From 27891e44924e1b96f0eaa3054846012ec20e0f95 Mon Sep 17 00:00:00 2001 From: branchmispredictor Date: Mon, 28 Dec 2020 15:05:28 -0500 Subject: [PATCH] Docs and formatting --- docs/content/doc/setup/config.md | 5 ++--- pkg/modules/auth/auth.go | 12 ++++++------ pkg/modules/auth/identityawareproxy/error.go | 4 ++-- .../identityawareproxy_test.go | 2 +- pkg/routes/api/v1/info.go | 2 +- pkg/routes/api/v1/login.go | 2 +- pkg/swagger/docs.go | 18 +++++------------- pkg/swagger/swagger.json | 18 +++++------------- pkg/swagger/swagger.yaml | 14 +++++--------- 9 files changed, 28 insertions(+), 49 deletions(-) diff --git a/docs/content/doc/setup/config.md b/docs/content/doc/setup/config.md index d4fdaedb5c..b78ccf2f66 100644 --- a/docs/content/doc/setup/config.md +++ b/docs/content/doc/setup/config.md @@ -654,8 +654,7 @@ Default: `` Identity-Aware Proxy configuration will allow users to authenticate through an identity-aware proxy in front of Vikunja.
The proxy needs to supply a signed JWT over HTTP headers with claims for `sub`, `iss`, and `email`. -This JWT must be signed using ECDSA or RSA. It must also serve the public keys for that signed JWT in the JWKS format. -Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/master/config.yml.sample) for more information about how to configure this authentication. -Default: `` \ No newline at end of file +Default: `` + diff --git a/pkg/modules/auth/auth.go b/pkg/modules/auth/auth.go index 4f0d2aa441..139544382c 100644 --- a/pkg/modules/auth/auth.go +++ b/pkg/modules/auth/auth.go @@ -106,11 +106,11 @@ func NewUserAuthTokenResponse(u *user.User, c echo.Context) error { func NewUserJWTAuthtoken(u *user.User) (token string, err error) { // Set claims claims := &AuthClaims{ - Type: AuthTypeUser, - UserID: u.ID, - UserUsername: u.Username, - UserEmail: u.Email, - UserName: u.Name, + Type: AuthTypeUser, + UserID: u.ID, + UserUsername: u.Username, + UserEmail: u.Email, + UserName: u.Name, UserEmailRemindersEnabled: u.EmailRemindersEnabled, StandardClaims: jwt.StandardClaims{ ExpiresAt: time.Now().Add(time.Hour * 72).Unix(), @@ -249,7 +249,7 @@ func GetJWTConfig() middleware.JWTConfig { // GetOrCreateUserFromExternalAuth returns a user after finding or creating a matching user for the provided details func GetOrCreateUserFromExternalAuth(s *xorm.Session, issuer, subject, email, name, preferredUsername string) (u *user.User, err error) { if issuer == "" || subject == "" || email == "" { - return nil, echo.NewHTTPError(http.StatusBadRequest, models.Message{Message: "Missing required data."}) + return nil, echo.NewHTTPError(http.StatusBadRequest, models.Message{Message: "Missing required data."}) } // Check if the user exists for that issuer and subject diff --git a/pkg/modules/auth/identityawareproxy/error.go b/pkg/modules/auth/identityawareproxy/error.go index 1427e2f177..8febb04bb7 100644 --- a/pkg/modules/auth/identityawareproxy/error.go +++ b/pkg/modules/auth/identityawareproxy/error.go @@ -70,7 +70,7 @@ func (err ErrIAPPublicKeysetMissing) HTTPError() web.HTTPError { } // ErrIAPUserFrontendMismatch represents a "IAPUserDoesNotMatchFrontendUser" kind of error. -type ErrIAPUserFrontendMismatch struct {} +type ErrIAPUserFrontendMismatch struct{} // IsErrIAPPublicKeysetMissing checks if an error is a ErrIAPUserFrontendMismatch. func IsErrIAPUserFrontendMismatch(err error) bool { @@ -114,7 +114,7 @@ func (err ErrIAPUnsupportedJWTSigningMethod) HTTPError() web.HTTPError { } // ErrIAPJWTMissingKID represents a "ErrIAPJWTMissingKID" kind of error. -type ErrIAPJWTMissingKID struct {} +type ErrIAPJWTMissingKID struct{} // IsErrIAPUnsupportedJWTSigningMethod checks if an error is a ErrIAPJWTMissingKID. func IsErrIAPJWTMissingKID(err error) bool { diff --git a/pkg/modules/auth/identityawareproxy/identityawareproxy_test.go b/pkg/modules/auth/identityawareproxy/identityawareproxy_test.go index 91f0d86fd3..55a28ce4cf 100644 --- a/pkg/modules/auth/identityawareproxy/identityawareproxy_test.go +++ b/pkg/modules/auth/identityawareproxy/identityawareproxy_test.go @@ -16,4 +16,4 @@ package identityawareproxy -// TODO test GetWebAuth() \ No newline at end of file +// TODO test GetWebAuth() diff --git a/pkg/routes/api/v1/info.go b/pkg/routes/api/v1/info.go