Skip to content

Commit

Permalink
Merge branch 'master' into revoke-refresh-token-on-request-only
Browse files Browse the repository at this point in the history
  • Loading branch information
vivshankar committed Feb 17, 2024
2 parents 7611f37 + 1f27af4 commit c381cb2
Show file tree
Hide file tree
Showing 243 changed files with 631 additions and 394 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/format.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: "1.20"
go-version: "1.21"
- run: make format
- name: Indicate formatting issues
run: git diff HEAD --exit-code --color
2 changes: 1 addition & 1 deletion .github/workflows/licenses.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.20"
go-version: "1.21"
- uses: actions/setup-node@v2
with:
node-version: "18"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/oidc-conformity-master.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
ref: master
- uses: actions/setup-go@v2
with:
go-version: "1.20"
go-version: "1.21"
- name: Update fosite
run: |
go mod edit -replace github.com/ory/fosite=github.com/ory/fosite@${{ github.sha }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/oidc-conformity.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
ref: master
- uses: actions/setup-go@v2
with:
go-version: "1.20"
go-version: "1.21"
- name: Update fosite
run: |
go mod edit -replace github.com/ory/fosite=github.com/${{ github.event.pull_request.head.repo.full_name }}@${{ github.event.pull_request.head.sha }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: "1.20"
go-version: "1.21"
- run: make test
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
**This file is no longer being updated and kept for historical reasons. Please check
the [GitHub releases](https://github.com/ory/fosite/releases) instead!**

<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->

Expand Down
2 changes: 1 addition & 1 deletion HISTORY.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
**THIS DOCUMENT HAS MOVED**

This file is no longer being updated and kept for historical reasons. Please
check the [CHANGELOG](changelog.md) instead!
check the [CHANGELOG](CHANGELOG.md) instead!

<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
Expand Down
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -315,10 +315,11 @@ panic("unable to create private key")
// check the api docs of fosite.Config for further configuration options
var config = &fosite.Config{
AccessTokenLifespan: time.Minute * 30,
GlobalSecret: secret,
// ...
}

var oauth2Provider = compose.ComposeAllEnabled(config, storage, secret, privateKey)
var oauth2Provider = compose.ComposeAllEnabled(config, storage, privateKey)

// The authorize endpoint is usually at "https://mydomain.com/oauth2/auth".
func authorizeHandlerFunc(rw http.ResponseWriter, req *http.Request) {
Expand Down
2 changes: 1 addition & 1 deletion access_error.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion access_error_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite_test
Expand Down
2 changes: 1 addition & 1 deletion access_request.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion access_request_handler.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion access_request_handler_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite_test
Expand Down
2 changes: 1 addition & 1 deletion access_request_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion access_response.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion access_response_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite_test
Expand Down
2 changes: 1 addition & 1 deletion access_response_writer.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion access_response_writer_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite_test
Expand Down
2 changes: 1 addition & 1 deletion access_write.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion access_write_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite_test
Expand Down
2 changes: 1 addition & 1 deletion arguments.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion arguments_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion audience_strategy.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion audience_strategy_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion authorize_error.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion authorize_error_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite_test
Expand Down
18 changes: 8 additions & 10 deletions authorize_helper.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand All @@ -8,8 +8,8 @@ import (
"fmt"
"html/template"
"io"
"net"
"net/url"
"regexp"
"strings"

"github.com/ory/x/errorsx"
Expand Down Expand Up @@ -130,7 +130,7 @@ func isMatchingAsLoopback(requested *url.URL, registeredURI string) bool {
//
// Source: https://tools.ietf.org/html/rfc8252#section-7.3
if requested.Scheme == "http" &&
isLoopbackAddress(requested.Host) &&
isLoopbackAddress(requested.Hostname()) &&
registered.Hostname() == requested.Hostname() &&
// The port is skipped here - see codedoc above!
registered.Path == requested.Path &&
Expand All @@ -141,11 +141,9 @@ func isMatchingAsLoopback(requested *url.URL, registeredURI string) bool {
return false
}

