lordwelch/aws-oidc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

go vet: fix error handling issues

Browse Source
This commit is contained in:
lordwelch 2020-08-07 14:07:23 -07:00
parent d7c8067c75
commit 81f4ab46c7
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
provider/provider.go
View File

@ -70,7 +70,7 @@ func refresh(config oauth2.Config, t *OAuth2Token) error {
} }
idtoken, ok := res.Extra("id_token").(string) idtoken, ok := res.Extra("id_token").(string)
if !ok { if !ok {
return errors.New("Can't extract id_token") return errors.New("can't extract id_token")
} }
t.AccessToken = res.AccessToken t.AccessToken = res.AccessToken
t.RefreshToken = res.RefreshToken t.RefreshToken = res.RefreshToken
@ -83,8 +83,8 @@ func refresh(config oauth2.Config, t *OAuth2Token) error {
func (p ProviderConfig) Authenticate(t *OAuth2Token) error { func (p ProviderConfig) Authenticate(t *OAuth2Token) error {
ctx := context.Background() ctx := context.Background()
resultChannel := make(chan *oauth2.Token, 0) resultChannel := make(chan *oauth2.Token)
errorChannel := make(chan error, 0) errorChannel := make(chan error)
provider, err := oidc.NewProvider(ctx, p.ProviderURL) provider, err := oidc.NewProvider(ctx, p.ProviderURL)
if err != nil { if err != nil {
@ -136,7 +136,7 @@ func (p ProviderConfig) Authenticate(t *OAuth2Token) error {
codeChallengeEncoded := strings.Replace(codeChallenge, "=", "", -1) codeChallengeEncoded := strings.Replace(codeChallenge, "=", "", -1)
nonceData := make([]byte, 32) nonceData := make([]byte, 32)
_, err = rand.Read(nonceData) _, _ = rand.Read(nonceData)
nonce := base64.URLEncoding.EncodeToString(nonceData) nonce := base64.URLEncoding.EncodeToString(nonceData)
var authCodeOptions []oauth2.AuthCodeOption var authCodeOptions []oauth2.AuthCodeOption
@ -164,38 +164,38 @@ func (p ProviderConfig) Authenticate(t *OAuth2Token) error {
http.HandleFunc("/auth/callback", func(w http.ResponseWriter, r *http.Request) { http.HandleFunc("/auth/callback", func(w http.ResponseWriter, r *http.Request) {
if r.URL.Query().Get("state") != state { if r.URL.Query().Get("state") != state {
http.Error(w, "state did not match", http.StatusBadRequest) http.Error(w, "state did not match", http.StatusBadRequest)
errorChannel <- errors.New("State did not match") errorChannel <- errors.New("state did not match")
return return
} }
oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code"), tokenCodeOptions...) oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code"), tokenCodeOptions...)
if err != nil { if err != nil {
http.Error(w, "Failed to exchange token: "+err.Error(), http.StatusInternalServerError) http.Error(w, "Failed to exchange token: "+err.Error(), http.StatusInternalServerError)
errorChannel <- errors.New("Failed to exchange token: " + err.Error()) errorChannel <- errors.New("failed to exchange token: " + err.Error())
return return
} }
rawIDToken, ok := oauth2Token.Extra("id_token").(string) rawIDToken, ok := oauth2Token.Extra("id_token").(string)
if !ok { if !ok {
http.Error(w, "No id_token field in oauth2 token.", http.StatusInternalServerError) http.Error(w, "No id_token field in oauth2 token.", http.StatusInternalServerError)
errorChannel <- errors.New("No id_token field in oauth2 token") errorChannel <- errors.New("no id_token field in oauth2 token")
return return
} }
idToken, err := verifier.Verify(ctx, rawIDToken) idToken, err := verifier.Verify(ctx, rawIDToken)
if err != nil { if err != nil {
http.Error(w, "Failed to verify ID Token: "+err.Error(), http.StatusInternalServerError) http.Error(w, "Failed to verify ID Token: "+err.Error(), http.StatusInternalServerError)
errorChannel <- errors.New("Failed to verify ID Token: " + err.Error()) errorChannel <- errors.New("failed to verify ID Token: " + err.Error())
return return
} }
if p.Nonce && idToken.Nonce != nonce { if p.Nonce && idToken.Nonce != nonce {
http.Error(w, "Failed to verify Nonce", http.StatusInternalServerError) http.Error(w, "Failed to verify Nonce", http.StatusInternalServerError)
errorChannel <- errors.New("Failed to verify Nonce") errorChannel <- errors.New("failed to verify Nonce")
return return
} }
var claims = new(TokenClaims) var claims = new(TokenClaims)
if err := idToken.Claims(&claims); err != nil { if err := idToken.Claims(&claims); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
errorChannel <- errors.New("Failed to verify Claims: " + err.Error()) errorChannel <- errors.New("failed to verify Claims: " + err.Error())
return return
} }
w.Write([]byte("Signed in successfully, return to cli app")) w.Write([]byte("Signed in successfully, return to cli app"))
@ -234,7 +234,7 @@ func (p ProviderConfig) Authenticate(t *OAuth2Token) error {
server.Shutdown(ctx) server.Shutdown(ctx)
IDToken, ok := res.Extra("id_token").(string) IDToken, ok := res.Extra("id_token").(string)
if !ok { if !ok {
return errors.New("Can't extract id_token") return errors.New("can't extract id_token")
} }
t.AccessToken = res.AccessToken t.AccessToken = res.AccessToken
t.RefreshToken = res.RefreshToken t.RefreshToken = res.RefreshToken