Fix OAuth endpoints interface

Signed-off-by: Monis Khan <mkhan@redhat.com>

Author: enj

pkg/oauthserver/mux.go

@@ -1,10 +1,15 @@
 package oauthserver
 
-import (
-	"net/http"
-)
+import "net/http"
 
 type Mux interface {
 	Handle(pattern string, handler http.Handler)
 	HandleFunc(pattern string, handler func(http.ResponseWriter, *http.Request))
 }
+
+type Endpoints interface {
+	// Install registers one or more http.Handlers into the given mux.
+	// It is expected that the provided prefix will serve all operations.
+	// prefix MUST NOT end in a slash.
+	Install(mux Mux, prefix string)
+}

pkg/oauthserver/oauthserver/auth.go

@@ -149,7 +149,7 @@ func (c *OAuthServerConfig) WithOAuth(handler http.Handler) (http.Handler, error
 		loginURL = c.ExtraOAuthConfig.Options.MasterPublicURL
 	}
 
-	tokenRequestEndpoints := tokenrequest.NewEndpoints(loginURL, openShiftLogoutPrefix, c.getOsinOAuthClient, c.ExtraOAuthConfig.OAuthAccessTokenClient)
+	tokenRequestEndpoints := tokenrequest.NewTokenRequest(loginURL, openShiftLogoutPrefix, c.getOsinOAuthClient, c.ExtraOAuthConfig.OAuthAccessTokenClient)
 	tokenRequestEndpoints.Install(mux, urls.OpenShiftOAuthAPIPrefix)
 
 	if session := c.ExtraOAuthConfig.SessionAuth; session != nil {

pkg/oauthserver/osinserver/osinserver.go

@@ -14,7 +14,7 @@ import (
 	"github.com/openshift/origin/pkg/oauthserver"
 )
 
-type Server struct {
+type osinServer struct {
 	config       *osin.ServerConfig
 	server       *osin.Server
 	authorize    AuthorizeHandler
@@ -31,15 +31,15 @@ func (l Logger) Printf(format string, v ...interface{}) {
 	}
 }
 
-func New(config *osin.ServerConfig, storage osin.Storage, authorize AuthorizeHandler, access AccessHandler, errorHandler ErrorHandler) *Server {
+func New(config *osin.ServerConfig, storage osin.Storage, authorize AuthorizeHandler, access AccessHandler, errorHandler ErrorHandler) oauthserver.Endpoints {
 	server := osin.NewServer(config, storage)
 
 	// Override tokengen to ensure we get valid length tokens
 	server.AuthorizeTokenGen = TokenGen{}
 	server.AccessTokenGen = TokenGen{}
 	server.Logger = Logger{}
 
-	return &Server{
+	return &osinServer{
 		config:       config,
 		server:       server,
 		authorize:    authorize,
@@ -48,17 +48,13 @@ func New(config *osin.ServerConfig, storage osin.Storage, authorize AuthorizeHan
 	}
 }
 
-// Install registers the Server OAuth handlers into a mux. It is expected that the
-// provided prefix will serve all operations
-func (s *Server) Install(mux oauthserver.Mux, paths ...string) {
-	for _, prefix := range paths {
-		mux.HandleFunc(path.Join(prefix, urls.AuthorizePath), s.handleAuthorize)
-		mux.HandleFunc(path.Join(prefix, urls.TokenPath), s.handleToken)
-		mux.HandleFunc(path.Join(prefix, urls.InfoPath), s.handleInfo)
-	}
+func (s *osinServer) Install(mux oauthserver.Mux, prefix string) {
+	mux.HandleFunc(path.Join(prefix, urls.AuthorizePath), s.handleAuthorize)
+	mux.HandleFunc(path.Join(prefix, urls.TokenPath), s.handleToken)
+	mux.HandleFunc(path.Join(prefix, urls.InfoPath), s.handleInfo)
 }
 
-func (s *Server) handleAuthorize(w http.ResponseWriter, r *http.Request) {
+func (s *osinServer) handleAuthorize(w http.ResponseWriter, r *http.Request) {
 	resp := s.server.NewResponse()
 	defer resp.Close()
 
