From a66b89ca6eebf20b161b12f7b1020ad6856e96cc Mon Sep 17 00:00:00 2001 From: Nick Davis Date: Wed, 4 Oct 2023 15:46:45 +0100 Subject: [PATCH] remove onelogin mock as that is now in a seperate repo --- mock-integrations/one-login/Dockerfile | 11 - mock-integrations/one-login/go.mod | 8 - mock-integrations/one-login/go.sum | 8 - mock-integrations/one-login/main.go | 266 ------------------------- 4 files changed, 293 deletions(-) delete mode 100644 mock-integrations/one-login/Dockerfile delete mode 100644 mock-integrations/one-login/go.mod delete mode 100644 mock-integrations/one-login/go.sum delete mode 100644 mock-integrations/one-login/main.go diff --git a/mock-integrations/one-login/Dockerfile b/mock-integrations/one-login/Dockerfile deleted file mode 100644 index 2cd6dbd512..0000000000 --- a/mock-integrations/one-login/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM golang:1.20 as build-env - -WORKDIR /app - -COPY . . - -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -o onelogin main.go - -CMD [ "./onelogin" ] - -EXPOSE 8080 diff --git a/mock-integrations/one-login/go.mod b/mock-integrations/one-login/go.mod deleted file mode 100644 index 6b6eea71ab..0000000000 --- a/mock-integrations/one-login/go.mod +++ /dev/null @@ -1,8 +0,0 @@ -module github.com/ministryofjustice/opg-use-an-lpa/mock-integrations/one-login - -go 1.20 - -require ( - github.com/golang-jwt/jwt/v4 v4.5.0 - github.com/ministryofjustice/opg-go-common v0.0.0-20220816144329-763497f29f90 -) diff --git a/mock-integrations/one-login/go.sum b/mock-integrations/one-login/go.sum deleted file mode 100644 index 41c7d22043..0000000000 --- a/mock-integrations/one-login/go.sum +++ /dev/null @@ -1,8 +0,0 @@ -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/ministryofjustice/opg-go-common v0.0.0-20220816144329-763497f29f90 h1:mxTHIeCYV7LDZPN7C44wwLlBTUsgQ0G8FQprsrsKXaA= -github.com/ministryofjustice/opg-go-common v0.0.0-20220816144329-763497f29f90/go.mod h1:1RmCNi6dkAv8umAgNHp8RkuBoSKLlxp1UtfsGYH7ufc= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= diff --git a/mock-integrations/one-login/main.go b/mock-integrations/one-login/main.go deleted file mode 100644 index ef79bea560..0000000000 --- a/mock-integrations/one-login/main.go +++ /dev/null @@ -1,266 +0,0 @@ -package main - -import ( - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "encoding/base64" - "encoding/json" - "flag" - "fmt" - "log" - "net/http" - "net/url" - "time" - - "github.com/golang-jwt/jwt/v4" - "github.com/ministryofjustice/opg-go-common/env" -) - -var ( - port = env.Get("PORT", "8080") - publicURL = env.Get("PUBLIC_URL", "http://localhost:8080") - internalURL = env.Get("INTERNAL_URL", "http://mock-onelogin:8080") - clientId = env.Get("CLIENT_ID", "theClientId") - serviceRedirectUrl = env.Get("REDIRECT_URL", "http://localhost:5050/auth/redirect") - - nonce string - returnIdentity = false - signingKid = "my-kid" - signingKey, _ = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - sub = "urn:fdc:mock-one-login:2023:T25lIExvZ2luICsgUEhQIG1ha2VzIGZvciBzYWQgdGltZQ==" -) - -type OpenIdConfig struct { - AuthorizationEndpoint string `json:"authorization_endpoint"` - Issuer string `json:"issuer"` - TokenEndpoint string `json:"token_endpoint"` - UserinfoEndpoint string `json:"userinfo_endpoint"` - JwksURI string `json:"jwks_uri"` -} - -type TokenResponse struct { - AccessToken string `json:"access_token"` - TokenType string `json:"token_type"` - IDToken string `json:"id_token"` -} - -type UserInfoResponse struct { - Sub string `json:"sub"` - Email string `json:"email"` - EmailVerified bool `json:"email_verified"` - Phone string `json:"phone"` - PhoneVerified bool `json:"phone_verified"` - UpdatedAt int `json:"updated_at"` - CoreIdentityJWT string `json:"https://vocab.account.gov.uk/v1/coreIdentityJWT,omitempty"` -} - -const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - -func stringWithCharset(length int, charset string) string { - bytes := make([]byte, length) - _, err := rand.Read(bytes) - if err != nil { - panic(err) - } - for i, b := range bytes { - bytes[i] = charset[b%byte(len(charset))] - } - return string(bytes) -} - -func randomString(length int) string { - return stringWithCharset(length, charset) -} - -func createSignedToken(clientId, issuer string) (string, error) { - t := jwt.New(jwt.SigningMethodES256) - - t.Header["kid"] = signingKid - - t.Claims = jwt.MapClaims{ - "sub": sub, - "iss": issuer, - "nonce": nonce, - "aud": clientId, - "exp": time.Now().Add(time.Minute * 5).Unix(), - "iat": time.Now().Unix(), - } - - return t.SignedString(signingKey) -} - -func openIDConfig(c OpenIdConfig) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - json.NewEncoder(w).Encode(c) - } -} - -func