Update markbates/goth (backport) (#10445)

Update markbates/goth to v1.61.2
- Fixes a JWT decoding issue in the OpenID provider
- Updates the GitHub provider to use the authorization header for authentication
- Updates the Twitch provider for Twitch's v5 API changes
- Adds the email and is_private_email fields to the Apple provider's GetUser implementation
- Modifies gothic to export a non-collidable context key for setting the Provider in a context.Context
- Adds new scopes to the Spotify provider
- Adds the IDToken from OpenID providers on the user struct
- Make Apple provider's SecretParams public
- Adds support for sign in with Apple, and drops support for Go versions 1.7 and 1.8
- Fixes the Slack provider's FetchURL logic to use the appropriate scope for the info it needs
Signed-off-by: Oscar LÃfwenhamn <oscar.lofwenhamn@cgi.com>

diff --git a/go.mod b/go.mod
index eb7acc4a32f223ecc4cb25683d8566c34a517810..672de02fac5a1f83a6d7adf440bf4a616c5a4ad3 100644 (file)
--- a/go.mod
+++ b/go.mod
@@ -62,7 +62,7 @@ require (
        github.com/lib/pq v1.2.0
        github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
        github.com/mailru/easyjson v0.7.0 // indirect
-       github.com/markbates/goth v1.56.0
+       github.com/markbates/goth v1.61.2
        github.com/mattn/go-isatty v0.0.7
        github.com/mattn/go-oci8 v0.0.0-20190320171441-14ba190cf52d // indirect
        github.com/mattn/go-sqlite3 v1.11.0

diff --git a/go.sum b/go.sum
index 46d8788588ce769971ce3a87b7974b6bcb889072..ea0053f396d257ab400174807404586fe0bfdb20 100644 (file)
--- a/go.sum
+++ b/go.sum
@@ -351,6 +351,7 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/lafriks/xormstore v1.3.2 h1:hqi3F8s/B4rz8GuEZZDuHuOxRjeuOpEI/cC7vcnWwH4=
 github.com/lafriks/xormstore v1.3.2/go.mod h1:mVNIwIa25QIr8rfR7YlVjrqN/apswHkVdtLCyVYBzXw=
+github.com/lestrrat-go/jwx v0.9.0/go.mod h1:iEoxlYfZjvoGpuWwxUz+eR5e6KTJGsaRcy/YNA/UnBk=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -370,8 +371,8 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN
 github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM=
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/markbates/going v1.0.0/go.mod h1:I6mnB4BPnEeqo85ynXIx1ZFLLbtiLHNXVgWeFO9OGOA=
-github.com/markbates/goth v1.56.0 h1:XEYedCgMNz5pi3ojXI8z2XUmXtBnMeuKUpx4Z6HlNj8=
-github.com/markbates/goth v1.56.0/go.mod h1:zZmAw0Es0Dpm7TT/4AdN14QrkiWLMrrU9Xei1o+/mdA=
+github.com/markbates/goth v1.61.2 h1:jDowrUH5qw8KGuQdKwFhLzkXkTYCIPfz3LHADJsiPIs=
+github.com/markbates/goth v1.61.2/go.mod h1:qh2QfwZoWRucQ+DR5KVKC6dUGkNCToWh4vS45GIzFsY=
 github.com/mattn/go-isatty v0.0.7 h1:UvyT9uN+3r7yLEYSlJsbQGdsaB/a0DlgWP3pql6iwOc=
 github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-oci8 v0.0.0-20190320171441-14ba190cf52d h1:m+dSK37rFf2fqppZhg15yI2IwC9BtucBiRwSDm9VL8g=

diff --git a/vendor/github.com/markbates/goth/.travis.yml b/vendor/github.com/markbates/goth/.travis.yml
index 7fd29cde8db57be35924416128873774e7a978ec..0bf9f1b87320b01db005bc89c51f1ad5698949b6 100644 (file)
--- a/vendor/github.com/markbates/goth/.travis.yml
+++ b/vendor/github.com/markbates/goth/.travis.yml
@@ -3,9 +3,7 @@ language: go
 sudo: false
 
 go:
-  - 1.7
-  - 1.8
-  - 1.9
+  - "1.9"
   - "1.10"
   - "1.11"
   - "1.12"

diff --git a/vendor/github.com/markbates/goth/README.md b/vendor/github.com/markbates/goth/README.md
index a35746e4e153a508f9ddb832f8460a3ce6def3ff..a2b988f5af6a7df2817629e6b58d4af73253becb 100644 (file)
--- a/vendor/github.com/markbates/goth/README.md
+++ b/vendor/github.com/markbates/goth/README.md
@@ -17,6 +17,7 @@ $ go get github.com/markbates/goth
 ## Supported Providers
 
