From 17c09bb0cf3938ead9140be092f435f506372228 Mon Sep 17 00:00:00 2001
From: adi6859 <aditya.ar1909@gmail.com>
Date: Thu, 8 Feb 2024 16:52:12 +0530
Subject: [PATCH] story(version upgrade) : version up for authenticator

---
 go.mod                                        |   2 +-
 go.sum                                        |  10 +-
 .../authenticator/client/k8sClient.go         |  31 +++--
 .../devtron-labs/authenticator/jwt/jwt.go     | 117 ------------------
 .../devtron-labs/authenticator/oidc/oidc.go   |  10 +-
 vendor/modules.txt                            |   5 +-
 6 files changed, 23 insertions(+), 152 deletions(-)
 delete mode 100644 vendor/github.com/devtron-labs/authenticator/jwt/jwt.go

diff --git a/go.mod b/go.mod
index 691c6bcb..8a320319 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/arl/statsviz v0.6.0
 	github.com/aws/aws-sdk-go v1.44.116
 	github.com/caarlos0/env v3.5.0+incompatible
-	github.com/devtron-labs/authenticator v0.4.31
+	github.com/devtron-labs/authenticator v0.4.34-0.20240208084114-6e2552488da8
 	github.com/gorilla/mux v1.8.0
 	github.com/prometheus/client_golang v1.14.0
 	github.com/stretchr/testify v1.8.4
diff --git a/go.sum b/go.sum
index 20713930..1b2f6dc9 100644
--- a/go.sum
+++ b/go.sum
@@ -147,8 +147,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE=
-github.com/devtron-labs/authenticator v0.4.31 h1:CEMLek3JnMuH9ULsC6BHNJr+NiyGzBd4lgdSxH2IGnc=
-github.com/devtron-labs/authenticator v0.4.31/go.mod h1:ozNfT8WcruiSgnUbyp48WVfc41++W6xYXhKFp67lNTU=
+github.com/devtron-labs/authenticator v0.4.34-0.20240208084114-6e2552488da8 h1:1vUwC7qRUpMK2G4uL3u6sOr6WCgzWit/8kBuUsqb0Ys=
+github.com/devtron-labs/authenticator v0.4.34-0.20240208084114-6e2552488da8/go.mod h1:a5gxST+HNmJReXE2TkCicFQFWtlhp8eqBRwS23GydNE=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
@@ -222,7 +222,6 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -381,8 +380,8 @@ github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -398,7 +397,6 @@ github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJ
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
-github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-ieproxy v0.0.1 h1:qiyop7gCflfhwCzGyeT0gro3sF9AIg9HU98JORTkqfI=
 github.com/mattn/go-ieproxy v0.0.1/go.mod h1:pYabZ6IHcRpFh7vIaLfK7rdcWgFEb3SFJ6/gNWuh88E=
@@ -643,7 +641,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
@@ -733,7 +730,6 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
diff --git a/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go b/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go
index 792c07f3..11c95d8d 100644
--- a/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go
+++ b/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go
@@ -46,7 +46,8 @@ type K8sClient struct {
 }
 
 type RuntimeConfig struct {
-	LocalDevMode LocalDevMode `env:"RUNTIME_CONFIG_LOCAL_DEV" envDefault:"false"`
+	LocalDevMode                LocalDevMode `env:"RUNTIME_CONFIG_LOCAL_DEV" envDefault:"false"`
+	DevtronDefaultNamespaceName string       `env:"DEVTRON_DEFAULT_NAMESPACE" envDefault:"devtroncd"`
 }
 
 func GetRuntimeConfig() (*RuntimeConfig, error) {
@@ -66,7 +67,7 @@ func NewK8sClient(runtimeConfig *RuntimeConfig) (*K8sClient, error) {
 	}, nil
 }
 
