Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve provider name handling #213

Open
wants to merge 8 commits into
base: master
Choose a base branch
from

Conversation

cyb3r4nt
Copy link
Contributor

The problem occurs when the provider name contains underscore characters _.
If provider name is like provider_prod and full claims.User.ID in the JWT token looks like provider_prod_user1,
then Authenticator.isProviderAllowed() check fails and provider with such name cannot be used.
This was initially discovered in #201 (comment).

It might be better to add an explicit provider name into the JWT token claims,
and avoid parsing already serialized string back to tokens.

Provider name passed into Service.AddProvider() also becomes a part of https://host:port/auth/provider_prod/login URL, and therefore it requires special handling.
One solution is to url-encode it, but then it will be still possible to use names containing spaces or special characters (by accident or with purpose).
Another solution is to forbid all provider names which require url-encoding.
It might be better to forbid empty names as well.
_ underscore has been mentioned in the README examples for some time now, i am not sure about it.
But those names may be even more strict and contain only ASCII alphanumeric symbols.
What do you think?

It is not possible to return errors from Service.AddProvider(), therefore invalid providers are just ignored and ERROR level message is logged.

cyb3r4nt added 4 commits June 3, 2024 15:01
Now it is possible to have a configuration,
where only one single dev provider is enabled.

Providers were not registered into Service.authMiddleware.Provicers slice
in the Service.AddDevProvider() and Service.AddAppleProvider() methods before.
Add provider name into JWT token claims
to allow provider names with multiple underscore "_" symbols.
Forbid provider names containing URL reserved symbols.
@cyb3r4nt cyb3r4nt requested a review from umputun as a code owner August 29, 2024 21:49
@cyb3r4nt
Copy link
Contributor Author

golangci-lint fixes are in #214

cyb3r4nt and others added 3 commits September 2, 2024 09:55
There were two different race conditions between logic in TestTelegramConfirmedRequest
and TelegramAPIMock.GetUpdatesFunc and TelegramAPIMock.SendFunc:
* GetUpdatesFunc may start before token was fetched,
then it produces empty telegramUpdate response, which causes assertions in SendFunc to fail.
* When token becomes used and removed from wait queue after successful login completion,
then GetUpdatesFunc may be still called and new telegram update is created for same token.
This breaks telegram update processing logic,
and SendFunc gets called with the error parameter, which also breaks assertions.
@coveralls
Copy link

coveralls commented Sep 2, 2024

Pull Request Test Coverage Report for Build 10662288047

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 65 of 65 (100.0%) changed or added relevant lines in 9 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.3%) to 83.669%

Totals Coverage Status
Change from base Build 10155852578: 0.3%
Covered Lines: 2659
Relevant Lines: 3178

💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants