From 32c3e030f9840c21ee17ed26f6f171f945876f3a Mon Sep 17 00:00:00 2001 From: sycured <60801403+sycured@users.noreply.github.com> Date: Thu, 25 Apr 2024 22:17:50 -0500 Subject: [PATCH] fix: `insecureSkipVerify` for `GetUserInfoGroups` (#12982) Signed-off-by: sycured <60801403+sycured@users.noreply.github.com> (cherry picked from commit 1b414a3d9cff3ee00eb659b716558aefb1e975b6) --- server/auth/sso/sso.go | 2 +- server/auth/types/claims.go | 2 +- server/auth/types/claims_test.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/server/auth/sso/sso.go b/server/auth/sso/sso.go index 2d238bba0ab5..743990d9f517 100644 --- a/server/auth/sso/sso.go +++ b/server/auth/sso/sso.go @@ -288,7 +288,7 @@ func (s *sso) HandleCallback(w http.ResponseWriter, r *http.Request) { // Some SSO implementations (Okta) require a call to // the OIDC user info path to get attributes like groups if s.userInfoPath != "" { - groups, err = c.GetUserInfoGroups(oauth2Token.AccessToken, s.issuer, s.userInfoPath) + groups, err = c.GetUserInfoGroups(s.httpClient, oauth2Token.AccessToken, s.issuer, s.userInfoPath) if err != nil { log.WithError(err).Errorf("failed to get groups claim from the given userInfoPath(%s)", s.userInfoPath) w.WriteHeader(401) diff --git a/server/auth/types/claims.go b/server/auth/types/claims.go index 677eef8d31be..ecab3d54637f 100644 --- a/server/auth/types/claims.go +++ b/server/auth/types/claims.go @@ -85,7 +85,7 @@ func (c *Claims) GetCustomGroup(customKeyName string) ([]string, error) { return newSlice, nil } -func (c *Claims) GetUserInfoGroups(accessToken, issuer, userInfoPath string) ([]string, error) { +func (c *Claims) GetUserInfoGroups(httpClient HttpClient, accessToken, issuer, userInfoPath string) ([]string, error) { url := fmt.Sprintf("%s%s", issuer, userInfoPath) request, err := http.NewRequest("GET", url, nil) diff --git a/server/auth/types/claims_test.go b/server/auth/types/claims_test.go index 1b87e8a4c336..8fa5fa4baef1 100644 --- a/server/auth/types/claims_test.go +++ b/server/auth/types/claims_test.go @@ -243,7 +243,7 @@ func TestGetUserInfoGroups(t *testing.T) { httpClient = &HttpClientMock{StatusCode: 200, Body: body} claims := &Claims{} - groups, err := claims.GetUserInfoGroups("Bearer fake", "https://fake.okta.com", "/user-info") + groups, err := claims.GetUserInfoGroups(httpClient, "Bearer fake", "https://fake.okta.com", "/user-info") assert.Equal(t, groups, []string{"Everyone"}) assert.Equal(t, nil, err) })