-//TODO use it as generic function across system
+// TODO use it as generic function across system
 func getKubeConfig(devMode LocalDevMode) (*rest.Config, error) {
 	if devMode {
 		usr, err := user.Current()
@@ -98,11 +99,11 @@ func (impl *K8sClient) GetArgocdConfig() (secret *v1.Secret, cm *v1.ConfigMap, e
 	if err != nil {
 		return nil, nil, err
 	}
-	secret, err = clientSet.CoreV1().Secrets(DevtronDefaultNamespaceName).Get(context.Background(), ArgocdSecretName, v12.GetOptions{})
+	secret, err = clientSet.CoreV1().Secrets(impl.runtimeConfig.DevtronDefaultNamespaceName).Get(context.Background(), ArgocdSecretName, v12.GetOptions{})
 	if err != nil {
 		return nil, nil, err
 	}
-	cm, err = clientSet.CoreV1().ConfigMaps(DevtronDefaultNamespaceName).Get(context.Background(), ArgocdConfigMapName, v12.GetOptions{})
+	cm, err = clientSet.CoreV1().ConfigMaps(impl.runtimeConfig.DevtronDefaultNamespaceName).Get(context.Background(), ArgocdConfigMapName, v12.GetOptions{})
 	if err != nil {
 		return nil, nil, err
 	}
@@ -118,7 +119,7 @@ func (impl *K8sClient) GetDevtronConfig() (secret *v1.Secret, err error) {
 	if err != nil {
 		return nil, err
 	}
-	secret, err = clientSet.CoreV1().Secrets(DevtronDefaultNamespaceName).Get(context.Background(), dexConfig.DevtronSecretName, v12.GetOptions{})
+	secret, err = clientSet.CoreV1().Secrets(impl.runtimeConfig.DevtronDefaultNamespaceName).Get(context.Background(), dexConfig.DevtronSecretName, v12.GetOptions{})
 	if err != nil {
 		return nil, err
 	}
@@ -132,16 +133,14 @@ const (
 	SettingAdminPasswordMtimeKey = "admin.passwordMtime"
 	SettingAdminEnabledKey       = "admin.enabled"
 	SettingAdminTokensKey        = "admin.tokens"
-
-	SettingServerSignatureKey   = "server.secretkey"
-	SettingURLKey               = "url"
-	DevtronDefaultNamespaceName = "devtroncd"
-	CallbackEndpoint            = "/auth/callback"
-	SettingDexConfigKey         = "dex.config"
-	DexCallbackEndpoint         = "/api/dex/callback"
-	InitialPasswordLength       = 16
-	DevtronSecretName           = "devtron-secret"
-	DevtronConfigMapName        = "devtron-cm"
+	SettingServerSignatureKey    = "server.secretkey"
+	SettingURLKey                = "url"
+	CallbackEndpoint             = "/auth/callback"
+	SettingDexConfigKey          = "dex.config"
+	DexCallbackEndpoint          = "/api/dex/callback"
+	InitialPasswordLength        = 16
+	DevtronSecretName            = "devtron-secret"
+	DevtronConfigMapName         = "devtron-cm"
 
