From 56ca971e284cc4c990f1d73990e83d3da7b9ffa6 Mon Sep 17 00:00:00 2001
From: kartik-579 <kartik@devtron.ai>
Date: Tue, 26 Nov 2024 15:45:45 +0530
Subject: [PATCH] updated authenticator

---
 go.mod                                        |  1 +
 go.sum                                        |  4 ++--
 .../authenticator/client/oidcClient.go        |  5 +++--
 .../devtron-labs/authenticator/oidc/oidc.go   | 19 +++++++++++++++----
 vendor/modules.txt                            |  5 +++--
 5 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/go.mod b/go.mod
index b072072c7c..11dc2d1afe 100644
--- a/go.mod
+++ b/go.mod
@@ -288,6 +288,7 @@ require gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 
 replace (
 	github.com/argoproj/argo-workflows/v3 v3.5.10 => github.com/devtron-labs/argo-workflows/v3 v3.5.10
+	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20241125053959-8c4b15265c08
 	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241114074942-28eb96763c64
 	github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127
 	github.com/googleapis/gnostic => github.com/googleapis/gnostic v0.5.5
diff --git a/go.sum b/go.sum
index 170d467e91..f9d3a4c441 100644
--- a/go.sum
+++ b/go.sum
@@ -792,8 +792,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzq
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.10 h1:6rxQOesOzDz6SgQCMDQNHaehsKFW3C7U8CZeEek5kgQ=
 github.com/devtron-labs/argo-workflows/v3 v3.5.10/go.mod h1:/vqxcovDPT4zqr4DjR5v7CF8ggpY1l3TSa2CIG3jmjA=
-github.com/devtron-labs/authenticator v0.4.35-0.20240809073103-6e11da8083f8 h1:2+Q7Jdhpo/uMiaQiZZzAh+ZX7wEJIFuMFG6DEiMuo64=
-github.com/devtron-labs/authenticator v0.4.35-0.20240809073103-6e11da8083f8/go.mod h1:702R6WIf5y9UzKGoCGxQ+x3l5Ws+l0fXg2xlCpSGFZI=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20241125053959-8c4b15265c08 h1:3al5T53hg6/Tt4e7qLtPlg94/BEHwPOeyGBXQgUGWxk=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20241125053959-8c4b15265c08/go.mod h1:vFJ3M7akwAWCtugDXRW+5Q9P+cp0RiH+K/D5FBbb/JA=
 github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241114074942-28eb96763c64 h1:RicDE0aJImRtIJTqcl7ssE8NH1c2xokJClGYfDR8i98=
 github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241114074942-28eb96763c64/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta h1:VEx1jvDgdtDPS6A1uUFoaEi0l1/oLhbr+90xOwr6sDU=
diff --git a/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go b/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go
index 4c65a6ae92..b7dcba2f99 100644
--- a/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go
+++ b/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go
@@ -26,6 +26,7 @@ import (
 	"net/http"
 	"net/url"
 	"path"
+	"sync"
 	"time"
 )
 
@@ -65,8 +66,8 @@ func getOidcClient(dexServerAddress string, settings *oidc.Settings, userVerifie
 		},
 	}
 	dexProxy := oidc.NewDexHTTPReverseProxy(dexServerAddress, dexClient.Transport)
-	cahecStore := &oidc.Cache{OidcState: map[string]*oidc.OIDCState{}}
-	oidcClient, err := oidc.NewClientApp(settings, cahecStore, "/", userVerifier, RedirectUrlSanitiser)
+	cacheStore := &oidc.Cache{OidcState: sync.Map{}}
+	oidcClient, err := oidc.NewClientApp(settings, cacheStore, "/", userVerifier, RedirectUrlSanitiser)
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go b/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go
index 4ffdeb62fd..a44e53c2c4 100644
--- a/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go
+++ b/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go
@@ -32,6 +32,7 @@ import (
 	"path"
 	"regexp"
 	"strings"
+	"sync"
 	"time"
 
 	gooidc "github.com/coreos/go-oidc/v3/oidc"
@@ -69,16 +70,23 @@ type OIDCStateStorage interface {
 }
 
 type Cache struct {
-	OidcState map[string]*OIDCState
+	OidcState sync.Map
 }
 
 func (c *Cache) GetOIDCState(key string) (*OIDCState, error) {
-	state := c.OidcState[key]
+	value, exists := c.OidcState.Load(key)
+	if !exists {
+		return nil, ErrCacheMiss
+	}
+	state, ok := value.(*OIDCState)
+	if !ok || state == nil {
+		return nil, ErrInvalidState
+	}
 	return state, nil
 }
 
 func (c *Cache) SetOIDCState(key string, state *OIDCState) error {
-	c.OidcState[key] = state
+	c.OidcState.Store(key, state)
 	return nil
 }
 
@@ -287,12 +295,15 @@ func (a *ClientApp) generateAppState(returnURL string) string {
 }
 
 var ErrCacheMiss = errors.New("cache: key is missing")
+var ErrInvalidState = errors.New("invalid app state")
 
 func (a *ClientApp) verifyAppState(state string) (*OIDCState, error) {
 	res, err := a.cache.GetOIDCState(state)
 	if err != nil {
-		if err == ErrCacheMiss {
+		if errors.Is(err, ErrCacheMiss) {
 			return nil, fmt.Errorf("unknown app state %s", state)
+		} else if errors.Is(err, ErrInvalidState) {
+			return nil, fmt.Errorf("invalid app state %s", state)
 		} else {
 			return nil, fmt.Errorf("failed to verify app state %s: %v", state, err)
 		}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index f68c2455cb..aac7c324d4 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -336,8 +336,8 @@ github.com/davecgh/go-spew/spew
 # github.com/deckarep/golang-set v1.8.0
 ## explicit; go 1.17
 github.com/deckarep/golang-set
-# github.com/devtron-labs/authenticator v0.4.35-0.20240809073103-6e11da8083f8
-## explicit; go 1.18
+# github.com/devtron-labs/authenticator v0.4.35-0.20240809073103-6e11da8083f8 => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20241125053959-8c4b15265c08
+## explicit; go 1.21
 github.com/devtron-labs/authenticator/apiToken
 github.com/devtron-labs/authenticator/client
 github.com/devtron-labs/authenticator/jwt
@@ -2212,6 +2212,7 @@ xorm.io/xorm/log
 xorm.io/xorm/names
 xorm.io/xorm/schemas
 xorm.io/xorm/tags
+# github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20241125053959-8c4b15265c08
 # github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241114074942-28eb96763c64
 # github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127
 # github.com/googleapis/gnostic => github.com/googleapis/gnostic v0.5.5