Closed jkralik closed 2 months ago
The changes introduce updates to OAuth client configurations, focusing on token claims handling and context setup. The Client
struct now incorporates an InsertTokenClaims
field and removes validations for RequireDeviceID
and RequireOwner
. Test cases have been streamlined, removing scenarios and simplifying assertions. The alterations also involve modifying functions related to token generation and validation, as well as adjusting constants within the project.
File Path | Change Summary |
---|---|
certificate-authority/service/grpc/signCertificate_test.go |
Set up OAuth client configurations and inserted token claims before service setup. Modified context token setup. |
m2m-oauth-server/service/config.go |
Added InsertTokenClaims to Client struct. Removed validation for RequireDeviceID and RequireOwner . |
m2m-oauth-server/service/token.go |
Modified functions and structures for token generation and validation. Renamed fields in tokenRequest and updated corresponding handling code. |
m2m-oauth-server/service/token_test.go |
Simplified TestGetToken by removing specific test cases and corresponding configurations. Streamlined assertions. |
m2m-oauth-server/test/test.go |
Removed RequireDeviceID and RequireOwner from declarations. Added InsertTokenClaims to ServiceOAuthClient . |
m2m-oauth-server/uri/uri.go |
Removed UsernameKey , PasswordKey , SubjectKey , DeviceIDKey , OwnerKey constants. Added OriginalTokenClaims constant declaration. |
In the realm of OAuth bright and keen,
Code adjustments float serene.
Token claims now swiftly glide,
Fields once strict, now step aside.
Simpler tests, with claims anew,
A path of tokens just for you.
🎉👾✨
(\(\
( - - )
c(")__(")
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Issues
1 New issue
0 Accepted issues
Measures
0 Security Hotspots
76.9% Coverage on New Code
0.0% Duplication on New Code
@coderabbitai generate summary for PR
@jkralik: Here is the summary for PR #1339:
The PR primarily addresses security vulnerabilities in the OAuth server by modifying OAuth client configurations and token handling mechanisms. Key changes include:
certificate-authority/service/grpc/signCertificate_test.go:
TestCertificateAuthorityServerSignCSRWithDifferentPublicKeys
to include OAuth client setup and token claims insertion.m2m-oauth-server/service/config.go:
InsertTokenClaims
field to the Client
struct.RequireDeviceID
and RequireOwner
fields from the Client
struct.Validate
method accordingly.m2m-oauth-server/service/token.go:
makeAccessToken
to incorporate clientCfg.InsertTokenClaims
.tokenRequest
struct, including renaming and reordering fields.postToken
to use tokenReq.Secret
instead of tokenReq.Password
.DeviceID
and Owner
.m2m-oauth-server/service/token_test.go:
TestGetToken
by removing certain test cases and focusing on core token retrieval tests.m2m-oauth-server/test/test.go:
RequireDeviceID
and RequireOwner
fields from OAuth client declarations.InsertTokenClaims
to ServiceOAuthClient
.m2m-oauth-server/uri/uri.go:
OriginalTokenClaims
.These changes enhance the security and flexibility of the OAuth server by allowing dynamic insertion of token claims and simplifying the validation logic.
Summary of Changes
The PR primarily addresses security vulnerabilities in the OAuth server by modifying OAuth client configurations and token handling mechanisms. Key changes include:
certificate-authority/service/grpc/signCertificate_test.go:
TestCertificateAuthorityServerSignCSRWithDifferentPublicKeys
to include OAuth client setup and token claims insertion.m2m-oauth-server/service/config.go:
InsertTokenClaims
field to theClient
struct.RequireDeviceID
andRequireOwner
fields from theClient
struct.Validate
method accordingly.m2m-oauth-server/service/token.go:
makeAccessToken
to incorporateclientCfg.InsertTokenClaims
.tokenRequest
struct, including renaming and reordering fields.postToken
to usetokenReq.Secret
instead oftokenReq.Password
.DeviceID
andOwner
.m2m-oauth-server/service/token_test.go:
TestGetToken
by removing certain test cases and focusing on core token retrieval tests.m2m-oauth-server/test/test.go:
RequireDeviceID
andRequireOwner
fields from OAuth client declarations.InsertTokenClaims
toServiceOAuthClient
.m2m-oauth-server/uri/uri.go:
OriginalTokenClaims
.These changes enhance the security and flexibility of the OAuth server by allowing dynamic insertion of token claims and simplifying the validation logic.