20221012 fix login method check (#86)

* update modules * fix login type check and variable name * go mod tidy * go fmt * fix linting issues * update changelog/readme
grafana · Oct 12, 2022 · b225d54 · b225d54
1 parent de05036
commit b225d54
Show file tree

Hide file tree

Showing 7 changed files with 684 additions and 17 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,8 @@
 
 - Update go modules to fix continuous error messages
 - Updated linters and circleci config for go 1.19
+- Adds support for Google IAP Auth (idtoken)
+- Fixes GCOM auth login hanging
 
 ## 1.0.4
 

diff --git a/README.md b/README.md
@@ -373,3 +373,4 @@ This will generate executables in "bin" that can be run on a variety of platform
 - [Alex Heylin](https://github.com/AlexHeylin) for the v7 login fix - and also works with v6!
 - [Xan Manning](https://github.com/xanmanning) for the ignore certificate option!
 - [David Stäheli](https://github.com/mistadave) for the OAuth implementation!
+- [Marcus Ramberg](https://github.com/marcusramberg) for the Google ID Token Auth implementation!
diff --git a/go.mod b/go.mod
@@ -9,6 +9,21 @@ require (
 	github.com/smartystreets/goconvey v1.7.2
 )
 
+require (
+	cloud.google.com/go/compute v1.7.0 // indirect
+	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
+	go.opencensus.io v0.23.0 // indirect
+	golang.org/x/net v0.0.0-20220909164309-bea034e7d591 // indirect
+	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f // indirect
+	google.golang.org/grpc v1.47.0 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+)
+
 require (
 	github.com/BurntSushi/toml v1.2.0 // indirect
 	github.com/chromedp/sysutil v1.0.0 // indirect
@@ -19,11 +34,10 @@ require (
 	github.com/joho/godotenv v1.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/jtolds/gls v4.20.0+incompatible // indirect
-	github.com/kr/pretty v0.1.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/smartystreets/assertions v1.13.0 // indirect
 	golang.org/x/sys v0.0.0-20221010170243-090e33056c14 // indirect
-	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
+	google.golang.org/api v0.98.0
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	olympos.io/encoding/edn v0.0.0-20201019073823-d3554ca0b0a3 // indirect
 )
diff --git a/go.sum b/go.sum
diff --git a/pkg/cmd/grafana-kiosk/main.go b/pkg/cmd/grafana-kiosk/main.go
@@ -54,7 +54,7 @@ func ProcessArgs(cfg interface{}) Args {
 	flagSettings.BoolVar(&processedArgs.OauthAutoLogin, "auto-login", false, "oauth_auto_login is enabled in grafana config")
 	flagSettings.StringVar(&processedArgs.UsernameField, "field-username", "username", "Fieldname for the username")
 	flagSettings.StringVar(&processedArgs.PasswordField, "field-password", "password", "Fieldname for the password")
-	flagSettings.StringVar(&a.Audience, "audience", "", "idtoken audience")
+	flagSettings.StringVar(&processedArgs.Audience, "audience", "", "idtoken audience")
 
 	fu := flagSettings.Usage
 	flagSettings.Usage = func() {
@@ -113,7 +113,7 @@ func summary(cfg *kiosk.Config) {
 	log.Println("IgnoreCertificateErrors:", cfg.Target.IgnoreCertificateErrors)
 	log.Println("IsPlayList:", cfg.Target.IsPlayList)
 	// goauth
-	log.Println("Fieldname Username:", cfg.GOAUTH.AutoLogin)
+	log.Println("Fieldname AutoLogin:", cfg.GOAUTH.AutoLogin)
 	log.Println("Fieldname Username:", cfg.GOAUTH.UsernameField)
 	log.Println("Fieldname Password:", cfg.GOAUTH.PasswordField)
 }
@@ -125,7 +125,7 @@ func main() {
 
 	// validate auth methods
 	switch args.LoginMethod {
-	case "goauth", "anon", "local", "gcom":
+	case "goauth", "anon", "local", "gcom", "idtoken":
 	default:
 		log.Println("Invalid auth method", args.LoginMethod)
 		os.Exit(-1)
@@ -200,7 +200,7 @@ func main() {
 		kiosk.GrafanaKioskGenericOauth(&cfg)
 	case "idtoken":
 		log.Printf("Launching idtoken oauth kiosk")
-		kiosk.GrafanaKioskIdToken(&cfg)
+		kiosk.GrafanaKioskIDToken(&cfg)
 	default:
 		log.Printf("Launching ANON login kiosk")
 		kiosk.GrafanaKioskAnonymous(&cfg)

