 0 {
return nil, fmt.Errorf("failed to get key in appleKeySet, key set is nil or empty")
}

Expand Down
8 changes: 4 additions & 4 deletions v2/provider/apple_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ import (
"crypto/rsa"
"crypto/sha1"
"encoding/base64"
"encoding/binary"
"encoding/json"
"fmt"
"io"
"log"
"math/big"
"net/http"
"net/http/cookiejar"
"net/url"
Expand Down Expand Up @@ -659,8 +659,8 @@ ODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy
n := base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(publicKey.N.Bytes())

// convert exponent
eBuff := make([]byte, 4)
binary.LittleEndian.PutUint32(eBuff, uint32(publicKey.E))
require.Positive(t, publicKey.E, "RSA exponent must be positive")
eBuff := big.NewInt(int64(publicKey.E)).Bytes()
e := base64.StdEncoding.WithPadding(base64.NoPadding).EncodeToString(eBuff)

JWK := struct {
Expand All @@ -670,7 +670,7 @@ ODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy
Kid string `json:"kid"`
E string `json:"e"`
N string `json:"n"`
}{Alg: "RS256", Kty: "RSA", Use: "sig", Kid: "112233", N: n, E: e[:4]}
}{Alg: "RS256", Kty: "RSA", Use: "sig", Kid: "112233", N: n, E: e}

var buffJwk []byte
buffJwk, err = json.Marshal(JWK)
Expand Down
38 changes: 26 additions & 12 deletions v2/provider/telegram_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,22 +89,36 @@ func TestTelegramUnconfirmedRequest(t *testing.T) {

func TestTelegramConfirmedRequest(t *testing.T) {
var servedToken string
var mu sync.Mutex
// is set when token becomes used,
// no sync is required because only a single goroutine in TelegramHandler.Run() reads and writes it
var tokenAlreadyUsed bool

var wgToken sync.WaitGroup
wgToken.Add(1)
defer func() {
if t.Failed() && servedToken == "" {
wgToken.Done() // for the case when test fails before token is generated
}
}()

m := &TelegramAPIMock{
GetUpdatesFunc: func(ctx context.Context) (*telegramUpdate, error) {
var upd telegramUpdate
wgToken.Wait()

mu.Lock()
defer mu.Unlock()
if servedToken != "" {
resp := fmt.Sprintf(getUpdatesResp, servedToken)
if tokenAlreadyUsed || t.Failed() {
return nil, fmt.Errorf("token %s has been already used", servedToken)
}

err := json.Unmarshal([]byte(resp), &upd)
if err != nil {
t.Fatal(err)
}
var upd telegramUpdate
resp := fmt.Sprintf(getUpdatesResp, servedToken)
err := json.Unmarshal([]byte(resp), &upd)
if err != nil {
t.Fatal(err)
}

// token is served only once
tokenAlreadyUsed = true

return &upd, nil
},
AvatarFunc: func(ctx context.Context, userID int) (string, error) {
Expand Down Expand Up @@ -147,10 +161,10 @@ func TestTelegramConfirmedRequest(t *testing.T) {
err := json.Unmarshal(w.Body.Bytes(), &resp)
assert.NoError(t, err)
assert.Equal(t, "my_auth_bot", resp.Bot)
assert.NotEmpty(t, resp.Token)

mu.Lock()
servedToken = resp.Token
mu.Unlock()
wgToken.Done()

// Check the token confirmation
assert.Eventually(t, func() bool {
Expand Down

0 comments on commit 36abe89

Please sign in to comment.