// Check if address is either an IPv4 loopback or an IPv6 loopback-
// An optional port is ignored
func isLoopbackAddress(address string) bool {
match, _ := regexp.MatchString("^(127.0.0.1|\\[::1\\])(:?)(\\d*)$", address)
return match
// Check if address is either an IPv4 loopback or an IPv6 loopback.
func isLoopbackAddress(hostname string) bool {
return net.ParseIP(hostname).IsLoopback()
}

// IsValidRedirectURI validates a redirect_uri as specified in:
Expand Down Expand Up @@ -177,13 +175,13 @@ func IsRedirectURISecure(ctx context.Context, redirectURI *url.URL) bool {
// IsRedirectURISecureStrict is stricter than IsRedirectURISecure and it does not allow custom-scheme
// URLs because they can be hijacked for native apps. Use claimed HTTPS redirects instead.
// See discussion in https://github.com/ory/fosite/pull/489.
func IsRedirectURISecureStrict(redirectURI *url.URL) bool {
func IsRedirectURISecureStrict(ctx context.Context, redirectURI *url.URL) bool {
return redirectURI.Scheme == "https" || (redirectURI.Scheme == "http" && IsLocalhost(redirectURI))
}

func IsLocalhost(redirectURI *url.URL) bool {
hn := redirectURI.Hostname()
return strings.HasSuffix(hn, ".localhost") || hn == "127.0.0.1" || hn == "::1" || hn == "localhost"
return strings.HasSuffix(hn, ".localhost") || isLoopbackAddress(hn) || hn == "localhost"
}

func WriteAuthorizeFormPostResponse(redirectURL string, parameters url.Values, template *template.Template, rw io.Writer) {
Expand Down
4 changes: 2 additions & 2 deletions authorize_helper_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite_test
Expand Down Expand Up @@ -309,7 +309,7 @@ func TestIsRedirectURISecureStrict(t *testing.T) {
} {
uu, err := url.Parse(c.u)
require.NoError(t, err)
assert.Equal(t, !c.err, fosite.IsRedirectURISecureStrict(uu), "case %d", d)
assert.Equal(t, !c.err, fosite.IsRedirectURISecureStrict(context.Background(), uu), "case %d", d)
}
}

Expand Down
82 changes: 82 additions & 0 deletions authorize_helper_whitebox_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite

import (
"net/url"
"testing"

"github.com/stretchr/testify/assert"
)

func TestIsLookbackAddress(t *testing.T) {
testCases := []struct {
name string
have string
expected bool
}{
{
"ShouldReturnTrueIPv4Loopback",
"127.0.0.1",
true,
},
{
"ShouldReturnTrueIPv4LoopbackWithPort",
"127.0.0.1:1230",
true,
},
{
"ShouldReturnTrueIPv6Loopback",
"[::1]",
true,
},
{
"ShouldReturnTrueIPv6LoopbackWithPort",
"[::1]:1230",
true,
},
{
"ShouldReturnTrue12700255",
"127.0.0.255",
true,
},
{
"ShouldReturnTrue12700255WithPort",
"127.0.0.255:1230",
true,
},
{
"ShouldReturnFalse128001",
"128.0.0.1",
false,
},
{
"ShouldReturnFalse128001WithPort",
"128.0.0.1:1230",
false,
},
{
"ShouldReturnFalseInvalidFourthOctet",
"127.0.0.11230",
false,
},
{
"ShouldReturnFalseInvalidIPv4",
"127x0x0x11230",
false,
},
{
"ShouldReturnFalseInvalidIPv6",
"[::1]1230",
false,
},
}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
u := url.URL{Host: tc.have}
assert.Equal(t, tc.expected, isLoopbackAddress(u.Hostname()))
})
}
}
2 changes: 1 addition & 1 deletion authorize_request.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion authorize_request_handler.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion authorize_request_handler_oidc_request_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion authorize_request_handler_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite_test
Expand Down
2 changes: 1 addition & 1 deletion authorize_request_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion authorize_response.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion authorize_response_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion authorize_response_writer.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion authorize_response_writer_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite_test
Expand Down
2 changes: 1 addition & 1 deletion authorize_validators_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
2 changes: 1 addition & 1 deletion authorize_write.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fosite
Expand Down
Loading

0 comments on commit c381cb2

Please sign in to comment.