Affected by GO-2022-0615 and 5 other vulnerabilities

GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

oidcauthtest

package

v1.11.4 Latest Latest Go to latest Published: Feb 28, 2022 License: MPL-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/consul

Links

Open Source Insights

Documentation ¶

Overview ¶

package oidcauthtest exposes tools to assist in writing unit tests of OIDC and JWT authentication workflows.

When the package is loaded it will randomly generate an ECDSA signing keypair used to sign JWTs both via the Server and the SignJWT method.

Index ¶

func GenerateKey() (pub, priv string, err error)
func SignJWT(privKey string, claims jwt.Claims, privateClaims interface{}) (string, error)
func SigningKeys() (pub, priv string)
type Server
- func Start(t TestingT) *Server
type TestingT

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateKey ¶ added in v1.8.1

func GenerateKey() (pub, priv string, err error)

func SignJWT ¶

func SignJWT(privKey string, claims jwt.Claims, privateClaims interface{}) (string, error)

SignJWT will bundle the provided claims into a signed JWT. The provided key is assumed to be ECDSA.

If no private key is provided, the default package keys are used. These can be retrieved via the SigningKeys() method.

func SigningKeys ¶

func SigningKeys() (pub, priv string)

SigningKeys returns the pem-encoded keys used to sign JWTs by default.

Types ¶

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server is local server the mocks the endpoints used by the OIDC and JWKS process.

func Start ¶

func Start(t TestingT) *Server

Start creates a disposable Server. If the port provided is zero it will bind to a random free port, otherwise the provided port is used.

func (*Server) Addr ¶

func (s *Server) Addr() string

Addr returns the current base URL for the running webserver.

func (*Server) CACert ¶

func (s *Server) CACert() string

CACert returns the pem-encoded CA certificate used by the HTTPS server.

func (*Server) DisableUserInfo ¶

func (s *Server) DisableUserInfo()

DisableUserInfo makes the userinfo endpoint return 404 and omits it from the discovery config.

func (*Server) OmitIDTokens ¶

func (s *Server) OmitIDTokens()

OmitIDTokens forces an error state where the /token endpoint does not return id_token.

func (*Server) ServeHTTP ¶

func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request)

ServeHTTP implements http.Handler.

func (*Server) SetAllowedRedirectURIs ¶

func (s *Server) SetAllowedRedirectURIs(uris []string)

SetAllowedRedirectURIs allows you to configure the allowed redirect URIs for the OIDC workflow. If not configured a sample of "https://example.com" is used.

func (*Server) SetClientCreds ¶

func (s *Server) SetClientCreds(clientID, clientSecret string)

SetClientCreds is for configuring the client information required for the OIDC workflows.

func (*Server) SetCustomAudience ¶

func (s *Server) SetCustomAudience(customAudience string)

SetCustomAudience configures what audience value to embed in the JWT issued by the OIDC workflow.

func (*Server) SetCustomClaims ¶

func (s *Server) SetCustomClaims(customClaims map[string]interface{})

SetCustomClaims lets you set claims to return in the JWT issued by the OIDC workflow.

func (*Server) SetExpectedAuthCode ¶

func (s *Server) SetExpectedAuthCode(code string)

SetExpectedAuthCode configures the auth code to return from /auth and the allowed auth code for /token.

func (*Server) SetExpectedAuthNonce ¶

func (s *Server) SetExpectedAuthNonce(nonce string)

SetExpectedAuthNonce configures the nonce value required for /auth.

func (*Server) SigningKeys ¶

func (s *Server) SigningKeys() (pub, priv string)

SigningKeys returns the pem-encoded keys used to sign JWTs.

func (*Server) Stop ¶

func (s *Server) Stop()

Stop stops the running Server.

type TestingT ¶ added in v1.11.0

type TestingT interface {
	require.TestingT
	Helper()
	Cleanup(func())
}

Source Files ¶

View all Source files

testing.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL