Permalink
Browse files

Validate external providers configuration.

Signed-off-by: David Calavera <david.calavera@gmail.com>
  • Loading branch information...
calavera committed Sep 2, 2017
1 parent 9782556 commit a2f005339d133ba3b0c9b3847c406e69f73bdf63
Showing with 55 additions and 14 deletions.
  1. +13 −6 api/external.go
  2. +6 −2 api/provider/bitbucket.go
  3. +6 −2 api/provider/github.go
  4. +6 −2 api/provider/gitlab.go
  5. +6 −2 api/provider/google.go
  6. +14 −0 conf/configuration.go
  7. +4 −0 example.env
View
@@ -12,6 +12,7 @@ import (
"github.com/dgrijalva/jwt-go"
"github.com/netlify/gotrue/api/provider"
"github.com/netlify/gotrue/models"
"github.com/sirupsen/logrus"
)
type ExternalProviderClaims struct {
@@ -32,7 +33,7 @@ func (a *API) ExternalProviderRedirect(w http.ResponseWriter, r *http.Request) e
providerType := r.URL.Query().Get("provider")
provider, err := a.Provider(ctx, providerType)
if err != nil {
return badRequestError("Unsupported provider: %+v", err)
return badRequestError("Unsupported provider: %+v", err).WithInternalError(err)
}
log := getLogEntry(r)
@@ -82,9 +83,15 @@ func (a *API) internalExternalProviderCallback(w http.ResponseWriter, r *http.Re
providerType := getExternalProviderType(ctx)
provider, err := a.Provider(ctx, providerType)
if err != nil {
return badRequestError("Unsupported provider: %+v", err)
return badRequestError("Unsupported provider: %+v", err).WithInternalError(err)
}
log := getLogEntry(r)
log.WithFields(logrus.Fields{
"provider": providerType,
"code": oauthCode,
}).Debug("Exchanging oauth code")
tok, err := provider.GetOAuthToken(oauthCode)
if err != nil {
return internalServerError("Unable to exchange external code: %s", oauthCode).WithInternalError(err)
@@ -185,13 +192,13 @@ func (a *API) Provider(ctx context.Context, name string) (provider.Provider, err
switch name {
case "bitbucket":
return provider.NewBitbucketProvider(config.External.Bitbucket), nil
return provider.NewBitbucketProvider(config.External.Bitbucket)
case "github":
return provider.NewGithubProvider(config.External.Github), nil
return provider.NewGithubProvider(config.External.Github)
case "gitlab":
return provider.NewGitlabProvider(config.External.Gitlab), nil
return provider.NewGitlabProvider(config.External.Gitlab)
case "google":
return provider.NewGoogleProvider(config.External.Google), nil
return provider.NewGoogleProvider(config.External.Google)
default:
return nil, fmt.Errorf("Provider %s could not be found", name)
}
@@ -38,7 +38,11 @@ type bitbucketEmails struct {
}
// NewBitbucketProvider creates a Bitbucket account provider.
func NewBitbucketProvider(ext conf.OAuthProviderConfiguration) Provider {
func NewBitbucketProvider(ext conf.OAuthProviderConfiguration) (Provider, error) {
if err := ext.Validate(); err != nil {
return nil, err
}
return &bitbucketProvider{
&oauth2.Config{
ClientID: ext.ClientID,
@@ -47,7 +51,7 @@ func NewBitbucketProvider(ext conf.OAuthProviderConfiguration) Provider {
RedirectURL: ext.RedirectURI,
Scopes: []string{"account", "email"},
},
}
}, nil
}
func (g bitbucketProvider) GetOAuthToken(code string) (*oauth2.Token, error) {