 * Amazon
+* Apple
 * Auth0
 * Azure AD
 * Battle.net

diff --git a/vendor/github.com/markbates/goth/go.mod b/vendor/github.com/markbates/goth/go.mod
index 11b3857d795aa723e6177ea7febebb3e81600c9b..941bb64fdac791469baf0605b94c9f24df574b91 100644 (file)
--- a/vendor/github.com/markbates/goth/go.mod
+++ b/vendor/github.com/markbates/goth/go.mod
@@ -3,12 +3,15 @@ module github.com/markbates/goth
 require (
        cloud.google.com/go v0.30.0 // indirect
        github.com/davecgh/go-spew v1.1.1 // indirect
+       github.com/dgrijalva/jwt-go v3.2.0+incompatible
        github.com/gorilla/mux v1.6.2
        github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1
        github.com/gorilla/sessions v1.1.1
        github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da
+       github.com/lestrrat-go/jwx v0.9.0
        github.com/markbates/going v1.0.0
        github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c
+       github.com/pkg/errors v0.8.1 // indirect
        github.com/pmezard/go-difflib v1.0.0 // indirect
        github.com/stretchr/testify v1.2.2
        golang.org/x/oauth2 v0.0.0-20180620175406-ef147856a6dd

diff --git a/vendor/github.com/markbates/goth/go.sum b/vendor/github.com/markbates/goth/go.sum
index ae438329533059a9ae18b867be9f942b2f46ebfb..1ecf8cdbc8b550858a98a4b4c56aeeb2fe8ad576 100644 (file)
--- a/vendor/github.com/markbates/goth/go.sum
+++ b/vendor/github.com/markbates/goth/go.sum
@@ -2,6 +2,8 @@ cloud.google.com/go v0.30.0 h1:xKvyLgk56d0nksWq49J0UyGEeUIicTl4+UBiX1NPX9g=
 cloud.google.com/go v0.30.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
@@ -16,10 +18,16 @@ github.com/gorilla/sessions v1.1.1 h1:YMDmfaK68mUixINzY/XjscuJ47uXFWSSHzFbBQM0Pr
 github.com/gorilla/sessions v1.1.1/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
 github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da h1:FjHUJJ7oBW4G/9j1KzlHaXL09LyMVM9rupS39lncbXk=
 github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4=
+github.com/lestrrat-go/jwx v0.9.0 h1:Fnd0EWzTm0kFrBPzE/PEPp9nzllES5buMkksPMjEKpM=
+github.com/lestrrat-go/jwx v0.9.0/go.mod h1:iEoxlYfZjvoGpuWwxUz+eR5e6KTJGsaRcy/YNA/UnBk=
+github.com/lestrrat/jwx v0.9.0 h1:sxyUKCQ0KpX4+GPvSu9lAS0tIwpg7F/O8p/HqyZL4ns=
+github.com/lestrrat/jwx v0.9.0/go.mod h1:Ogdl8bCZz7p5/jj4RY2LQTceY/c+AoTIk9gJY+KP4H0=
 github.com/markbates/going v1.0.0 h1:DQw0ZP7NbNlFGcKbcE/IVSOAFzScxRtLpd0rLMzLhq0=
 github.com/markbates/going v1.0.0/go.mod h1:I6mnB4BPnEeqo85ynXIx1ZFLLbtiLHNXVgWeFO9OGOA=
 github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c h1:3wkDRdxK92dF+c1ke2dtj7ZzemFWBHB9plnJOtlwdFA=
 github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c/go.mod h1:skjdDftzkFALcuGzYSklqYd8gvat6F1gZJ4YPVbkZpM=
+github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=

diff --git a/vendor/github.com/markbates/goth/gothic/gothic.go b/vendor/github.com/markbates/goth/gothic/gothic.go
index ea4e1e0db8f2f3af0d0638795874626c6eaf3737..edd0e98d7141828a8aba1454fb18c338252ae112 100644 (file)
--- a/vendor/github.com/markbates/goth/gothic/gothic.go
+++ b/vendor/github.com/markbates/goth/gothic/gothic.go
@@ -10,6 +10,7 @@ package gothic
 import (
        "bytes"
        "compress/gzip"
+       "context"
        "crypto/rand"
        "encoding/base64"
        "errors"
@@ -35,6 +36,11 @@ var defaultStore sessions.Store
 
 var keySet = false
 
+type key int
+
+// ProviderParamKey can be used as a key in context when passing in a provider
+const ProviderParamKey key = iota
+
 func init() {
        key := []byte(os.Getenv("SESSION_SECRET"))
        keySet = len(key) != 0
@@ -265,6 +271,11 @@ func getProviderName(req *http.Request) (string, error) {
                return p, nil
        }
 
+       // try to get it from the go-context's value of providerContextKey key
+       if p, ok := req.Context().Value(ProviderParamKey).(string); ok {
+               return p, nil
+       }
+
        // As a fallback, loop over the used providers, if we already have a valid session for any provider (ie. user has already begun authentication with a provider), then return that provider name
        providers := goth.GetProviders()
        session, _ := Store.Get(req, SessionName)
@@ -280,6 +291,11 @@ func getProviderName(req *http.Request) (string, error) {
        return "", errors.New("you must select a provider")
 }
 
