From b949b8fc6531702dae07e99bb77087953694337f Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Tue, 5 Apr 2022 09:22:00 +0200
Subject: [PATCH] chore(deps): update oidc to 1.2.0 (#3363)

* chore(deps): update oidc to 1.2.0

* add comment
---
 cmd/admin/start/start.go                       | 3 ++-
 go.mod                                         | 2 +-
 go.sum                                         | 2 ++
 internal/api/oidc/op.go                        | 1 -
 internal/api/ui/login/login.go                 | 6 +++---
 internal/api/ui/login/login_success_handler.go | 5 ++---
 6 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/cmd/admin/start/start.go b/cmd/admin/start/start.go
index 41ef7883c9..d160c2856b 100644
--- a/cmd/admin/start/start.go
+++ b/cmd/admin/start/start.go
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/caos/logging"
+	"github.com/caos/oidc/pkg/op"
 	"github.com/gorilla/mux"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -190,7 +191,7 @@ func startAPIs(ctx context.Context, router *mux.Router, commands *command.Comman
 	}
 	apis.RegisterHandler(console.HandlerPrefix, c)
 
-	l, err := login.CreateLogin(config.Login, commands, queries, authRepo, store, config.SystemDefaults, console.HandlerPrefix+"/", config.ExternalDomain, baseURL, oidc.AuthCallback, config.ExternalSecure, userAgentInterceptor, instanceInterceptor.Handler, keys.User, keys.IDPConfig, keys.CSRFCookieKey)
+	l, err := login.CreateLogin(config.Login, commands, queries, authRepo, store, config.SystemDefaults, console.HandlerPrefix+"/", config.ExternalDomain, baseURL, op.AuthCallbackURL(oidcProvider), config.ExternalSecure, userAgentInterceptor, instanceInterceptor.Handler, keys.User, keys.IDPConfig, keys.CSRFCookieKey)
 	if err != nil {
 		return fmt.Errorf("unable to start login: %w", err)
 	}
diff --git a/go.mod b/go.mod
index 26dd1bd721..b8fe605ddb 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/allegro/bigcache v1.2.1
 	github.com/boombuler/barcode v1.0.1
 	github.com/caos/logging v0.3.1
-	github.com/caos/oidc v1.0.1
+	github.com/caos/oidc v1.2.0
 	github.com/cockroachdb/cockroach-go/v2 v2.2.4
 	github.com/dop251/goja v0.0.0-20211129110639-4739a1d10a51
 	github.com/dop251/goja_nodejs v0.0.0-20211022123610-8dd9abb0616d
diff --git a/go.sum b/go.sum
index 393b7c4223..eab0e94df8 100644
--- a/go.sum
+++ b/go.sum
@@ -128,6 +128,8 @@ github.com/caos/logging v0.3.1 h1:892AMeHs09D0e3ZcGB+QDRsZ5+2xtPAsAhOy8eKfztc=
 github.com/caos/logging v0.3.1/go.mod h1:B8QNS0WDmR2Keac52Fw+XN4ZJkzLDGrcRIPB2Ux4uRo=
 github.com/caos/oidc v1.0.1 h1:8UHAPynCObwaqortppDtJFktjqLDLYSLidkNy0Num4o=
 github.com/caos/oidc v1.0.1/go.mod h1:4l0PPwdc6BbrdCFhNrRTUddsG292uHGa7gE2DSEIqoU=
+github.com/caos/oidc v1.2.0 h1:dTy5bcT2WQbwPgytEZiG8SV1bCgHUXyDdaPDCNtRdEU=
+github.com/caos/oidc v1.2.0/go.mod h1:4l0PPwdc6BbrdCFhNrRTUddsG292uHGa7gE2DSEIqoU=
 github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
diff --git a/internal/api/oidc/op.go b/internal/api/oidc/op.go
index 13f15ea0ca..c032177cb6 100644
--- a/internal/api/oidc/op.go
+++ b/internal/api/oidc/op.go
@@ -29,7 +29,6 @@ import (
 
 const (
 	HandlerPrefix = "/oauth/v2"
-	AuthCallback  = HandlerPrefix + "/authorize/callback?id="
 )
 
 type Config struct {
diff --git a/internal/api/ui/login/login.go b/internal/api/ui/login/login.go
index 8d85e122ee..1ec5a72e3a 100644
--- a/internal/api/ui/login/login.go
+++ b/internal/api/ui/login/login.go
@@ -36,7 +36,7 @@ type Login struct {
 	authRepo            auth_repository.Repository
 	baseURL             string
 	consolePath         string
-	oidcAuthCallbackURL string
+	oidcAuthCallbackURL func(string) string
 	idpConfigAlg        crypto.EncryptionAlgorithm
 	userCodeAlg         crypto.EncryptionAlgorithm
 	iamDomain           string
@@ -63,8 +63,8 @@ func CreateLogin(config Config,
 	systemDefaults systemdefaults.SystemDefaults,
 	consolePath,
 	domain,
-	baseURL,
-	oidcAuthCallbackURL string,
+	baseURL string,
+	oidcAuthCallbackURL func(string) string,
 	externalSecure bool,
 	userAgentCookie,
 	instanceHandler mux.MiddlewareFunc,
diff --git a/internal/api/ui/login/login_success_handler.go b/internal/api/ui/login/login_success_handler.go
index d282c47f73..d6bb858a9c 100644
--- a/internal/api/ui/login/login_success_handler.go
+++ b/internal/api/ui/login/login_success_handler.go
@@ -43,12 +43,11 @@ func (l *Login) renderSuccessAndCallback(w http.ResponseWriter, r *http.Request,
 		userData: l.getUserData(r, authReq, "Login Successful", errID, errMessage),
 	}
 	if authReq != nil {
-		data.RedirectURI = l.oidcAuthCallbackURL
+		data.RedirectURI = l.oidcAuthCallbackURL("") //the id will be set via the html (maybe change this with the login refactoring)
 	}
 	l.renderer.RenderTemplate(w, r, l.getTranslator(authReq), l.renderer.Templates[tmplLoginSuccess], data, nil)
 }
 
 func (l *Login) redirectToCallback(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) {
-	callback := l.oidcAuthCallbackURL + authReq.ID
-	http.Redirect(w, r, callback, http.StatusFound)
+	http.Redirect(w, r, l.oidcAuthCallbackURL(authReq.ID), http.StatusFound)
 }