@@ -97,7 +93,7 @@ func (s *Server) handleAuthorize(w http.ResponseWriter, r *http.Request) {
 	osin.OutputJSON(resp, w, r)
 }
 
-func (s *Server) handleToken(w http.ResponseWriter, r *http.Request) {
+func (s *osinServer) handleToken(w http.ResponseWriter, r *http.Request) {
 	resp := s.server.NewResponse()
 	defer resp.Close()
 
@@ -114,7 +110,7 @@ func (s *Server) handleToken(w http.ResponseWriter, r *http.Request) {
 	osin.OutputJSON(resp, w, r)
 }
 
-func (s *Server) handleInfo(w http.ResponseWriter, r *http.Request) {
+func (s *osinServer) handleInfo(w http.ResponseWriter, r *http.Request) {
 	resp := s.server.NewResponse()
 	defer resp.Close()
 

pkg/oauthserver/server/grant/grant.go

@@ -5,7 +5,6 @@ import (
 	"net/http"
 	"net/url"
 	"path"
-	"strings"
 
 	"k8s.io/klog"
 
@@ -98,13 +97,8 @@ func NewGrant(csrf csrf.CSRF, auth authenticator.Request, render FormRenderer, c
 	}
 }
 
-// Install registers the grant handler into a mux. It is expected that the
-// provided prefix will serve all operations. Path MUST NOT end in a slash.
-func (l *Grant) Install(mux oauthserver.Mux, paths ...string) {
-	for _, path := range paths {
-		path = strings.TrimRight(path, "/")
-		mux.HandleFunc(path, l.ServeHTTP)
-	}
+func (l *Grant) Install(mux oauthserver.Mux, prefix string) {
+	mux.Handle(prefix, l)
 }
 
 func (l *Grant) ServeHTTP(w http.ResponseWriter, req *http.Request) {

pkg/oauthserver/server/login/login.go

@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"html/template"
 	"net/http"
-	"strings"
 
 	"k8s.io/klog"
 
@@ -89,13 +88,8 @@ func NewLogin(provider string, csrf csrf.CSRF, auth PasswordAuthenticator, rende
 	}
 }
 
-// Install registers the login handler into a mux. It is expected that the
-// provided prefix will serve all operations. Path MUST NOT end in a slash.
-func (l *Login) Install(mux oauthserver.Mux, paths ...string) {
-	for _, path := range paths {
-		path = strings.TrimRight(path, "/")
-		mux.HandleFunc(path, l.ServeHTTP)
-	}
+func (l *Login) Install(mux oauthserver.Mux, prefix string) {
+	mux.Handle(prefix, l)
 }
 
 func (l *Login) ServeHTTP(w http.ResponseWriter, req *http.Request) {

pkg/oauthserver/server/logout/logout.go

@@ -11,12 +11,11 @@ import (
 	"github.com/openshift/origin/pkg/oauthserver"
 	"github.com/openshift/origin/pkg/oauthserver/server/redirect"
 	"github.com/openshift/origin/pkg/oauthserver/server/session"
-	"github.com/openshift/origin/pkg/oauthserver/server/tokenrequest"
 )
 
 const thenParam = "then"
 
-func NewLogout(invalidator session.SessionInvalidator, redirect string) tokenrequest.Endpoints {
+func NewLogout(invalidator session.SessionInvalidator, redirect string) oauthserver.Endpoints {
 	return &logout{
 		invalidator: invalidator,
 		redirect:    redirect,
@@ -28,10 +27,8 @@ type logout struct {
 	redirect    string
 }
 
-func (l *logout) Install(mux oauthserver.Mux, paths ...string) {
-	for _, path := range paths {
-		mux.Handle(path, l)
-	}
+func (l *logout) Install(mux oauthserver.Mux, prefix string) {
+	mux.Handle(prefix, l)
 }
 
 func (l *logout) ServeHTTP(w http.ResponseWriter, req *http.Request) {

pkg/oauthserver/server/tokenrequest/endpoints.go

@@ -19,7 +19,7 @@ import (
 	"github.com/openshift/origin/pkg/oauthserver/authenticator/password/bootstrap"
 )
 
