cyonjan/frp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

style: check for err not being null, dont strip return

Browse Source
This commit is contained in:
Guy Lewin 2020-02-20 18:00:26 +02:00
parent 739cdd2bff
commit a85b52d8e6
1 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
models/auth/oidc.go
View File

@ -45,25 +45,24 @@ func NewOidcAuthSetter(clientId string, clientSecret string, audience string, to
func (auth *OidcAuthProvider) SetLogin(loginMsg *msg.Login) (err error) { func (auth *OidcAuthProvider) SetLogin(loginMsg *msg.Login) (err error) {
tokenObj, err := auth.tokenGenerator.Token(context.Background()) tokenObj, err := auth.tokenGenerator.Token(context.Background())
if tokenObj == nil { if err != nil {
return fmt.Errorf("couldn't generate OIDC token for login: %s", err) return fmt.Errorf("couldn't generate OIDC token for login: %v", err)
} }
loginMsg.PrivilegeKey = tokenObj.AccessToken loginMsg.PrivilegeKey = tokenObj.AccessToken
return return nil
} }
func (auth *OidcAuthProvider) SetPing(pingMsg *msg.Ping) (err error) { func (auth *OidcAuthProvider) SetPing(pingMsg *msg.Ping) (err error) {
if !auth.authenticateHeartBeats { if !auth.authenticateHeartBeats {
// if heartbeat authentication is disabled - don't set
return nil return nil
} }
tokenObj, err := auth.tokenGenerator.Token(context.Background()) tokenObj, err := auth.tokenGenerator.Token(context.Background())
if tokenObj == nil { if err != nil {
return fmt.Errorf("couldn't generate OIDC token for ping: %s", err) return fmt.Errorf("couldn't generate OIDC token for ping: %v", err)
} }
pingMsg.PrivilegeKey = tokenObj.AccessToken pingMsg.PrivilegeKey = tokenObj.AccessToken
return return nil
} }
type OidcAuthConsumer struct { type OidcAuthConsumer struct {
@ -91,21 +90,20 @@ func NewOidcAuthVerifier(issuer string, audience string, skipExpiryCheck bool, s
func (auth *OidcAuthConsumer) VerifyLogin(loginMsg *msg.Login) (err error) { func (auth *OidcAuthConsumer) VerifyLogin(loginMsg *msg.Login) (err error) {
token, err := auth.verifier.Verify(context.Background(), loginMsg.PrivilegeKey) token, err := auth.verifier.Verify(context.Background(), loginMsg.PrivilegeKey)
if token != nil { if err != nil {
auth.subjectFromLogin = token.Subject
return
}
return fmt.Errorf("invalid OIDC token in login: %v", err) return fmt.Errorf("invalid OIDC token in login: %v", err)
}
auth.subjectFromLogin = token.Subject
return nil
} }
func (auth *OidcAuthConsumer) VerifyPing(pingMsg *msg.Ping) (err error) { func (auth *OidcAuthConsumer) VerifyPing(pingMsg *msg.Ping) (err error) {
if !auth.authenticateHeartBeats { if !auth.authenticateHeartBeats {
// if heartbeat authentication is disabled - don't verify
return nil return nil
} }
token, err := auth.verifier.Verify(context.Background(), pingMsg.PrivilegeKey) token, err := auth.verifier.Verify(context.Background(), pingMsg.PrivilegeKey)
if token == nil { if err != nil {
return fmt.Errorf("invalid OIDC token in ping: %v", err) return fmt.Errorf("invalid OIDC token in ping: %v", err)
} }
if token.Subject != auth.subjectFromLogin { if token.Subject != auth.subjectFromLogin {
@ -114,5 +112,5 @@ func (auth *OidcAuthConsumer) VerifyPing(pingMsg *msg.Ping) (err error) {
"new subject: %s", "new subject: %s",
auth.subjectFromLogin, token.Subject) auth.subjectFromLogin, token.Subject)
} }
return return nil
} }