From 3abb25166c5da155b8ce1f708268aabf9ad9c9d7 Mon Sep 17 00:00:00 2001 From: "oscar.lofwenhamn" <44643697+oscarlofwenhamn@users.noreply.github.com> Date: Mon, 24 Feb 2020 19:19:25 +0100 Subject: [PATCH] Update markbates/goth (backport) (#10445) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update markbates/goth to v1.61.2 - Fixes a JWT decoding issue in the OpenID provider - Updates the GitHub provider to use the authorization header for authentication - Updates the Twitch provider for Twitch's v5 API changes - Adds the email and is_private_email fields to the Apple provider's GetUser implementation - Modifies gothic to export a non-collidable context key for setting the Provider in a context.Context - Adds new scopes to the Spotify provider - Adds the IDToken from OpenID providers on the user struct - Make Apple provider's SecretParams public - Adds support for sign in with Apple, and drops support for Go versions 1.7 and 1.8 - Fixes the Slack provider's FetchURL logic to use the appropriate scope for the info it needs Signed-off-by: Oscar LÃfwenhamn --- go.mod | 2 +- go.sum | 5 +++-- vendor/github.com/markbates/goth/.travis.yml | 4 +--- vendor/github.com/markbates/goth/README.md | 1 + vendor/github.com/markbates/goth/go.mod | 3 +++ vendor/github.com/markbates/goth/go.sum | 8 ++++++++ .../github.com/markbates/goth/gothic/gothic.go | 16 ++++++++++++++++ .../markbates/goth/providers/github/github.go | 9 ++++++--- .../providers/openidConnect/openidConnect.go | 13 +++++-------- vendor/github.com/markbates/goth/user.go | 1 + vendor/modules.txt | 2 +- 11 files changed, 46 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index eb7acc4a3..672de02fa 100644 --- a/go.mod +++ b/go.mod @@ -62,7 +62,7 @@ require ( github.com/lib/pq v1.2.0 github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96 github.com/mailru/easyjson v0.7.0 // indirect - github.com/markbates/goth v1.56.0 + github.com/markbates/goth v1.61.2 github.com/mattn/go-isatty v0.0.7 github.com/mattn/go-oci8 v0.0.0-20190320171441-14ba190cf52d // indirect github.com/mattn/go-sqlite3 v1.11.0 diff --git a/go.sum b/go.sum index 46d878858..ea0053f39 100644 --- a/go.sum +++ b/go.sum @@ -351,6 +351,7 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/lafriks/xormstore v1.3.2 h1:hqi3F8s/B4rz8GuEZZDuHuOxRjeuOpEI/cC7vcnWwH4= github.com/lafriks/xormstore v1.3.2/go.mod h1:mVNIwIa25QIr8rfR7YlVjrqN/apswHkVdtLCyVYBzXw= +github.com/lestrrat-go/jwx v0.9.0/go.mod h1:iEoxlYfZjvoGpuWwxUz+eR5e6KTJGsaRcy/YNA/UnBk= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -370,8 +371,8 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM= github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/markbates/going v1.0.0/go.mod h1:I6mnB4BPnEeqo85ynXIx1ZFLLbtiLHNXVgWeFO9OGOA= -github.com/markbates/goth v1.56.0 h1:XEYedCgMNz5pi3ojXI8z2XUmXtBnMeuKUpx4Z6HlNj8= -github.com/markbates/goth v1.56.0/go.mod h1:zZmAw0Es0Dpm7TT/4AdN14QrkiWLMrrU9Xei1o+/mdA= +github.com/markbates/goth v1.61.2 h1:jDowrUH5qw8KGuQdKwFhLzkXkTYCIPfz3LHADJsiPIs= +github.com/markbates/goth v1.61.2/go.mod h1:qh2QfwZoWRucQ+DR5KVKC6dUGkNCToWh4vS45GIzFsY= github.com/mattn/go-isatty v0.0.7 h1:UvyT9uN+3r7yLEYSlJsbQGdsaB/a0DlgWP3pql6iwOc= github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-oci8 v0.0.0-20190320171441-14ba190cf52d h1:m+dSK37rFf2fqppZhg15yI2IwC9BtucBiRwSDm9VL8g= diff --git a/vendor/github.com/markbates/goth/.travis.yml b/vendor/github.com/markbates/goth/.travis.yml index 7fd29cde8..0bf9f1b87 100644 --- a/vendor/github.com/markbates/goth/.travis.yml +++ b/vendor/github.com/markbates/goth/.travis.yml @@ -3,9 +3,7 @@ language: go sudo: false go: - - 1.7 - - 1.8 - - 1.9 + - "1.9" - "1.10" - "1.11" - "1.12" diff --git a/vendor/github.com/markbates/goth/README.md b/vendor/github.com/markbates/goth/README.md index a35746e4e..a2b988f5a 100644 --- a/vendor/github.com/markbates/goth/README.md +++ b/vendor/github.com/markbates/goth/README.md @@ -17,6 +17,7 @@ $ go get github.com/markbates/goth ## Supported Providers * Amazon +* Apple * Auth0 * Azure AD * Battle.net diff --git a/vendor/github.com/markbates/goth/go.mod b/vendor/github.com/markbates/goth/go.mod index 11b3857d7..941bb64fd 100644 --- a/vendor/github.com/markbates/goth/go.mod +++ b/vendor/github.com/markbates/goth/go.mod @@ -3,12 +3,15 @@ module github.com/markbates/goth require ( cloud.google.com/go v0.30.