-type endpointDetails struct {
+type tokenRequest struct {
 	publicMasterURL string
 	// osinOAuthClient is the private OAuth client used by this endpoint.
 	// It starts out nil and is lazily initialized when this endpoint is called.
@@ -38,13 +38,8 @@ type endpointDetails struct {
 	openShiftLogoutPrefix string
 }
 
-// TODO this interface needs to be moved
-type Endpoints interface {
-	Install(mux oauthserver.Mux, paths ...string)
-}
-
-func NewEndpoints(publicMasterURL, openShiftLogoutPrefix string, osinOAuthClientGetter func() (*osincli.Client, error), tokens v1.OAuthAccessTokenInterface) Endpoints {
-	return &endpointDetails{
+func NewTokenRequest(publicMasterURL, openShiftLogoutPrefix string, osinOAuthClientGetter func() (*osincli.Client, error), tokens v1.OAuthAccessTokenInterface) oauthserver.Endpoints {
+	return &tokenRequest{
 		publicMasterURL:       publicMasterURL,
 		osinOAuthClientGetter: osinOAuthClientGetter,
 		ready:                 make(chan struct{}),
@@ -53,23 +48,19 @@ func NewEndpoints(publicMasterURL, openShiftLogoutPrefix string, osinOAuthClient
 	}
 }
 
-// Install registers the request token endpoints into a mux. It is expected that the
-// provided prefix will serve all operations
-func (e *endpointDetails) Install(mux oauthserver.Mux, paths ...string) {
-	for _, prefix := range paths {
-		mux.HandleFunc(path.Join(prefix, urls.RequestTokenEndpoint), e.readyHandler(e.requestToken))
-		mux.HandleFunc(path.Join(prefix, urls.DisplayTokenEndpoint), e.readyHandler(e.displayToken))
-		mux.HandleFunc(path.Join(prefix, urls.ImplicitTokenEndpoint), e.implicitToken)
-	}
+func (t *tokenRequest) Install(mux oauthserver.Mux, prefix string) {
+	mux.HandleFunc(path.Join(prefix, urls.RequestTokenEndpoint), t.readyHandler(t.requestToken))
+	mux.HandleFunc(path.Join(prefix, urls.DisplayTokenEndpoint), t.readyHandler(t.displayToken))
+	mux.HandleFunc(path.Join(prefix, urls.ImplicitTokenEndpoint), t.implicitToken)
 }
 
 // TODO we may want to start doing live lookups for this endpoint
-func (e *endpointDetails) readyHandler(delegate func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) {
+func (t *tokenRequest) readyHandler(delegate func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) {
 	return func(w http.ResponseWriter, h *http.Request) {
 		select {
-		case <-e.ready:
+		case <-t.ready:
 		default:
-			if err := e.safeInitOsinOAuthClientOnce(); err != nil {
+			if err := t.safeInitOsinOAuthClientOnce(); err != nil {
 				utilruntime.HandleError(fmt.Errorf("failed to get Osin OAuth client for token endpoint: %v", err))
 				http.Error(w, "OAuth token endpoint is not ready", http.StatusInternalServerError)
 				return
@@ -81,36 +72,36 @@ func (e *endpointDetails) readyHandler(delegate func(http.ResponseWriter, *http.
 
 // safeInitOsinOAuthClientOnce initializes osinOAuthClient exactly once using osinOAuthClientGetter.
 // It is goroutine safe, reentrant and can be safely called multiple times.
-func (e *endpointDetails) safeInitOsinOAuthClientOnce() error {
+func (t *tokenRequest) safeInitOsinOAuthClientOnce() error {
 	// Use a lock and nil check to make sure we never close endpoints.ready more than once
 	// and that we only try to fetch osinOAuthClient until the first time we are successful
-	e.initLock.Lock()
-	defer e.initLock.Unlock()
-	if e.osinOAuthClient == nil {
-		osinOAuthClient, err := e.osinOAuthClientGetter()
+	t.initLock.Lock()
+	defer t.initLock.Unlock()
+	if t.osinOAuthClient == nil {
+		osinOAuthClient, err := t.osinOAuthClientGetter()
 		if err != nil {
 			return err
 		}
-		e.osinOAuthClient = osinOAuthClient
-		close(e.ready)
+		t.osinOAuthClient = osinOAuthClient
+		close(t.ready)
 	}
 	return nil
 }
 
