From 88b42cfeeeddd9139e7f95776330e69ba31a9f5a Mon Sep 17 00:00:00 2001 From: Daniel Loreto <279789+loreto@users.noreply.github.com> Date: Mon, 25 Sep 2023 10:56:27 -0500 Subject: [PATCH 1/3] Add token refresh logic --- pkg/sandbox/auth/auth.go | 53 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 50 insertions(+), 3 deletions(-) diff --git a/pkg/sandbox/auth/auth.go b/pkg/sandbox/auth/auth.go index 4b17b33a..278dd4f7 100644 --- a/pkg/sandbox/auth/auth.go +++ b/pkg/sandbox/auth/auth.go @@ -1,11 +1,14 @@ package auth import ( + "context" "fmt" "os" "path/filepath" + "github.com/coreos/go-oidc/v3/oidc" "go.jetpack.io/pkg/sandbox/auth/session" + "golang.org/x/oauth2" "go.jetpack.io/pkg/sandbox/auth/internal/authflow" "go.jetpack.io/pkg/sandbox/auth/internal/callbackserver" @@ -61,14 +64,58 @@ func (c *Client) LogoutFlow() error { // TODO: automatically refresh token as needed func (c *Client) GetSession() (*session.Token, bool) { tok := c.store.ReadToken(c.issuer, c.clientID) - if tok == nil || !tok.Valid() { + if tok == nil { return nil, false } + + // Refresh if the token is no longer valid: + if !tok.Valid() { + tok = c.refresh(tok) + if !tok.Valid() { + return nil, false + } + return tok, true + } + return tok, true } -func (c *Client) RefreshSession() *session.Token { - panic("refresh session not implemented") +func (c *Client) refresh(tok *session.Token) *session.Token { + ctx := context.Background() + + if tok == nil { + return nil + } + + // TODO: figure out how to share oidc provider and outh2 client + // with auth flow: + provider, err := oidc.NewProvider(ctx, c.issuer) + if err != nil { + return tok + } + + conf := oauth2.Config{ + ClientID: c.clientID, + Endpoint: provider.Endpoint(), + Scopes: []string{"openid", "offline_access"}, + } + + // Refresh logic: + tokenSource := conf.TokenSource(ctx, &tok.Token) + newToken, err := tokenSource.Token() + if err != nil { + return tok + } + + if newToken.AccessToken != tok.AccessToken { + tok.Token = *newToken + err = c.store.WriteToken(c.issuer, c.clientID, tok) + if err != nil { + return tok + } + } + + return tok } func (c *Client) RevokeSession() error { From 0f7d26b195cf7ea0fb9eb54bde27c177188c4619 Mon Sep 17 00:00:00 2001 From: Mike Landau Date: Thu, 28 Sep 2023 13:42:56 -0700 Subject: [PATCH 2/3] Fixes --- envsec/internal/envcli/auth.go | 8 ++++++-- envsec/internal/envcli/flags.go | 2 +- envsec/internal/envcli/init.go | 2 +- pkg/sandbox/auth/auth.go | 12 ++++++------ 4 files changed, 14 insertions(+), 10 deletions(-) diff --git a/envsec/internal/envcli/auth.go b/envsec/internal/envcli/auth.go index 9144d907..6aed6847 100644 --- a/envsec/internal/envcli/auth.go +++ b/envsec/internal/envcli/auth.go @@ -83,7 +83,11 @@ func refreshCmd() *cobra.Command { return err } - _ = client.RefreshSession() + _, ok := client.GetSession(cmd.Context()) + if !ok { + return errors.New("Failed to refresh: not logged in. Run `envsec auth login` to log in") + } + fmt.Fprintln(cmd.OutOrStdout(), "Refreshed successfully") return nil }, } @@ -102,7 +106,7 @@ func whoAmICmd() *cobra.Command { return err } - tok, ok := client.GetSession() + tok, ok := client.GetSession(cmd.Context()) if !ok { return errors.New("not logged in. Run `envsec auth login` to log in") } diff --git a/envsec/internal/envcli/flags.go b/envsec/internal/envcli/flags.go index 70075a09..5d232e59 100644 --- a/envsec/internal/envcli/flags.go +++ b/envsec/internal/envcli/flags.go @@ -90,7 +90,7 @@ func (f *configFlags) genConfig(ctx context.Context) (*cmdConfig, error) { return nil, err } - tok, ok = client.GetSession() + tok, ok = client.GetSession(ctx) if !ok { return nil, errors.Errorf( "To use envsec you must log in (`envsec auth login`) or specify --project-id and --org-id", diff --git a/envsec/internal/envcli/init.go b/envsec/internal/envcli/init.go index 68540d60..e227bfaa 100644 --- a/envsec/internal/envcli/init.go +++ b/envsec/internal/envcli/init.go @@ -19,7 +19,7 @@ func initCmd() *cobra.Command { if err != nil { return err } - tok, ok := client.GetSession() + tok, ok := client.GetSession(cmd.Context()) if !ok { return errors.New("not logged in, run `envsec auth login`") } diff --git a/pkg/sandbox/auth/auth.go b/pkg/sandbox/auth/auth.go index 278dd4f7..2a5bb5bc 100644 --- a/pkg/sandbox/auth/auth.go +++ b/pkg/sandbox/auth/auth.go @@ -62,7 +62,7 @@ func (c *Client) LogoutFlow() error { // it will attempt to refresh it. If no token is found, or is unable to be refreshed, // it will return nil and false. // TODO: automatically refresh token as needed -func (c *Client) GetSession() (*session.Token, bool) { +func (c *Client) GetSession(ctx context.Context) (*session.Token, bool) { tok := c.store.ReadToken(c.issuer, c.clientID) if tok == nil { return nil, false @@ -70,19 +70,19 @@ func (c *Client) GetSession() (*session.Token, bool) { // Refresh if the token is no longer valid: if !tok.Valid() { - tok = c.refresh(tok) + tok = c.refresh(ctx, tok) if !tok.Valid() { return nil, false } - return tok, true } return tok, true } -func (c *Client) refresh(tok *session.Token) *session.Token { - ctx := context.Background() - +func (c *Client) refresh( + ctx context.Context, + tok *session.Token, +) *session.Token { if tok == nil { return nil } From b4787fdee804129d14ec1694db4c5b60ce6a2aa2 Mon Sep 17 00:00:00 2001 From: Mike Landau Date: Thu, 28 Sep 2023 13:50:33 -0700 Subject: [PATCH 3/3] Fix typo --- pkg/sandbox/auth/auth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/sandbox/auth/auth.go b/pkg/sandbox/auth/auth.go index 2a5bb5bc..5dc81de5 100644 --- a/pkg/sandbox/auth/auth.go +++ b/pkg/sandbox/auth/auth.go @@ -87,7 +87,7 @@ func (c *Client) refresh( return nil } - // TODO: figure out how to share oidc provider and outh2 client + // TODO: figure out how to share oidc provider and oauth2 client // with auth flow: provider, err := oidc.NewProvider(ctx, c.issuer) if err != nil {