Merge branch 'master' into fix-rfc9068-typ-validation

ory · Feb 13, 2024 · 5be54f6 · 5be54f6
2 parents 7089872 + 9b98b55
commit 5be54f6
Show file tree

Hide file tree

Showing 242 changed files with 409 additions and 280 deletions.
diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
@@ -11,7 +11,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: "1.20"
+          go-version: "1.21"
       - run: make format
       - name: Indicate formatting issues
         run: git diff HEAD --exit-code --color
diff --git a/.github/workflows/licenses.yml b/.github/workflows/licenses.yml
@@ -14,7 +14,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.20"
+          go-version: "1.21"
       - uses: actions/setup-node@v2
         with:
           node-version: "18"

diff --git a/.github/workflows/oidc-conformity-master.yml b/.github/workflows/oidc-conformity-master.yml
@@ -17,7 +17,7 @@ jobs:
           ref: master
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.20"
+          go-version: "1.21"
       - name: Update fosite
         run: |
           go mod edit -replace github.com/ory/fosite=github.com/ory/fosite@${{ github.sha }}

diff --git a/.github/workflows/oidc-conformity.yml b/.github/workflows/oidc-conformity.yml
@@ -17,7 +17,7 @@ jobs:
           ref: master
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.20"
+          go-version: "1.21"
       - name: Update fosite
         run: |
           go mod edit -replace github.com/ory/fosite=github.com/${{ github.event.pull_request.head.repo.full_name }}@${{ github.event.pull_request.head.sha }}

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -11,5 +11,5 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: "1.20"
+          go-version: "1.21"
       - run: make test
diff --git a/HISTORY.md b/HISTORY.md
@@ -1,7 +1,7 @@
 **THIS DOCUMENT HAS MOVED**
 
 This file is no longer being updated and kept for historical reasons. Please
-check the [CHANGELOG](changelog.md) instead!
+check the [CHANGELOG](CHANGELOG.md) instead!
 
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->

diff --git a/README.md b/README.md
@@ -315,10 +315,11 @@ panic("unable to create private key")
 // check the api docs of fosite.Config for further configuration options
 var config = &fosite.Config{
 	AccessTokenLifespan: time.Minute * 30,
+	GlobalSecret: secret,
 	// ...
 }
 
-var oauth2Provider = compose.ComposeAllEnabled(config, storage, secret, privateKey)
+var oauth2Provider = compose.ComposeAllEnabled(config, storage, privateKey)
 
 // The authorize endpoint is usually at "https://mydomain.com/oauth2/auth".
 func authorizeHandlerFunc(rw http.ResponseWriter, req *http.Request) {

diff --git a/access_error.go b/access_error.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_error_test.go b/access_error_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/access_request.go b/access_request.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_request_handler.go b/access_request_handler.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_request_handler_test.go b/access_request_handler_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/access_request_test.go b/access_request_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_response.go b/access_response.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_response_test.go b/access_response_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/access_response_writer.go b/access_response_writer.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_response_writer_test.go b/access_response_writer_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/access_write.go b/access_write.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_write_test.go b/access_write_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/arguments.go b/arguments.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/arguments_test.go b/arguments_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/audience_strategy.go b/audience_strategy.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/audience_strategy_test.go b/audience_strategy_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_error.go b/authorize_error.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_error_test.go b/authorize_error_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/authorize_helper.go b/authorize_helper.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite
@@ -141,11 +141,14 @@ func isMatchingAsLoopback(requested *url.URL, registeredURI string) bool {
 	return false
 }
 
+var (
+	regexLoopbackAddress = regexp.MustCompile(`^(127\.0\.0\.1|\[::1])(:\d+)?$`)
+)
+
 // Check if address is either an IPv4 loopback or an IPv6 loopback-
 // An optional port is ignored
 func isLoopbackAddress(address string) bool {
-	match, _ := regexp.MatchString("^(127.0.0.1|\\[::1\\])(:?)(\\d*)$", address)
-	return match
+	return regexLoopbackAddress.MatchString(address)
 }
 
 // IsValidRedirectURI validates a redirect_uri as specified in:

diff --git a/authorize_helper_test.go b/authorize_helper_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/authorize_helper_whitebox_test.go b/authorize_helper_whitebox_test.go
@@ -0,0 +1,69 @@
+// Copyright © 2024 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package fosite
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIsLookbackAddress(t *testing.T) {
+	testCases := []struct {
+		name     string
+		have     string
+		expected bool
+	}{
+		{
+			"ShouldReturnTrueIPv4Loopback",
+			"127.0.0.1",
+			true,
+		},
+		{
+			"ShouldReturnTrueIPv4LoopbackWithPort",
+			"127.0.0.1:1230",
+			true,
+		},
+		{
+			"ShouldReturnTrueIPv6Loopback",
+			"[::1]",
+			true,
+		},
+		{
+			"ShouldReturnTrueIPv6LoopbackWithPort",
+			"[::1]:1230",
+			true,
+		}, {
+			"ShouldReturnFalse12700255",
+			"127.0.0.255",
+			false,
+		},
+		{
+			"ShouldReturnFalse12700255WithPort",
+			"127.0.0.255:1230",
+			false,
+		},
+		{
+			"ShouldReturnFalseInvalidFourthOctet",
+			"127.0.0.11230",
+			false,
+		},
+		{
+			"ShouldReturnFalseInvalidIPv4",
+			"127x0x0x11230",
+			false,
+		},
+		{
+			"ShouldReturnFalseInvalidIPv6",
+			"[::1]1230",
+			false,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			assert.Equal(t, tc.expected, isLoopbackAddress(tc.have))
+		})
+	}
+}
diff --git a/authorize_request.go b/authorize_request.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_request_handler.go b/authorize_request_handler.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_request_handler_oidc_request_test.go b/authorize_request_handler_oidc_request_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_request_handler_test.go b/authorize_request_handler_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/authorize_request_test.go b/authorize_request_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_response.go b/authorize_response.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_response_test.go b/authorize_response_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_response_writer.go b/authorize_response_writer.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_response_writer_test.go b/authorize_response_writer_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/authorize_validators_test.go b/authorize_validators_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_write.go b/authorize_write.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_write_test.go b/authorize_write_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/client.go b/client.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite
@@ -63,11 +63,11 @@ type OpenIDConnectClient interface {
 	GetRequestObjectSigningAlgorithm() string
 
 	// Requested Client Authentication method for the Token Endpoint. The options are client_secret_post,
-	// client_secret_basic, client_secret_jwt, private_key_jwt, and none.
+	// client_secret_basic, private_key_jwt, and none.
 	GetTokenEndpointAuthMethod() string
 
 	// JWS [JWS] alg algorithm [JWA] that MUST be used for signing the JWT [JWT] used to authenticate the
-	// Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods.
+	// Client at the Token Endpoint for the private_key_jwt authentication method.
 	GetTokenEndpointAuthSigningAlgorithm() string
 }