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/gorilla/mux v1.6.2 github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1 github.com/gorilla/sessions v1.1.1 github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da + github.com/lestrrat-go/jwx v0.9.0 github.com/markbates/going v1.0.0 github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c + github.com/pkg/errors v0.8.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/stretchr/testify v1.2.2 golang.org/x/oauth2 v0.0.0-20180620175406-ef147856a6dd diff --git a/vendor/github.com/markbates/goth/go.sum b/vendor/github.com/markbates/goth/go.sum index ae4383295..1ecf8cdbc 100644 --- a/vendor/github.com/markbates/goth/go.sum +++ b/vendor/github.com/markbates/goth/go.sum @@ -2,6 +2,8 @@ cloud.google.com/go v0.30.0 h1:xKvyLgk56d0nksWq49J0UyGEeUIicTl4+UBiX1NPX9g= cloud.google.com/go v0.30.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8= @@ -16,10 +18,16 @@ github.com/gorilla/sessions v1.1.1 h1:YMDmfaK68mUixINzY/XjscuJ47uXFWSSHzFbBQM0Pr github.com/gorilla/sessions v1.1.1/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w= github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da h1:FjHUJJ7oBW4G/9j1KzlHaXL09LyMVM9rupS39lncbXk= github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4= +github.com/lestrrat-go/jwx v0.9.0 h1:Fnd0EWzTm0kFrBPzE/PEPp9nzllES5buMkksPMjEKpM= +github.com/lestrrat-go/jwx v0.9.0/go.mod h1:iEoxlYfZjvoGpuWwxUz+eR5e6KTJGsaRcy/YNA/UnBk= +github.com/lestrrat/jwx v0.9.0 h1:sxyUKCQ0KpX4+GPvSu9lAS0tIwpg7F/O8p/HqyZL4ns= +github.com/lestrrat/jwx v0.9.0/go.mod h1:Ogdl8bCZz7p5/jj4RY2LQTceY/c+AoTIk9gJY+KP4H0= github.com/markbates/going v1.0.0 h1:DQw0ZP7NbNlFGcKbcE/IVSOAFzScxRtLpd0rLMzLhq0= github.com/markbates/going v1.0.0/go.mod h1:I6mnB4BPnEeqo85ynXIx1ZFLLbtiLHNXVgWeFO9OGOA= github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c h1:3wkDRdxK92dF+c1ke2dtj7ZzemFWBHB9plnJOtlwdFA= github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c/go.mod h1:skjdDftzkFALcuGzYSklqYd8gvat6F1gZJ4YPVbkZpM= +github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= diff --git a/vendor/github.com/markbates/goth/gothic/gothic.go b/vendor/github.com/markbates/goth/gothic/gothic.go index ea4e1e0db..edd0e98d7 100644 --- a/vendor/github.com/markbates/goth/gothic/gothic.go +++ b/vendor/github.com/markbates/goth/gothic/gothic.go @@ -10,6 +10,7 @@ package gothic import ( "bytes" "compress/gzip" + "context" "crypto/rand" "encoding/base64" "errors" @@ -35,6 +36,11 @@ var defaultStore sessions.Store var keySet = false +type key int + +// ProviderParamKey can be used as a key in context when passing in a provider +const ProviderParamKey key = iota + func init() { key := []byte(os.Getenv("SESSION_SECRET")) keySet = len(key) != 0 @@ -265,6 +271,11 @@ func getProviderName(req *http.Request) (string, error) { return p, nil } + // try to get it from the go-context's value of providerContextKey key + if p, ok := req.Context().Value(ProviderParamKey).