From 29eb3dd384a60fe3bcbb3031c883d39f021f2dbe Mon Sep 17 00:00:00 2001 From: "Benjamin A. Petersen" Date: Tue, 30 Apr 2024 12:17:34 -0400 Subject: [PATCH] Update GitHub UpstreamAuthorizeRedirectURL to generate URLs --- .../resolved_github_provider.go | 15 +++++++++-- .../resolved_github_provider_test.go | 25 +++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/internal/federationdomain/resolvedprovider/resolvedgithub/resolved_github_provider.go b/internal/federationdomain/resolvedprovider/resolvedgithub/resolved_github_provider.go index 4b17120ef..5da2d7a4e 100644 --- a/internal/federationdomain/resolvedprovider/resolvedgithub/resolved_github_provider.go +++ b/internal/federationdomain/resolvedprovider/resolvedgithub/resolved_github_provider.go @@ -8,6 +8,8 @@ import ( "errors" "fmt" + "golang.org/x/oauth2" + "go.pinniped.dev/generated/latest/apis/supervisor/idpdiscovery/v1alpha1" "go.pinniped.dev/internal/federationdomain/resolvedprovider" "go.pinniped.dev/internal/federationdomain/upstreamprovider" @@ -68,8 +70,17 @@ func (p *FederationDomainResolvedGitHubIdentityProvider) UpstreamAuthorizeRedire state *resolvedprovider.UpstreamAuthorizeRequestState, downstreamIssuerURL string, ) (string, error) { - fmt.Printf("GithubResolvedIdentityProvider ~ UpstreamAuthorizeRedirectURL() called with state: %#v, downstreamIssuerURL %s", state, downstreamIssuerURL) - return "", errors.New("function UpstreamAuthorizeRedirectURL not yet implemented for GitHub IDP") + upstreamOAuthConfig := oauth2.Config{ + ClientID: p.Provider.GetClientID(), + Endpoint: oauth2.Endpoint{ + AuthURL: p.Provider.GetAuthorizationURL(), + }, + RedirectURL: fmt.Sprintf("%s/callback", downstreamIssuerURL), + } + redirectURL := upstreamOAuthConfig.AuthCodeURL( + state.EncodedStateParam, + ) + return redirectURL, nil } func (p *FederationDomainResolvedGitHubIdentityProvider) Login( diff --git a/internal/federationdomain/resolvedprovider/resolvedgithub/resolved_github_provider_test.go b/internal/federationdomain/resolvedprovider/resolvedgithub/resolved_github_provider_test.go index cc017cc08..3f68f7fa5 100644 --- a/internal/federationdomain/resolvedprovider/resolvedgithub/resolved_github_provider_test.go +++ b/internal/federationdomain/resolvedprovider/resolvedgithub/resolved_github_provider_test.go @@ -8,8 +8,10 @@ import ( "testing" "github.com/stretchr/testify/require" + "golang.org/x/oauth2" "go.pinniped.dev/generated/latest/apis/supervisor/idpdiscovery/v1alpha1" + "go.pinniped.dev/internal/federationdomain/resolvedprovider" "go.pinniped.dev/internal/idtransform" "go.pinniped.dev/internal/psession" "go.pinniped.dev/internal/upstreamgithub" @@ -31,6 +33,11 @@ func TestFederationDomainResolvedGitHubIdentityProvider(t *testing.T) { Provider: upstreamgithub.New(upstreamgithub.ProviderConfig{ Name: "fake-provider-config", ResourceUID: "fake-resource-uid", + OAuth2Config: &oauth2.Config{ + ClientID: "clientID12345", + ClientSecret: "clientSecret6789", + RedirectURL: "some/redirect/url", + }, }), SessionProviderType: psession.ProviderTypeGitHub, Transforms: transforms, @@ -40,6 +47,11 @@ func TestFederationDomainResolvedGitHubIdentityProvider(t *testing.T) { require.Equal(t, upstreamgithub.New(upstreamgithub.ProviderConfig{ Name: "fake-provider-config", ResourceUID: "fake-resource-uid", + OAuth2Config: &oauth2.Config{ + ClientID: "clientID12345", + ClientSecret: "clientSecret6789", + RedirectURL: "some/redirect/url", + }, }), subject.GetProvider()) require.Equal(t, psession.ProviderTypeGitHub, subject.GetSessionProviderType()) require.Equal(t, v1alpha1.IDPTypeGitHub, subject.GetIDPDiscoveryType()) @@ -50,4 +62,17 @@ func TestFederationDomainResolvedGitHubIdentityProvider(t *testing.T) { UpstreamUsername: "fake-upstream-username", GitHub: &psession.GitHubSessionData{}, })) + redirectURL, err := subject.UpstreamAuthorizeRedirectURL( + &resolvedprovider.UpstreamAuthorizeRequestState{ + EncodedStateParam: "encodedStateParam12345", + PKCE: "pkce6789", + Nonce: "nonce1289", + }, + "https://localhost/fake/path", + ) + require.NoError(t, err) + require.Equal(t, + "?client_id=clientID12345&redirect_uri=https%3A%2F%2Flocalhost%2Ffake%2Fpath%2Fcallback&response_type=code&state=encodedStateParam12345", + redirectURL, + ) }