From cad29dcc046163a944167bbaf2292b3e591e01c6 Mon Sep 17 00:00:00 2001 From: jwijenbergh Date: Tue, 31 Oct 2023 11:49:08 +0100 Subject: OAuth + Server: Make ISS optional for custom servers --- internal/oauth/oauth.go | 2 +- internal/server/custom/custom.go | 4 +++- internal/server/institute/institute.go | 4 ++++ internal/server/secure/secure.go | 4 ++++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go index f1cc9fe..d7da299 100644 --- a/internal/oauth/oauth.go +++ b/internal/oauth/oauth.go @@ -369,7 +369,7 @@ func (s *exchangeSession) Authcode(url *url.URL) (string, error) { // first check ISS iss := q.Get("iss") - if s.ISS != iss { + if s.ISS != "" && s.ISS != iss { return "", errors.Errorf("failed matching ISS; expected '%s' got '%s'", s.ISS, iss) } // Make sure the state is present and matches to protect against cross-site request forgeries diff --git a/internal/server/custom/custom.go b/internal/server/custom/custom.go index af6ad67..376bcd6 100644 --- a/internal/server/custom/custom.go +++ b/internal/server/custom/custom.go @@ -32,6 +32,8 @@ func New(ctx context.Context, clientID string, u string) (*Server, error) { API := b.Endpoints.API.V3 s := &Server{Basic: b} - s.Auth.Init(clientID, u, API.Authorization, API.Token) + // we set ISS to empty here as we do not want to have ISS enabled for custom servers + // Otherwise we would have to normalise the URL which the user has entered which is error prone + s.Auth.Init(clientID, "", API.Authorization, API.Token) return s, nil } diff --git a/internal/server/institute/institute.go b/internal/server/institute/institute.go index 46977ac..82e51e6 100644 --- a/internal/server/institute/institute.go +++ b/internal/server/institute/institute.go @@ -43,6 +43,10 @@ func New( API := b.Endpoints.API.V3 s := &Server{Basic: b} + + if url == "" { + return nil, errors.New("URL passed to OAuth is empty") + } s.Auth.Init(clientID, url, API.Authorization, API.Token) return s, nil } diff --git a/internal/server/secure/secure.go b/internal/server/secure/secure.go index c60c38e..16479fa 100644 --- a/internal/server/secure/secure.go +++ b/internal/server/secure/secure.go @@ -157,6 +157,10 @@ func (s *Server) Init( return err } + if b.URL == "" { + return errors.New("URL passed to OAuth is empty") + } + // Make sure oauth contains our endpoints s.Auth.Init(clientID, b.URL, b.Endpoints.API.V3.Authorization, b.Endpoints.API.V3.Token) return nil -- cgit v1.2.3