index 7c6f1c5de3..2ee291d795 100644 --- a/pkg/routes/api/v1/info.go +++ b/pkg/routes/api/v1/info.go @@ -67,7 +67,7 @@ type openIDAuthInfo struct { } type identityAwareProxyAuthInfo struct { - Enabled bool `json:"enabled"` + Enabled bool `json:"enabled"` } type legalInfo struct { diff --git a/pkg/routes/api/v1/login.go b/pkg/routes/api/v1/login.go index 33898855fc..bf554a36f0 100644 --- a/pkg/routes/api/v1/login.go +++ b/pkg/routes/api/v1/login.go @@ -99,7 +99,7 @@ func RenewToken(c echo.Context) (err error) { newToken, err := auth.RenewToken(s, c) if err != nil { _ = s.Rollback() - return handler.HandleHTTPError(err, c) + return handler.HandleHTTPError(err, c) } if err := s.Commit(); err != nil { diff --git a/pkg/swagger/docs.go b/pkg/swagger/docs.go index 34eacccd9c..8de3381e27 100644 --- a/pkg/swagger/docs.go +++ b/pkg/swagger/docs.go @@ -32,16 +32,11 @@ var doc = `{ "host": "{{.Host}}", "basePath": "{{.BasePath}}", "paths": { - "/auth/identityawareproxy/login": { - "post": { - "security": [ - { - "JWTKeyAuth": [] - } - ], - "description": "After a redirect from the OpenID Connect provider to the frontend has been made with the authentication ` + "`" + `code` + "`" + `, this endpoint can be used to obtain a jwt token for that user and thus log them in.", + "/auth/identityawareproxy/token": { + "get": { + "description": "Generates a short-lived JWT based on the identity from the identity-aware proxy in order to provide the front-end with user id and username info", "consumes": [ - "application/json" + "N/A" ], "produces": [ "application/json" @@ -49,7 +44,7 @@ var doc = `{ "tags": [ "auth" ], - "summary": "Authenticate a user with OpenID Connect", + "summary": "Authenticate a user from the Identity-Aware Proxy", "responses": { "200": { "description": "OK", @@ -8631,9 +8626,6 @@ var doc = `{ "properties": { "enabled": { "type": "boolean" - }, - "name": { - "type": "string" } } }, diff --git a/pkg/swagger/swagger.json b/pkg/swagger/swagger.json index 64ad5d212f..7225e0f6e8 100644 --- a/pkg/swagger/swagger.json +++ b/pkg/swagger/swagger.json @@ -15,16 +15,11 @@ }, "basePath": "/api/v1", "paths": { - "/auth/identityawareproxy/login": { - "post": { - "security": [ - { - "JWTKeyAuth": [] - } - ], - "description": "After a redirect from the OpenID Connect provider to the frontend has been made with the authentication `code`, this endpoint can be used to obtain a jwt token for that user and thus log them in.", + "/auth/identityawareproxy/token": { + "get": { + "description": "Generates a short-lived JWT based on the identity from the identity-aware proxy in order to provide the front-end with user id and username info", "consumes": [ - "application/json" + "N/A" ], "produces": [ "application/json" @@ -32,7 +27,7 @@ "tags": [ "auth" ], - "summary": "Authenticate a user with OpenID Connect", + "summary": "Authenticate a user from the Identity-Aware Proxy", "responses": { "200": { "description": "OK", @@ -8614,9 +8609,6 @@ "properties": { "enabled": { "type": "boolean" - }, - "name": { - "type": "string" } } }, diff --git a/pkg/swagger/swagger.yaml b/pkg/swagger/swagger.yaml index f6d8afe334..aee8a7bc30 100644 --- a/pkg/swagger/swagger.yaml +++ b/pkg/swagger/swagger.yaml @@ -1210,8 +1210,6 @@ definitions: properties: enabled: type: boolean - name: - type: string type: object v1.legalInfo: properties: @@ -1338,11 +1336,11 @@ paths: summary: User Avatar tags: - user - /auth/identityawareproxy/login: - post: + /auth/identityawareproxy/token: + get: consumes: - - application/json - description: After a redirect from the OpenID Connect provider to the frontend has been made with the authentication `code`, this endpoint can be used to obtain a jwt token for that user and thus log them in. + - N/A + description: Generates a short-lived JWT based on the identity from the identity-aware proxy in order to provide the front-end with user id and username info produces: - application/json responses: @@ -1354,9 +1352,7 @@ paths: description: Internal error schema: $ref: '#/definitions/models.Message' - security: - - JWTKeyAuth: [] - summary: Authenticate a user with OpenID Connect + summary: Authenticate a user from the Identity-Aware Proxy tags: - auth /auth/openid/{provider}/callback: