Open markerdmann opened 1 month ago
The changes introduce enhanced OAuth2 functionality across various components, including adding new event types, expanding configuration settings, updating context handling, and refining OAuth2 provider interactions. Tests have been updated to reflect these modifications, ensuring comprehensive coverage and validation of the new features.
Files | Change Summary |
---|---|
callbacks.go , callbacks_test.go |
Added EventOAuth and EventOAuthFail constants and updated related tests. |
config.go |
Added OAuth2Storer field to the Config struct. |
context.go , context_test.go |
Added global variables for OAuth2 state and updated LoadUser function and related tests. |
internal/mocks/mocks.go , mocks_test.go |
Added PutOAuth and GetOAuth methods to MockStorer and related tests. |
oauth2.go , oauth2/oauth2.go , oauth2/providers.go |
Updated OAuth2Provider struct, reorganized storage methods, modified callback functions, and updated Google provider. |
oauth2/oauth2_test.go , oauth2/providers_test.go |
Updated tests to reflect changes in OAuth2 functionality and parameter handling. |
recover/recover_test.go |
Updated email handling and URL generation logic in tests. |
remember/remember.go , remember/remember_test.go |
Added afterOAuth function and related test for post-OAuth actions. |
storer.go |
Renamed and reordered OAuth2 constants, updated Storer interface, introduced OAuth2Storer . |
sequenceDiagram
participant User
participant OAuth2Provider
participant Server
participant Database
User->>OAuth2Provider: Initiate OAuth2 Login
OAuth2Provider-->>User: Redirect to Authorization Page
User->>OAuth2Provider: Authorize and Get Code
OAuth2Provider-->>Server: Send Authorization Code
Server->>OAuth2Provider: Exchange Code for Token
OAuth2Provider-->>Server: Return Access Token
Server->>Database: Store OAuth2 Attributes
Database-->>Server: Confirmation
Server-->>User: Login Success
In the code's realm, where changes flow, OAuth2's dance begins to show. Events expand, new states arise, With tests and mocks to scrutinize. A rabbit's joy, in code's delight, Celebrates this OAuth flight.
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
@coderabbitai review
Authors of pull request: @aarondl
This pull request added support for OAuth2 authentication and improved the handling of OAuth2-related events and data storage.
Two new events, EventOAuth
and EventOAuthFail
, were added to the Event
enumeration in callbacks.go
, and corresponding string representations and indexes were updated. The Config
struct in config.go
was extended to include an OAuth2Storer
field, allowing separate management of OAuth2-related storage.
In context.go
, the LoadUser
method was modified to handle keys containing semicolons, enabling the retrieval of user data via OAuth2Storer
. Corresponding tests in context_test.go
were updated to verify this functionality.
The OAuth2Provider
struct in oauth2.go
was updated to use authboss.Attributes
instead of a custom OAuth2Credentials
struct, simplifying the handling of OAuth2 user data. The oauthCallback
function was enhanced to handle additional URL parameters and to store OAuth2 user data using OAuth2Storer
.
The remember
package was updated to support OAuth2 authentication by adding an afterOAuth
method, which sets a remember-me token for OAuth2-authenticated users. Tests were added to verify this functionality.
Finally, the OAuth2Storer
interface was defined in storer.go
, providing methods for storing and retrieving OAuth2 user data, and the Google
OAuth2 provider callback in providers.go
was updated to return authboss.Attributes
.
String
method incorrectly checks i+1 >= Event(len(eventIndexes))
instead of i >= Event(len(eventIndexes)-1)
, which could lead to an out-of-bounds error when i
is the last valid index.LoadUser
does not handle the case where the key contains a semicolon but is not in the expected format, potentially leading to unexpected behavior or errors.PutOAuth
method does not handle concurrent access to the Users
map, potentially leading to race conditions.GetOAuth
method assumes that the "email" and "password" attributes are always present and of type string
, which could cause a runtime panic if these assumptions are violated.oauthCallback
function to split the state parameter and validate only the first part may introduce issues if the state parameter format is not consistent or if additional data in the state parameter is not handled correctly.authboss.Cfg.HostName
to authboss.Cfg.RootURL
may cause issues if RootURL
is not properly set or differs significantly from HostName
, potentially leading to incorrect URLs in recovery emails.afterOAuth
method incorrectly checks if the length of splState
is less than 0, which is always false and should be checking if the length is less than 2.afterOAuth
is redundant because its purpose and functionality are already covered by the existing afterOAuth
function in remember.go
.TestAfterOAuth
is redundant as it duplicates the existing TestAfterOAuth
method in the remember/remember_test.go
file.Put
method in the Storer
interface now explicitly states it should not store if the key does not exist, which may require changes in implementations to ensure compliance with this behavior.PutOAuth(uid, provider string, attr Attributes) error
is redundant because its functionality is already covered by the existing method authboss.Cfg.OAuth2Storer.PutOAuth(uid, provider, user)
in oauth2/oauth2.go
.GetOAuth
methods in mockStorer
and MockStorer
already provide the same functionality.Sweep is unsure if these are issues, but they might be worth checking out.
OAuth2Storer
field is added to the Config
struct but is not initialized in the NewConfig
function, which could lead to a nil pointer dereference if accessed without being set.Google
function returns a nil map, which could cause a runtime panic when accessing the map.afterOAuth
method retrieves the user ID twice using authboss.StoreOAuth2Provider
instead of retrieving the provider in the second call, which is likely a copy-paste error.TestAfterOAuth
does not check for the presence of the rm=true
parameter in the request URL, which is crucial for the remember-me functionality.
Summary by CodeRabbit
New Features
Enhancements
Bug Fixes
Documentation