(string); ok { + return p, nil + } + // As a fallback, loop over the used providers, if we already have a valid session for any provider (ie. user has already begun authentication with a provider), then return that provider name providers := goth.GetProviders() session, _ := Store.Get(req, SessionName) @@ -280,6 +291,11 @@ func getProviderName(req *http.Request) (string, error) { return "", errors.New("you must select a provider") } +// GetContextWithProvider returns a new request context containing the provider +func GetContextWithProvider(req *http.Request, provider string) *http.Request { + return req.WithContext(context.WithValue(req.Context(), ProviderParamKey, provider)) +} + // StoreInSession stores a specified key/value pair in the session. func StoreInSession(key string, value string, req *http.Request, res http.ResponseWriter) error { session, _ := Store.New(req, SessionName) diff --git a/vendor/github.com/markbates/goth/providers/github/github.go b/vendor/github.com/markbates/goth/providers/github/github.go index b3c29b967..e635f5272 100644 --- a/vendor/github.com/markbates/goth/providers/github/github.go +++ b/vendor/github.com/markbates/goth/providers/github/github.go @@ -10,7 +10,6 @@ import ( "io" "io/ioutil" "net/http" - "net/url" "strconv" "strings" @@ -105,7 +104,9 @@ func (p *Provider) FetchUser(session goth.Session) (goth.User, error) { return user, fmt.Errorf("%s cannot get user information without accessToken", p.providerName) } - response, err := p.Client().Get(p.profileURL + "?access_token=" + url.QueryEscape(sess.AccessToken)) + req, err := http.NewRequest("GET", p.profileURL, nil) + req.Header.Add("Authorization", "Bearer "+sess.AccessToken) + response, err := p.Client().Do(req) if err != nil { return user, err } @@ -172,7 +173,9 @@ func userFromReader(reader io.Reader, user *goth.User) error { } func getPrivateMail(p *Provider, sess *Session) (email string, err error) { - response, err := p.Client().Get(p.emailURL + "?access_token=" + url.QueryEscape(sess.AccessToken)) + req, err := http.NewRequest("GET", p.emailURL, nil) + req.Header.Add("Authorization", "Bearer "+sess.AccessToken) + response, err := p.Client().Do(req) if err != nil { if response != nil { response.Body.Close() diff --git a/vendor/github.com/markbates/goth/providers/openidConnect/openidConnect.go b/vendor/github.com/markbates/goth/providers/openidConnect/openidConnect.go index a4ff1d40f..421d816ff 100644 --- a/vendor/github.com/markbates/goth/providers/openidConnect/openidConnect.go +++ b/vendor/github.com/markbates/goth/providers/openidConnect/openidConnect.go @@ -6,12 +6,13 @@ import ( "encoding/json" "errors" "fmt" - "github.com/markbates/goth" - "golang.org/x/oauth2" "io/ioutil" "net/http" "strings" "time" + + "github.com/markbates/goth" + "golang.org/x/oauth2" ) const ( @@ -173,6 +174,7 @@ func (p *Provider) FetchUser(session goth.Session) (goth.User, error) { RefreshToken: sess.RefreshToken, ExpiresAt: expiresAt, RawData: claims, + IDToken: sess.IDToken, } p.userFromClaims(claims, &user) @@ -391,13 +393,8 @@ func decodeJWT(jwt string) (map[string]interface{}, error) { return nil, errors.New("jws: invalid token received, not all parts available") } - // Re-pad, if needed - encodedPayload := jwtParts[1] - if l := len(encodedPayload) % 4; l != 0 { - encodedPayload += strings.Repeat("=", 4-l) - } + decodedPayload, err := base64.URLEncoding.WithPadding(base64.NoPadding).DecodeString(jwtParts[1]) - decodedPayload, err := base64.StdEncoding.DecodeString(encodedPayload) if err != nil { return nil, err } diff --git a/vendor/github.com/markbates/goth/user.go b/vendor/github.com/markbates/goth/user.go index 1d6a41963..0cc583051 100644 --- a/vendor/github.com/markbates/goth/user.go +++ b/vendor/github.com/markbates/goth/user.go @@ -27,4 +27,5 @@ type User struct { AccessTokenSecret string RefreshToken string ExpiresAt time.Time + IDToken string } diff --git a/vendor/modules.txt b/vendor/modules.txt index f25a16f4a..bb7728268 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -293,7 +293,7 @@ github.com/magiconair/properties github.com/mailru/easyjson/buffer github.com/mailru/easyjson/jlexer github.com/mailru/easyjson/jwriter -# github.com/markbates/goth v1.56.0 +# github.com/markbates/goth v1.61.2 github.com/markbates/goth github.com/markbates/goth/gothic github.com/markbates/goth/providers/bitbucket