View
@@ -34,7 +34,11 @@ type githubUserEmail struct {
}
// NewGithubProvider creates a Github account provider.
func NewGithubProvider(ext conf.OAuthProviderConfiguration) Provider {
func NewGithubProvider(ext conf.OAuthProviderConfiguration) (Provider, error) {
if err := ext.Validate(); err != nil {
return nil, err
}
authHost := chooseHost(ext.URL, defaultGitHubAuthBase)
apiHost := chooseHost(ext.URL, defaultGitHubApiBase)
if !strings.HasSuffix(apiHost, defaultGitHubApiBase) {
@@ -53,7 +57,7 @@ func NewGithubProvider(ext conf.OAuthProviderConfiguration) Provider {
Scopes: []string{"user:email"},
},
APIHost: apiHost,
}
}, nil
}
func (g githubProvider) GetOAuthToken(code string) (*oauth2.Token, error) {
View
@@ -31,7 +31,11 @@ func chooseHost(base, defaultHost string) string {
}
// NewGitlabProvider creates a Gitlab account provider.
func NewGitlabProvider(ext conf.OAuthProviderConfiguration) Provider {
func NewGitlabProvider(ext conf.OAuthProviderConfiguration) (Provider, error) {
if err := ext.Validate(); err != nil {
return nil, err
}
host := chooseHost(ext.URL, defaultGitLabAuthBase)
return &gitlabProvider{
Config: &oauth2.Config{
@@ -45,7 +49,7 @@ func NewGitlabProvider(ext conf.OAuthProviderConfiguration) Provider {
Scopes: []string{"read_user"},
},
Host: host,
}
}, nil
}
func (g gitlabProvider) GetOAuthToken(code string) (*oauth2.Token, error) {
View
@@ -23,7 +23,11 @@ type googleUser struct {
}
// NewGoogleProvider creates a Google account provider.
func NewGoogleProvider(ext conf.OAuthProviderConfiguration) Provider {
func NewGoogleProvider(ext conf.OAuthProviderConfiguration) (Provider, error) {
if err := ext.Validate(); err != nil {
return nil, err
}
return &googleProvider{
&oauth2.Config{
ClientID: ext.ClientID,
@@ -34,7 +38,7 @@ func NewGoogleProvider(ext conf.OAuthProviderConfiguration) Provider {
},
RedirectURL: ext.RedirectURI,
},
}
}, nil
}
func (g googleProvider) GetOAuthToken(code string) (*oauth2.Token, error) {
View
@@ -1,6 +1,7 @@
package conf
import (
"errors"
"os"
"time"
@@ -178,3 +179,16 @@ func (config *Configuration) ApplyDefaults() {
config.SMTP.MaxFrequency = 15 * time.Minute
}
}
func (o *OAuthProviderConfiguration) Validate() error {
if o.ClientID == "" {
return errors.New("Missing Oauth client ID")
}
if o.Secret == "" {
return errors.New("Missing Oauth secret")
}
if o.RedirectURI == "" {
return errors.New("Missing redirect URI")
}
return nil
}
View
@@ -2,6 +2,7 @@ GOTRUE_JWT_SECRET="CHANGE-THIS! VERY IMPORTANT!"
GOTRUE_JWT_EXP=3600
GOTRUE_JWT_AUD=api.netlify.com
GOTRUE_DB_DRIVER=sqlite3
GOTRUE_DB_AUTOMIGRATE=true
DATABASE_URL=gorm.db
GOTRUE_API_HOST=localhost
PORT=9999
@@ -13,3 +14,6 @@ GOTRUE_SMTP_PASS=super-secret-password
GOTRUE_SMTP_ADMIN_EMAIL=admin@example.com
GOTRUE_MAILER_SUBJECTS_CONFIRMATION="Welcome to GoTrue!"
GOTRUE_MAILER_SUBJECTS_RECOVERY="Reset your GoTrue password!"
GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI=http://localhost:9999/callback
GOTRUE_LOG_LEVEL=DEBUG
GOTRUE_OPERATOR_TOKEN=super-secret-operator-token

0 comments on commit a2f0053

Please sign in to comment.