 	ArgocdConfigMapName        = "argocd-cm"
 	ArgocdSecretName           = "argocd-secret"
@@ -272,7 +271,7 @@ func (impl *K8sClient) ConfigUpdateNotify() (chan bool, error) {
 	if err != nil {
 		return nil, err
 	}
-	informerFactory := kubeinformers.NewSharedInformerFactoryWithOptions(clusterClient, time.Minute, kubeinformers.WithNamespace(DevtronDefaultNamespaceName))
+	informerFactory := kubeinformers.NewSharedInformerFactoryWithOptions(clusterClient, time.Minute, kubeinformers.WithNamespace(impl.runtimeConfig.DevtronDefaultNamespaceName))
 	cmInformenr := informerFactory.Core().V1().ConfigMaps()
 	secretInformer := informerFactory.Core().V1().Secrets()
 	chanConfigUpdate := make(chan bool)
diff --git a/vendor/github.com/devtron-labs/authenticator/jwt/jwt.go b/vendor/github.com/devtron-labs/authenticator/jwt/jwt.go
deleted file mode 100644
index 9df0afcc..00000000
--- a/vendor/github.com/devtron-labs/authenticator/jwt/jwt.go
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright (c) 2021 Devtron Labs
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Some of the code has been taken from argocd, for them argocd licensing terms apply
- */
-
-package jwt
-
-import (
-	"encoding/json"
-	"fmt"
-
-	jwt "github.com/golang-jwt/jwt/v4"
-)
-
-// MapClaims converts a jwt.Claims to a MapClaims
-func MapClaims(claims jwt.Claims) (jwt.MapClaims, error) {
-	claimsBytes, err := json.Marshal(claims)
-	if err != nil {
-		return nil, err
-	}
-	var mapClaims jwt.MapClaims
-	err = json.Unmarshal(claimsBytes, &mapClaims)
-	if err != nil {
-		return nil, err
-	}
-	return mapClaims, nil
-}
-
-// GetField extracts a field from the claims as a string
-func GetField(claims jwt.MapClaims, fieldName string) string {
-	if fieldIf, ok := claims[fieldName]; ok {
-		if field, ok := fieldIf.(string); ok {
-			return field
-		}
-	}
-	return ""
-}
-
-// GetScopeValues extracts the values of specified scopes from the claims
-func GetScopeValues(claims jwt.MapClaims, scopes []string) []string {
-	groups := make([]string, 0)
-	for i := range scopes {
-		scopeIf, ok := claims[scopes[i]]
-		if !ok {
-			continue
-		}
-
-		switch val := scopeIf.(type) {
-		case []interface{}:
-			for _, groupIf := range val {
-				group, ok := groupIf.(string)
-				if ok {
-					groups = append(groups, group)
-				}
-			}
-		case []string:
-			groups = append(groups, val...)
-		case string:
-			groups = append(groups, val)
-		}
-	}
-
-	return groups
-}
-
-// GetIssuedAt returns the issued at as an int64
-func GetIssuedAt(m jwt.MapClaims) (int64, error) {
-	switch iat := m["iat"].(type) {
-	case float64:
-		return int64(iat), nil
-	case json.Number:
-		return iat.Int64()
-	case int64:
-		return iat, nil
-	default:
-		return 0, fmt.Errorf("iat '%v' is not a number", iat)
-	}
-}
-
-func Claims(in interface{}) jwt.Claims {
-	claims, ok := in.(jwt.Claims)
-	if ok {
-		return claims
-	}
-	return nil
-}
-
-// IsMember returns whether or not the user's claims is a member of any of the groups
-func IsMember(claims jwt.Claims, groups []string) bool {
-	mapClaims, err := MapClaims(claims)
-	if err != nil {
-		return false
-	}
-	// TODO: groups is hard-wired but we should really be honoring the 'scopes' section in argocd-rbac-cm.
-	// O(n^2) loop
-	for _, userGroup := range GetScopeValues(mapClaims, []string{"groups"}) {
-		for _, group := range groups {
-			if userGroup == group {
-				return true
-			}
-		}
-	}
-	return false
-}
diff --git a/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go b/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go
index 970aadca..539a932d 100644
--- a/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go
+++ b/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go
@@ -23,7 +23,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	jwt2 "github.com/devtron-labs/authenticator/jwt"
 	"github.com/golang-jwt/jwt/v4"
 	"html"
 	"html/template"
@@ -131,7 +130,7 @@ func (a *ClientApp) UpdateConfig(c *ClientApp) {
 }
 
 type RedirectUrlSanitiser func(url string) string
-type UserVerifier func(email string) bool
+type UserVerifier func(claims jwt.MapClaims) bool
 
 func GetScopesOrDefault(scopes []string) []string {
 	if len(scopes) == 0 {
@@ -449,12 +448,7 @@ func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request) {
 	}
 	returnUrl := appState.ReturnURL
 	// verify user in system
-	email := jwt2.GetField(claims, "email")
-	sub := jwt2.GetField(claims, "sub")
-	if email == "" && sub == "admin" {
-		email = sub
-	}
-	valid := a.userVerifier(email)
+	valid := a.userVerifier(claims)
 	//  end verify user in system
 	if !valid {
 		w.Header().Add("Set-Cookie", "")
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 257ff781..aac64066 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -121,10 +121,9 @@ github.com/coreos/go-oidc
 # github.com/davecgh/go-spew v1.1.1
 ## explicit
 github.com/davecgh/go-spew/spew
-# github.com/devtron-labs/authenticator v0.4.31
-## explicit; go 1.16
+# github.com/devtron-labs/authenticator v0.4.34-0.20240208084114-6e2552488da8
+## explicit; go 1.18
 github.com/devtron-labs/authenticator/client
-github.com/devtron-labs/authenticator/jwt
 github.com/devtron-labs/authenticator/oidc
 # github.com/emicklei/go-restful/v3 v3.9.0
 ## explicit; go 1.13