 // requestToken works for getting a token in your browser and seeing what your token is
-func (e *endpointDetails) requestToken(w http.ResponseWriter, req *http.Request) {
-	authReq := e.osinOAuthClient.NewAuthorizeRequest(osincli.CODE)
+func (t *tokenRequest) requestToken(w http.ResponseWriter, req *http.Request) {
+	authReq := t.osinOAuthClient.NewAuthorizeRequest(osincli.CODE)
 	oauthURL := authReq.GetAuthorizeUrl()
 
 	http.Redirect(w, req, oauthURL.String(), http.StatusFound)
 }
 
-func (e *endpointDetails) displayToken(w http.ResponseWriter, req *http.Request) {
+func (t *tokenRequest) displayToken(w http.ResponseWriter, req *http.Request) {
 	w.Header().Set("Content-Type", "text/html; charset=UTF-8")
 	requestURL := urls.OpenShiftOAuthTokenRequestURL("") // relative url to token request endpoint
-	data := tokenData{RequestURL: requestURL, PublicMasterURL: e.publicMasterURL}
+	data := tokenData{RequestURL: requestURL, PublicMasterURL: t.publicMasterURL}
 
-	authorizeReq := e.osinOAuthClient.NewAuthorizeRequest(osincli.CODE)
+	authorizeReq := t.osinOAuthClient.NewAuthorizeRequest(osincli.CODE)
 	authorizeData, err := authorizeReq.HandleRequest(req)
 	if err != nil {
 		data.Error = fmt.Sprintf("Error handling auth request: %v", err)
@@ -119,7 +110,7 @@ func (e *endpointDetails) displayToken(w http.ResponseWriter, req *http.Request)
 		return
 	}
 
-	accessReq := e.osinOAuthClient.NewAccessRequest(osincli.AUTHORIZATION_CODE, authorizeData)
+	accessReq := t.osinOAuthClient.NewAccessRequest(osincli.AUTHORIZATION_CODE, authorizeData)
 	accessData, err := accessReq.GetToken()
 	if err != nil {
 		data.Error = fmt.Sprintf("Error getting token: %v", err)
@@ -128,7 +119,7 @@ func (e *endpointDetails) displayToken(w http.ResponseWriter, req *http.Request)
 		return
 	}
 
-	token, err := e.tokens.Get(accessData.AccessToken, metav1.GetOptions{})
+	token, err := t.tokens.Get(accessData.AccessToken, metav1.GetOptions{})
 	if err != nil {
 		data.Error = "Error checking token" // do not leak error to user, do not log error
 		w.WriteHeader(http.StatusInternalServerError)
@@ -138,7 +129,7 @@ func (e *endpointDetails) displayToken(w http.ResponseWriter, req *http.Request)
 
 	if token.UserName == bootstrap.BootstrapUser {
 		// only the bootstrap user has a session we maintain for one more than OAuth flow
-		data.LogoutURL = e.openShiftLogoutPrefix
+		data.LogoutURL = t.openShiftLogoutPrefix
 	}
 
 	data.AccessToken = accessData.AccessToken
@@ -204,7 +195,7 @@ var tokenTemplate = template.Must(template.New("tokenTemplate").Parse(`
 {{ end }}
 `))
 
-func (e *endpointDetails) implicitToken(w http.ResponseWriter, req *http.Request) {
+func (t *tokenRequest) implicitToken(w http.ResponseWriter, req *http.Request) {
 	w.Header().Set("Content-Type", "text/plain")
 	_, _ = w.Write([]byte(`
 You have reached this page by following a redirect Location header from an OAuth authorize request.