+// GetContextWithProvider returns a new request context containing the provider
+func GetContextWithProvider(req *http.Request, provider string) *http.Request {
+       return req.WithContext(context.WithValue(req.Context(), ProviderParamKey, provider))
+}
+
 // StoreInSession stores a specified key/value pair in the session.
 func StoreInSession(key string, value string, req *http.Request, res http.ResponseWriter) error {
        session, _ := Store.New(req, SessionName)

diff --git a/vendor/github.com/markbates/goth/providers/github/github.go b/vendor/github.com/markbates/goth/providers/github/github.go
index b3c29b9670c009660ab15e7ed929e26361f88106..e635f5272b1ce291060fd2febd5879bac0d05519 100644 (file)
--- a/vendor/github.com/markbates/goth/providers/github/github.go
+++ b/vendor/github.com/markbates/goth/providers/github/github.go
@@ -10,7 +10,6 @@ import (
        "io"
        "io/ioutil"
        "net/http"
-       "net/url"
        "strconv"
        "strings"
 
@@ -105,7 +104,9 @@ func (p *Provider) FetchUser(session goth.Session) (goth.User, error) {
                return user, fmt.Errorf("%s cannot get user information without accessToken", p.providerName)
        }
 
-       response, err := p.Client().Get(p.profileURL + "?access_token=" + url.QueryEscape(sess.AccessToken))
+       req, err := http.NewRequest("GET", p.profileURL, nil)
+       req.Header.Add("Authorization", "Bearer "+sess.AccessToken)
+       response, err := p.Client().Do(req)
        if err != nil {
                return user, err
        }
@@ -172,7 +173,9 @@ func userFromReader(reader io.Reader, user *goth.User) error {
 }
 
 func getPrivateMail(p *Provider, sess *Session) (email string, err error) {
-       response, err := p.Client().Get(p.emailURL + "?access_token=" + url.QueryEscape(sess.AccessToken))
+       req, err := http.NewRequest("GET", p.emailURL, nil)
+       req.Header.Add("Authorization", "Bearer "+sess.AccessToken)
+       response, err := p.Client().Do(req)
        if err != nil {
                if response != nil {
                        response.Body.Close()

diff --git a/vendor/github.com/markbates/goth/providers/openidConnect/openidConnect.go b/vendor/github.com/markbates/goth/providers/openidConnect/openidConnect.go
index a4ff1d40ff267fb6316356a3d430789286a0dd6d..421d816ffb7c0786a0b8d0078c96eb0068cf7cb0 100644 (file)
--- a/vendor/github.com/markbates/goth/providers/openidConnect/openidConnect.go
+++ b/vendor/github.com/markbates/goth/providers/openidConnect/openidConnect.go
@@ -6,12 +6,13 @@ import (
        "encoding/json"
        "errors"
        "fmt"
-       "github.com/markbates/goth"
-       "golang.org/x/oauth2"
        "io/ioutil"
        "net/http"
        "strings"
        "time"
+
+       "github.com/markbates/goth"
+       "golang.org/x/oauth2"
 )
 
 const (
@@ -173,6 +174,7 @@ func (p *Provider) FetchUser(session goth.Session) (goth.User, error) {
                RefreshToken: sess.RefreshToken,
                ExpiresAt:    expiresAt,
                RawData:      claims,
+               IDToken:      sess.IDToken,
        }
 
        p.userFromClaims(claims, &user)
@@ -391,13 +393,8 @@ func decodeJWT(jwt string) (map[string]interface{}, error) {
                return nil, errors.New("jws: invalid token received, not all parts available")
        }
 
-       // Re-pad, if needed
-       encodedPayload := jwtParts[1]
-       if l := len(encodedPayload) % 4; l != 0 {
-               encodedPayload += strings.Repeat("=", 4-l)
-       }
+       decodedPayload, err := base64.URLEncoding.WithPadding(base64.NoPadding).DecodeString(jwtParts[1])
 
-       decodedPayload, err := base64.StdEncoding.DecodeString(encodedPayload)
        if err != nil {
                return nil, err
        }

diff --git a/vendor/github.com/markbates/goth/user.go b/vendor/github.com/markbates/goth/user.go
index 1d6a419632fc4d85ecc19eb1a45d1134fffcb0dd..0cc5830513f044e3c34bc69b0a1fc9e75af0ca3c 100644 (file)
--- a/vendor/github.com/markbates/goth/user.go
+++ b/vendor/github.com/markbates/goth/user.go
@@ -27,4 +27,5 @@ type User struct {
        AccessTokenSecret string
        RefreshToken      string
        ExpiresAt         time.Time
+       IDToken           string
 }

diff --git a/vendor/modules.txt b/vendor/modules.txt
index f25a16f4af28486f0078d8f7da0351d4553d7964..bb7728268bed55cdbba689ecac716616cb54e3ef 100644 (file)
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -293,7 +293,7 @@ github.com/magiconair/properties
 github.com/mailru/easyjson/buffer
 github.com/mailru/easyjson/jlexer
 github.com/mailru/easyjson/jwriter
-# github.com/markbates/goth v1.56.0
+# github.com/markbates/goth v1.61.2
 github.com/markbates/goth
 github.com/markbates/goth/gothic
 github.com/markbates/goth/providers/bitbucket