Skip to content

Commit 51ee670

Browse files
everettraveneverettraven
committed
oauth2: make loginMethod responsible for reviewing tokens
so that each loginMethod can determine how tokens should be reviewed based on how they store token state. Signed-off-by: Bryce Palmer <[email protected]>
1 parent cd08e73 commit 51ee670

File tree

1 file changed

+3
-36
lines changed

1 file changed

+3
-36
lines changed

pkg/auth/oauth2/auth.go

Lines changed: 3 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ import (
66
"crypto/tls"
77
"crypto/x509"
88
"encoding/hex"
9-
"errors"
109
"fmt"
1110
"io"
1211
"net/http"
@@ -22,9 +21,8 @@ import (
2221
"github.com/openshift/console/pkg/auth/sessions"
2322
oscrypto "github.com/openshift/library-go/pkg/crypto"
2423

25-
authv1 "k8s.io/api/authentication/v1"
26-
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2724
"k8s.io/client-go/kubernetes"
25+
authenticationv1 "k8s.io/client-go/kubernetes/typed/authentication/v1"
2826
"k8s.io/client-go/rest"
2927
"k8s.io/klog/v2"
3028
)
@@ -95,6 +93,7 @@ type loginMethod interface {
9593
Authenticate(http.ResponseWriter, *http.Request) (*auth.User, error)
9694
oauth2Config() *oauth2.Config
9795
GetSpecialURLs() auth.SpecialAuthURLs
96+
ReviewToken(*http.Request, authenticationv1.TokenReviewInterface) error
9897
}
9998

10099
// AuthSource allows callers to switch between Tectonic and OpenShift login support.
@@ -305,39 +304,7 @@ func (a *OAuth2Authenticator) LoginFunc(w http.ResponseWriter, r *http.Request)
305304
}
306305

307306
func (a *OAuth2Authenticator) ReviewToken(r *http.Request) error {
308-
token, err := sessions.GetSessionTokenFromCookie(r)
309-
if err != nil {
310-
return err
311-
}
312-
313-
tokenReview := &authv1.TokenReview{
314-
TypeMeta: metav1.TypeMeta{
315-
APIVersion: "authentication.k8s.io/v1",
316-
Kind: "TokenReview",
317-
},
318-
Spec: authv1.TokenReviewSpec{
319-
Token: token,
320-
},
321-
}
322-
323-
completedTokenReview, err := a.
324-
internalK8sClientset.
325-
AuthenticationV1().
326-
TokenReviews().
327-
Create(r.Context(), tokenReview, metav1.CreateOptions{})
328-
329-
if err != nil {
330-
return fmt.Errorf("failed to create TokenReview, %v", err)
331-
}
332-
333-
// Check if the token is authenticated
334-
if !completedTokenReview.Status.Authenticated {
335-
if completedTokenReview.Status.Error != "" {
336-
return errors.New(completedTokenReview.Status.Error)
337-
}
338-
return errors.New("failed to authenticate the token, unknownd error")
339-
}
340-
return nil
307+
return a.loginMethod.ReviewToken(r, a.internalK8sClientset.AuthenticationV1().TokenReviews())
341308
}
342309

343310
// LogoutFunc cleans up session cookies.

0 commit comments

Comments
 (0)