jwks() http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - publicKey := signingKey.PublicKey - - w.Header().Set("Content-Type", "application/json") - json.NewEncoder(w).Encode(map[string]interface{}{ - "keys": []map[string]interface{}{ - { - "kty": "EC", - "use": "sig", - "crv": "P-256", - "kid": signingKid, - "x": base64.URLEncoding.EncodeToString(publicKey.X.Bytes()), - "y": base64.URLEncoding.EncodeToString(publicKey.Y.Bytes()), - "alg": "ES256", - }, - }, - }) - } -} - -func token(clientId, issuer string) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - t, err := createSignedToken(clientId, issuer) - if err != nil { - log.Fatalf("Error creating JWT: %s", err) - } - - json.NewEncoder(w).Encode(TokenResponse{ - AccessToken: "access-token-value", - TokenType: "Bearer", - IDToken: t, - }) - } -} - -func authorize() http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - log.Println("/authorize") - - nonce = r.FormValue("nonce") - - redirectUri := r.FormValue("redirect_uri") - if redirectUri == "" { - log.Fatal("Required query param 'redirect_uri' missing from request") - } - - if redirectUri != serviceRedirectUrl { - log.Fatalf("redirect_uri does not match pre-defined redirect URL (in RL this is set with GDS at a service level). Got %s, want %s", redirectUri, serviceRedirectUrl) - } - - u, parseErr := url.Parse(redirectUri) - if parseErr != nil { - log.Fatalf("Error parsing redirect_uri: %s", parseErr) - } - - q := u.Query() - - code := randomString(10) - q.Set("code", code) - q.Set("state", r.FormValue("state")) - - if r.FormValue("vtr") == "[Cl.Cm.P2]" && r.FormValue("claims") == `{"userinfo":{"https://vocab.account.gov.uk/v1/coreIdentityJWT": null}}` { - returnIdentity = true - } - - u.RawQuery = q.Encode() - - log.Printf("Redirecting to %s", u.String()) - - http.Redirect(w, r, u.String(), 302) - } -} - -func userInfo(privateKey *ecdsa.PrivateKey) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - userInfo := UserInfoResponse{ - Sub: sub, - Email: "opg-use-an-lpa+test-user@digital.justice.gov.uk", - EmailVerified: true, - Phone: "01406946277", - PhoneVerified: true, - UpdatedAt: 1311280970, - } - - if returnIdentity { - userInfo.CoreIdentityJWT, _ = jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{ - "iat": time.Now().Add(-time.Minute).Unix(), - "vc": map[string]any{ - "type": []string{}, - "credentialSubject": map[string]any{ - "name": []map[string]any{ - { - "validFrom": "2000-01-01", - "nameParts": []map[string]any{ - {"type": "GivenName", "value": "John"}, - {"type": "FamilyName", "value": "Doe"}, - }, - }, - }, - "birthDate": []map[string]any{ - { - "value": "1970-01-02", - }, - }, - }, - }, - }).SignedString(privateKey) - } - - json.NewEncoder(w).Encode(userInfo) - } -} - -func logout() http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - log.Println("/logout was called") - postLogoutRedirectUri := r.FormValue("post_logout_redirect_uri") - - if postLogoutRedirectUri == "" { - log.Fatal("Required query param 'post_logout_redirect_uri' missing from request") - } - - u, parseErr := url.Parse(postLogoutRedirectUri) - if parseErr != nil { - log.Fatalf("Error parsing redirect_uri: %s", parseErr) - } - - log.Printf("Redirecting to %s", u.String()) - http.Redirect(w, r, u.String(), 302) - } -} - -func main() { - flag.Parse() - - c := OpenIdConfig{ - Issuer: publicURL, - AuthorizationEndpoint: publicURL + "/authorize", - TokenEndpoint: internalURL + "/token", - UserinfoEndpoint: internalURL + "/userinfo", - JwksURI: internalURL + "/.well-known/jwks", - } - - privateKeyBytes, _ := base64.StdEncoding.DecodeString("LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBheDJBYW92aXlQWDF3cndmS2FWckxEOHdQbkpJcUlicTMzZm8rWHdBZDdvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFSlEyVmtpZWtzNW9rSTIxY1Jma0FhOXVxN0t4TTZtMmpaWUJ4cHJsVVdCWkNFZnhxMjdwVQp0Qzd5aXplVlRiZUVqUnlJaStYalhPQjFBbDhPbHFtaXJnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=") - privateKey, _ := jwt.ParseECPrivateKeyFromPEM(privateKeyBytes) - - http.HandleFunc("/.well-known/openid-configuration", openIDConfig(c)) - http.HandleFunc("/.well-known/jwks", jwks()) - http.HandleFunc("/authorize", authorize()) - http.HandleFunc("/token", token(clientId, c.Issuer)) - http.HandleFunc("/userinfo", userInfo(privateKey)) - http.HandleFunc("/logout", logout()) - - log.Println("GOV UK Sign in mock initialized") - - if err := http.ListenAndServe(fmt.Sprintf(":%s", port), logRoute(http.DefaultServeMux)); err != nil { - panic(err) - } -} - -func logRoute(h http.Handler) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - log.Println(r.Method, r.URL.Path) - h.ServeHTTP(w, r) - } -}