Improve provider name handling #213
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Now it is possible to have a configuration, where only one single dev provider is enabled. Providers were not registered into Service.authMiddleware.Provicers slice in the Service.AddDevProvider() and Service.AddAppleProvider() methods before.
Add provider name into JWT token claims to allow provider names with multiple underscore "_" symbols. Forbid provider names containing URL reserved symbols.
|
golangci-lint fixes are in #214 |
There were two different race conditions between logic in TestTelegramConfirmedRequest and TelegramAPIMock.GetUpdatesFunc and TelegramAPIMock.SendFunc: * GetUpdatesFunc may start before token was fetched, then it produces empty telegramUpdate response, which causes assertions in SendFunc to fail. * When token becomes used and removed from wait queue after successful login completion, then GetUpdatesFunc may be still called and new telegram update is created for same token. This breaks telegram update processing logic, and SendFunc gets called with the error parameter, which also breaks assertions.
Pull Request Test Coverage Report for Build 10662288047Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The problem occurs when the provider name contains underscore characters
_.If provider name is like
provider_prodand fullclaims.User.IDin the JWT token looks likeprovider_prod_user1,then Authenticator.isProviderAllowed() check fails and provider with such name cannot be used.
This was initially discovered in #201 (comment).
It might be better to add an explicit provider name into the JWT token claims,
and avoid parsing already serialized string back to tokens.
Provider name passed into
Service.AddProvider()also becomes a part ofhttps://host:port/auth/provider_prod/loginURL, and therefore it requires special handling.One solution is to url-encode it, but then it will be still possible to use names containing spaces or special characters (by accident or with purpose).
Another solution is to forbid all provider names which require url-encoding.
It might be better to forbid empty names as well.
_underscore has been mentioned in the README examples for some time now, i am not sure about it.But those names may be even more strict and contain only ASCII alphanumeric symbols.
What do you think?
It is not possible to return errors from
Service.AddProvider(), therefore invalid providers are just ignored andERRORlevel message is logged.