🔥 Removed pkce domain, use code domain instead
This commit is contained in:
parent
a29b3c9b41
commit
bdb4c96af1
GPG Key ID:
1F14E25B7C119FC5
|
|
@ -1,58 +0,0 @@
|
|||
//nolint: gosec
|
||||
package domain
|
||||
|
||||
import (
|
||||
"crypto/md5"
|
||||
"crypto/sha1"
|
||||
"crypto/sha256"
|
||||
"crypto/sha512"
|
||||
"encoding/base64"
|
||||
"hash"
|
||||
"io"
|
||||
)
|
||||
|
||||
type (
|
||||
PKCE struct {
|
||||
Method PKCEMethod
|
||||
Verifier string
|
||||
Challenge string
|
||||
}
|
||||
|
||||
PKCEMethod string
|
||||
)
|
||||
|
||||
const (
|
||||
PKCEMethodMD5 PKCEMethod = "MD5"
|
||||
PKCEMethodPlain PKCEMethod = "plain"
|
||||
PKCEMethodS1 PKCEMethod = "S1"
|
||||
PKCEMethodS256 PKCEMethod = "S256"
|
||||
PKCEMethodS512 PKCEMethod = "S512"
|
||||
)
|
||||
|
||||
func (pkce PKCE) IsValid() bool {
|
||||
h := pkce.Method.Hash()
|
||||
if h == nil { // NOTE(toby3d): PLAIN
|
||||
return pkce.Challenge == pkce.Verifier
|
||||
}
|
||||
|
||||
_, _ = io.WriteString(h, pkce.Verifier)
|
||||
|
||||
return pkce.Challenge == base64.RawURLEncoding.EncodeToString(h.Sum(nil))
|
||||
}
|
||||
|
||||
func (m PKCEMethod) Hash() hash.Hash {
|
||||
switch m {
|
||||
case PKCEMethodMD5:
|
||||
return md5.New()
|
||||
case PKCEMethodS1:
|
||||
return sha1.New()
|
||||
case PKCEMethodS256:
|
||||
return sha256.New()
|
||||
case PKCEMethodS512:
|
||||
return sha512.New()
|
||||
case PKCEMethodPlain:
|
||||
fallthrough
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
|
@ -1,73 +0,0 @@
|
|||
package domain_test
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"io"
|
||||
"math/rand"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"source.toby3d.me/website/oauth/internal/domain"
|
||||
"source.toby3d.me/website/oauth/internal/random"
|
||||
)
|
||||
|
||||
const (
|
||||
MinLength int = 42
|
||||
MaxLength int = 128
|
||||
)
|
||||
|
||||
func TestPKCEIsValid(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
rand.Seed(time.Now().UnixNano())
|
||||
|
||||
//nolint: gosec
|
||||
verifier := random.New().String(MinLength + rand.Intn(MaxLength-MinLength))
|
||||
|
||||
for _, testCase := range []struct {
|
||||
Name string
|
||||
Method domain.PKCEMethod
|
||||
}{{
|
||||
Name: "MD5",
|
||||
Method: domain.PKCEMethodMD5,
|
||||
}, {
|
||||
Name: "plain",
|
||||
Method: domain.PKCEMethodPlain,
|
||||
}, {
|
||||
Name: "S1",
|
||||
Method: domain.PKCEMethodS1,
|
||||
}, {
|
||||
Name: "S256",
|
||||
Method: domain.PKCEMethodS256,
|
||||
}, {
|
||||
Name: "S512",
|
||||
Method: domain.PKCEMethodS512,
|
||||
}, {
|
||||
Name: "fallback to plain",
|
||||
Method: "UNDEFINED",
|
||||
}} {
|
||||
testCase := testCase
|
||||
|
||||
t.Run(testCase.Name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
pkce := &domain.PKCE{
|
||||
Method: testCase.Method,
|
||||
Verifier: verifier,
|
||||
Challenge: verifier,
|
||||
}
|
||||
|
||||
if h := pkce.Method.Hash(); h != nil {
|
||||
_, err := io.WriteString(h, pkce.Verifier)
|
||||
require.NoError(t, err)
|
||||
|
||||
pkce.Challenge = base64.RawURLEncoding.EncodeToString(h.Sum(nil))
|
||||
}
|
||||
|
||||
assert.True(t, pkce.IsValid())
|
||||
})
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue