fix: insecureSkipVerify for GetUserInfoGroups (#12982)

Signed-off-by: sycured <[email protected]> (cherry picked from commit 1b414a3)
argoproj · May 4, 2024 · 32c3e03 · 32c3e03
1 parent 27a3159
commit 32c3e03
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/server/auth/sso/sso.go b/server/auth/sso/sso.go
@@ -288,7 +288,7 @@ func (s *sso) HandleCallback(w http.ResponseWriter, r *http.Request) {
 	// Some SSO implementations (Okta) require a call to
 	// the OIDC user info path to get attributes like groups
 	if s.userInfoPath != "" {
-		groups, err = c.GetUserInfoGroups(oauth2Token.AccessToken, s.issuer, s.userInfoPath)
+		groups, err = c.GetUserInfoGroups(s.httpClient, oauth2Token.AccessToken, s.issuer, s.userInfoPath)
 		if err != nil {
 			log.WithError(err).Errorf("failed to get groups claim from the given userInfoPath(%s)", s.userInfoPath)
 			w.WriteHeader(401)

diff --git a/server/auth/types/claims.go b/server/auth/types/claims.go
@@ -85,7 +85,7 @@ func (c *Claims) GetCustomGroup(customKeyName string) ([]string, error) {
 	return newSlice, nil
 }
 
-func (c *Claims) GetUserInfoGroups(accessToken, issuer, userInfoPath string) ([]string, error) {
+func (c *Claims) GetUserInfoGroups(httpClient HttpClient, accessToken, issuer, userInfoPath string) ([]string, error) {
 	url := fmt.Sprintf("%s%s", issuer, userInfoPath)
 	request, err := http.NewRequest("GET", url, nil)
 

diff --git a/server/auth/types/claims_test.go b/server/auth/types/claims_test.go
@@ -243,7 +243,7 @@ func TestGetUserInfoGroups(t *testing.T) {
 		httpClient = &HttpClientMock{StatusCode: 200, Body: body}
 
 		claims := &Claims{}
-		groups, err := claims.GetUserInfoGroups("Bearer fake", "https://fake.okta.com", "/user-info")
+		groups, err := claims.GetUserInfoGroups(httpClient, "Bearer fake", "https://fake.okta.com", "/user-info")
 		assert.Equal(t, groups, []string{"Everyone"})
 		assert.Equal(t, nil, err)
 	})