diff --git a/pkg/kiosk/config.go b/pkg/kiosk/config.go
@@ -23,7 +23,7 @@ type Config struct {
 		PasswordField string `yaml:"fieldname-password" env:"KIOSK_GOAUTH_FIELD_PASSWORD" env-description:"Password html input name value"`
 	} `yaml:"goauth"`
 	IDTOKEN struct {
-		KeyFile string `yaml:"idtoken-keyfile" env:"KIOSK_IDTOKEN_KEYFILE" env-description:"JSON Credentials for idtoken"`
+		KeyFile  string `yaml:"idtoken-keyfile" env:"KIOSK_IDTOKEN_KEYFILE" env-description:"JSON Credentials for idtoken"`
 		Audience string `yaml:"idtoken-audience" env:"KIOSK_IDTOKEN_AUDIENCE" env-description:"Audience for idtoken, tpyically your oauth client id"`
 	} `yaml:"goauth"`
 }
diff --git a/pkg/kiosk/grafana_idtoken_login.go b/pkg/kiosk/grafana_idtoken_login.go
@@ -5,7 +5,6 @@ import (
 	"time"
 
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 
@@ -17,12 +16,13 @@ import (
 	"google.golang.org/api/idtoken"
 )
 
-// GrafanaKioskGenericOauth creates a chrome-based kiosk using a oauth2 authenticated account
-func GrafanaKioskIdToken(cfg *Config) {
-	dir, err := ioutil.TempDir("", "chromedp-example")
+// GrafanaKioskIDToken creates a chrome-based kiosk using a oauth2 authenticated account.
+func GrafanaKioskIDToken(cfg *Config) {
+	dir, err := os.MkdirTemp(os.TempDir(), "chromedp-kiosk")
 	if err != nil {
 		panic(err)
 	}
+
 	defer os.RemoveAll(dir)
 
 	opts := generateExecutorOptions(dir, cfg.General.WindowPosition, cfg.Target.IgnoreCertificateErrors)
@@ -42,46 +42,53 @@ func GrafanaKioskIdToken(cfg *Config) {
 	}
 
 	var generatedURL = GenerateURL(cfg.Target.URL, cfg.General.Mode, cfg.General.AutoFit, cfg.Target.IsPlayList)
+
 	log.Println("Navigating to ", generatedURL)
 
-	log.Printf("Token is using audience %s and reading from %s\n",cfg.IDTOKEN.Audience, cfg.IDTOKEN.KeyFile)
-	ts, err := idtoken.NewTokenSource(context.Background(), cfg.IDTOKEN.Audience, idtoken.WithCredentialsFile(cfg.IDTOKEN.KeyFile))
+	log.Printf("Token is using audience %s and reading from %s\n", cfg.IDTOKEN.Audience, cfg.IDTOKEN.KeyFile)
+	tokenSource, err := idtoken.NewTokenSource(context.Background(), cfg.IDTOKEN.Audience, idtoken.WithCredentialsFile(cfg.IDTOKEN.KeyFile))
+
 	if err != nil {
 		panic(err)
 	}
 
 	chromedp.ListenTarget(taskCtx, func(ev interface{}) {
+		//nolint:gocritic // future events can be handled here
 		switch ev := ev.(type) {
 		case *fetch.EventRequestPaused:
 			go func() {
 				fetchReq := fetch.ContinueRequest(ev.RequestID)
 				for k, v := range ev.Request.Headers {
 					fetchReq.Headers = append(fetchReq.Headers, &fetch.HeaderEntry{Name: k, Value: fmt.Sprintf("%v", v)})
 				}
-				token, err := ts.Token()
+				token, err := tokenSource.Token()
 				if err != nil {
-					panic(fmt.Errorf("idtoken.NewClient: %v", err))
+					panic(fmt.Errorf("idtoken.NewClient: %w", err))
 				}
 				fetchReq.Headers = append(fetchReq.Headers, &fetch.HeaderEntry{Name: "Authorization", Value: "Bearer " + token.AccessToken})
-				fetchReq.Do(GetExecutor(taskCtx))
+				err = fetchReq.Do(GetExecutor(taskCtx))
+				if err != nil {
+					panic(fmt.Errorf("idtoken.NewClient fetchReq error: %w", err))
+				}
 			}()
 		}
 	})
 
 	if err := chromedp.Run(taskCtx, enableFetch(generatedURL)); err != nil {
 		panic(err)
 	}
+
 	log.Println("Sleeping 2 seconds before exit.")
 	time.Sleep(2 * time.Second)
 	log.Println("Exit...")
 }
 
 func GetExecutor(ctx context.Context) context.Context {
 	c := chromedp.FromContext(ctx)
+
 	return cdp.WithExecutor(ctx, c.Target)
 }
 
-
 func enableFetch(url string) chromedp.Tasks {
 	return chromedp.Tasks{
 		fetch.Enable(),