generated from coulomb/repo-seed
Use basic auth for Authelia token exchange
Some checks failed
Build and Publish Container Image / build-and-push (push) Has been cancelled
Some checks failed
Build and Publish Container Image / build-and-push (push) Has been cancelled
This commit is contained in:
@@ -143,13 +143,13 @@ func (a *AutheliaAdapter) exchangeCode(_ context.Context, code string) (*tokenRe
|
|||||||
body.Set("code", code)
|
body.Set("code", code)
|
||||||
body.Set("redirect_uri", a.cfg.RedirectURI)
|
body.Set("redirect_uri", a.cfg.RedirectURI)
|
||||||
body.Set("client_id", a.cfg.ClientID)
|
body.Set("client_id", a.cfg.ClientID)
|
||||||
body.Set("client_secret", a.cfg.ClientSecret)
|
|
||||||
|
|
||||||
req, err := http.NewRequest(http.MethodPost, tokenURL, strings.NewReader(body.Encode()))
|
req, err := http.NewRequest(http.MethodPost, tokenURL, strings.NewReader(body.Encode()))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("authelia: build token request: %w", err)
|
return nil, fmt.Errorf("authelia: build token request: %w", err)
|
||||||
}
|
}
|
||||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||||
|
req.SetBasicAuth(a.cfg.ClientID, a.cfg.ClientSecret)
|
||||||
|
|
||||||
resp, err := a.client.Do(req)
|
resp, err := a.client.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
@@ -179,6 +180,27 @@ func TestHandleCallback_Success_PreferredUsername(t *testing.T) {
|
|||||||
if req.Method != http.MethodPost {
|
if req.Method != http.MethodPost {
|
||||||
t.Errorf("expected POST, got %s", req.Method)
|
t.Errorf("expected POST, got %s", req.Method)
|
||||||
}
|
}
|
||||||
|
gotID, gotSecret, ok := req.BasicAuth()
|
||||||
|
if !ok {
|
||||||
|
t.Error("expected client_secret_basic authentication")
|
||||||
|
}
|
||||||
|
if gotID != "keycape" || gotSecret != "test-secret" {
|
||||||
|
t.Errorf("unexpected basic auth credentials for client %q", gotID)
|
||||||
|
}
|
||||||
|
rawBody, err := io.ReadAll(req.Body)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("read request body: %v", err)
|
||||||
|
}
|
||||||
|
form, err := url.ParseQuery(string(rawBody))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("parse request body: %v", err)
|
||||||
|
}
|
||||||
|
if form.Get("client_secret") != "" {
|
||||||
|
t.Error("client_secret must not be sent in the form body")
|
||||||
|
}
|
||||||
|
if form.Get("client_id") != "keycape" {
|
||||||
|
t.Errorf("client_id: want keycape, got %q", form.Get("client_id"))
|
||||||
|
}
|
||||||
return jsonResponse(tokenBody), nil
|
return jsonResponse(tokenBody), nil
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user