0.8.1 (#257)

CHANGELOG.md

@@ -12,6 +12,28 @@
 <!-- ### Dependencies -->
 <!--  -->
 
+## mytoken 0.8.1
+
+### Enhancements
+
+- Improved returned transfercodes (do not include `l` and `I`)
+
+### Bugfixes
+
+- Fixed wrong (negative) `expires_at` time returned in tokeninfo for tokens without expiration
+- Fixed response if token revocation call does not contain token
+
+### Dependencies
+
+- Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3
+- Bump golang.org/x/term from 0.8.0 to 0.9.0
+- Bump github.com/lestrrat-go/jwx from 1.2.25 to 1.2.26
+- Bump golang.org/x/crypto from 0.9.0 to 0.10.0
+- Bump golang.org/x/mod from 0.10.0 to 0.11.0
+- Bump github.com/gofiber/template from 1.8.1 to 1.8.2
+- Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0
+- Bump github.com/gofiber/fiber/v2 from 2.46.0 to 2.47.0
+
 ## mytoken 0.8.0
 
 ### Features

go.mod

@@ -9,28 +9,28 @@ require (
 	github.com/fatih/structs v1.1.0
 	github.com/gliderlabs/ssh v0.3.5
 	github.com/go-sql-driver/mysql v1.7.1
-	github.com/gofiber/fiber/v2 v2.46.0
+	github.com/gofiber/fiber/v2 v2.47.0
 	github.com/gofiber/helmet/v2 v2.2.26
-	github.com/gofiber/template v1.8.1
+	github.com/gofiber/template/mustache/v2 v2.0.4
 	github.com/gofrs/uuid v4.4.0+incompatible
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/ip2location/ip2location-go v8.3.0+incompatible
 	github.com/jinzhu/copier v0.3.5
 	github.com/jmoiron/sqlx v1.3.5
-	github.com/lestrrat-go/jwx v1.2.25
+	github.com/lestrrat-go/jwx v1.2.26
 	github.com/oidc-mytoken/api v0.10.1-0.20230412103735-ccd26fb9a9ae
 	github.com/oidc-mytoken/lib v0.7.0
-	github.com/oidc-mytoken/utils v0.1.2
+	github.com/oidc-mytoken/utils v0.1.3-0.20230616081854-5012088bac1e
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pires/go-proxyproto v0.7.0
 	github.com/pkg/errors v0.9.1
-	github.com/sirupsen/logrus v1.9.2
+	github.com/sirupsen/logrus v1.9.3
 	github.com/urfave/cli/v2 v2.3.1-0.20211205195634-e8d81738896c
 	github.com/valyala/fasthttp v1.47.0
-	golang.org/x/crypto v0.9.0
-	golang.org/x/mod v0.10.0
-	golang.org/x/oauth2 v0.8.0
-	golang.org/x/term v0.8.0
+	golang.org/x/crypto v0.10.0
+	golang.org/x/mod v0.11.0
+	golang.org/x/oauth2 v0.9.0
+	golang.org/x/term v0.9.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -39,20 +39,22 @@ require (
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
 	github.com/cbroglie/mustache v1.4.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-resty/resty/v2 v2.7.0 // indirect
-	github.com/goccy/go-json v0.9.7 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/gofiber/template v1.8.2 // indirect
+	github.com/gofiber/utils v1.1.0 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/klauspost/compress v1.16.3 // indirect
+	github.com/klauspost/compress v1.16.5 // indirect
 	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
-	github.com/lestrrat-go/blackmagic v1.0.0 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.1 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
-	github.com/lestrrat-go/iter v1.0.1 // indirect
-	github.com/lestrrat-go/option v1.0.0 // indirect
+	github.com/lestrrat-go/iter v1.0.2 // indirect
+	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.18 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
@@ -62,8 +64,8 @@ require (
 	github.com/tinylib/msgp v1.1.8 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/tcplisten v1.0.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/net v0.11.0 // indirect
+	golang.org/x/sys v0.9.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 )

internal/db/dbrepo/authcodeinforepo/state/consentcode.go

@@ -10,7 +10,7 @@ const consentCodeLen = 8
 
 // NewConsentCode creates a new ConsentCode
 func NewConsentCode() *ConsentCode {
-	return ConsentCodeFromStr(utils.RandASCIIString(consentCodeLen))
+	return ConsentCodeFromStr(utils.RandReadableAlphaString(consentCodeLen))
 }
 
 // ConsentCode is type for the code used for giving consent to mytoken

internal/db/dbrepo/mytokenrepo/transfercoderepo/proxytoken.go

@@ -26,7 +26,7 @@ type proxyToken struct {
 
 // newProxyToken creates a new proxyToken of the given length
 func newProxyToken(size int) *proxyToken {
-	token := utils.RandASCIIString(size)
+	token := utils.RandReadableAlphaString(size)
 	return createProxyToken(token)
 }
 

internal/endpoints/revocation/revocationEndpoint.go

@@ -35,10 +35,18 @@ func HandleRevoke(ctx *fiber.Ctx) error {
 	if err := ctx.BodyParser(&req); err != nil {
 		return model.ErrorToBadRequestErrorResponse(err).Send(ctx)
 	}
-	rlog.Trace("Parsed mytoken request")
+	rlog.WithField("parsed request", fmt.Sprintf("%+v", req)).WithField(
+		"body", string(ctx.Body()),
+	).Trace("Parsed revocation request")
 	clearCookie := false
 	if req.Token == "" {
 		req.Token = ctx.Cookies("mytoken")
+		if req.Token == "" {
+			return model.Response{
+				Status:   fiber.StatusBadRequest,
+				Response: model.BadRequestError("no token given"),
+			}.Send(ctx)
+		}
 		if req.MOMID == "" {
 			clearCookie = true
 		}

internal/model/version/VERSION

@@ -1 +1 @@
-0.8.0
+0.8.1

internal/server/server.go

@@ -9,7 +9,7 @@ import (
 	"time"
 
 	"github.com/gofiber/fiber/v2"
-	"github.com/gofiber/template/mustache"
+	"github.com/gofiber/template/mustache/v2"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/oidc-mytoken/api/v0"