diff options
| author | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-10-19 17:55:53 +0200 |
|---|---|---|
| committer | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-10-19 17:55:53 +0200 |
| commit | 8fa80e56e014d9a77cfb337b2a2b641f1532ff8e (patch) | |
| tree | e7a406a0b8cb05c3b232dd828dc6a5d974ca2fcb | |
| parent | 7260aa0cd70195a4679ca3c94204d9e618f947f2 (diff) | |
OAuth + Server: Fix ISS for secure internet
The wrong base url was used. Use the one from the home server NOT the
current location
| -rw-r--r-- | internal/oauth/oauth.go | 8 | ||||
| -rw-r--r-- | internal/server/common.go | 15 | ||||
| -rw-r--r-- | internal/server/instituteaccess.go | 4 | ||||
| -rw-r--r-- | internal/server/secureinternet.go | 2 |
4 files changed, 9 insertions, 20 deletions
diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go index df29a9c..4bccdf5 100644 --- a/internal/oauth/oauth.go +++ b/internal/oauth/oauth.go @@ -71,6 +71,7 @@ func genVerifier() (string, error) { } type OAuth struct { + ISS string `json:"iss"` Session OAuthExchangeSession `json:"-"` Token OAuthToken `json:"token"` BaseAuthorizationURL string `json:"base_authorization_url"` @@ -363,7 +364,8 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { } } -func (oauth *OAuth) Init(baseAuthorizationURL string, tokenURL string) { +func (oauth *OAuth) Init(iss string, baseAuthorizationURL string, tokenURL string) { + oauth.ISS = iss oauth.BaseAuthorizationURL = baseAuthorizationURL oauth.TokenURL = tokenURL } @@ -378,7 +380,7 @@ func (oauth OAuth) GetListenerPort() (int, error) { } // Starts the OAuth exchange for eduvpn. -func (oauth *OAuth) GetAuthURL(name string, iss string, postProcessAuth func(string) string) (string, error) { +func (oauth *OAuth) GetAuthURL(name string, postProcessAuth func(string) string) (string, error) { errorMessage := "failed starting OAuth exchange" // Generate the verifier and challenge @@ -395,7 +397,7 @@ func (oauth *OAuth) GetAuthURL(name string, iss string, postProcessAuth func(str } // Fill the struct with the necessary fields filled for the next call to getting the HTTP client - oauthSession := OAuthExchangeSession{ClientID: name, ISS: iss, State: state, Verifier: verifier} + oauthSession := OAuthExchangeSession{ClientID: name, ISS: oauth.ISS, State: state, Verifier: verifier} oauth.Session = oauthSession // set up the listener to get the redirect URI diff --git a/internal/server/common.go b/internal/server/common.go index bf6f4ca..e70bee0 100644 --- a/internal/server/common.go +++ b/internal/server/common.go @@ -252,21 +252,8 @@ func ShouldRenewButton(server Server) bool { return true } -func GetISS(server Server) (string, error) { - base, baseErr := server.GetBase() - if baseErr != nil { - return "", types.NewWrappedError("failed getting server ISS", baseErr) - } - // We have already ensured that the base URL ends with a / - return base.URL, nil -} - func GetOAuthURL(server Server, name string) (string, error) { - iss, issErr := GetISS(server) - if issErr != nil { - return "", issErr - } - return server.GetOAuth().GetAuthURL(name, iss, server.GetTemplateAuth()) + return server.GetOAuth().GetAuthURL(name, server.GetTemplateAuth()) } func OAuthExchange(server Server) error { diff --git a/internal/server/instituteaccess.go b/internal/server/instituteaccess.go index 0f097b0..ed0211b 100644 --- a/internal/server/instituteaccess.go +++ b/internal/server/instituteaccess.go @@ -84,7 +84,7 @@ func (institute *InstituteAccessServer) init( serverType string, supportContact []string, ) error { - errorMessage := fmt.Sprintf("failed initializing institute server %s", url) + errorMessage := fmt.Sprintf("failed initializing server %s", url) institute.Base.URL = url institute.Base.DisplayName = displayName institute.Base.SupportContact = supportContact @@ -93,7 +93,7 @@ func (institute *InstituteAccessServer) init( if endpointsErr != nil { return types.NewWrappedError(errorMessage, endpointsErr) } - institute.OAuth.Init(endpoints.API.V3.Authorization, endpoints.API.V3.Token) + institute.OAuth.Init(url, endpoints.API.V3.Authorization, endpoints.API.V3.Token) institute.Base.Endpoints = *endpoints return nil } diff --git a/internal/server/secureinternet.go b/internal/server/secureinternet.go index 93e83cf..b3e2615 100644 --- a/internal/server/secureinternet.go +++ b/internal/server/secureinternet.go @@ -149,7 +149,7 @@ func (secure *SecureInternetHomeServer) init( } // Make sure oauth contains our endpoints - secure.OAuth.Init(base.Endpoints.API.V3.Authorization, base.Endpoints.API.V3.Token) + secure.OAuth.Init(base.URL, base.Endpoints.API.V3.Authorization, base.Endpoints.API.V3.Token) return nil } |