From bca773c49f0c2e66b5c26a59b8bb772520afb9bd Mon Sep 17 00:00:00 2001
From: jwijenbergh <jeroenwijenbergh@protonmail.com>
Date: Wed, 25 Sep 2024 15:32:47 +0200
Subject: HTTP + OAuth API: Enforce TLS >= 1.3

---
 internal/api/api.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'internal/api')

diff --git a/internal/api/api.go b/internal/api/api.go
index fe25862..931f273 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -64,6 +64,12 @@ type API struct {
 func NewAPI(ctx context.Context, clientID string, sd ServerData, cb Callbacks, tokens *eduoauth.Token) (*API, error) {
 	cr := customRedirect(clientID)
 	// Construct OAuth
+
+	transp := sd.Transport
+	// in the tests this can be non-nil
+	if transp == nil {
+		transp = httpw.TLS13Transport()
+	}
 	o := eduoauth.OAuth{
 		ClientID: clientID,
 		EndpointFunc: func(ctx context.Context) (*eduoauth.EndpointResponse, error) {
@@ -81,7 +87,7 @@ func NewAPI(ctx context.Context, clientID string, sd ServerData, cb Callbacks, t
 		TokensUpdated: func(tok eduoauth.Token) {
 			cb.TokensUpdated(sd.ID, sd.Type, tok)
 		},
-		Transport: sd.Transport,
+		Transport: transp,
 		UserAgent: httpw.UserAgent,
 	}
 
-- 
cgit v1.2.3