oauth2: long if condition in providerAuthHeaderWorks replaced with loop
Long if condition replaced with loop.
Related to issue #41.
Change-Id: Ib5b88ce2ee2841e9b6c24d78f93bb027141bf678
Reviewed-on: https://go-review.googlesource.com/7290
Reviewed-by: Andrew Gerrand <adg@golang.org>
Reviewed-by: Burcu Dogan <jbd@google.com>
diff --git a/oauth2.go b/oauth2.go
index 4350a67..e4b42fe 100644
--- a/oauth2.go
+++ b/oauth2.go
@@ -414,6 +414,21 @@
return []string{v}
}
+var brokenAuthHeaderProviders = []string{
+ "https://accounts.google.com/",
+ "https://www.googleapis.com/",
+ "https://github.com/",
+ "https://api.instagram.com/",
+ "https://www.douban.com/",
+ "https://api.dropbox.com/",
+ "https://api.soundcloud.com/",
+ "https://www.linkedin.com/",
+ "https://api.twitch.tv/",
+ "https://oauth.vk.com/",
+ "https://api.odnoklassniki.ru/",
+ "https://connect.stripe.com/",
+}
+
// providerAuthHeaderWorks reports whether the OAuth2 server identified by the tokenURL
// implements the OAuth2 spec correctly
// See https://code.google.com/p/goauth2/issues/detail?id=31 for background.
@@ -423,20 +438,11 @@
// - Google only accepts URL param (not spec compliant?), not Auth header
// - Stripe only accepts client secret in Auth header with Bearer method, not Basic
func providerAuthHeaderWorks(tokenURL string) bool {
- if strings.HasPrefix(tokenURL, "https://accounts.google.com/") ||
- strings.HasPrefix(tokenURL, "https://www.googleapis.com/") ||
- strings.HasPrefix(tokenURL, "https://github.com/") ||
- strings.HasPrefix(tokenURL, "https://api.instagram.com/") ||
- strings.HasPrefix(tokenURL, "https://www.douban.com/") ||
- strings.HasPrefix(tokenURL, "https://api.dropbox.com/") ||
- strings.HasPrefix(tokenURL, "https://api.soundcloud.com/") ||
- strings.HasPrefix(tokenURL, "https://www.linkedin.com/") ||
- strings.HasPrefix(tokenURL, "https://api.twitch.tv/") ||
- strings.HasPrefix(tokenURL, "https://oauth.vk.com/") ||
- strings.HasPrefix(tokenURL, "http://api.odnoklassniki.ru/") ||
- strings.HasPrefix(tokenURL, "https://connect.stripe.com/") {
- // Some sites fail to implement the OAuth2 spec fully.
- return false
+ for _, s := range brokenAuthHeaderProviders {
+ if strings.HasPrefix(tokenURL, s) {
+ // Some sites fail to implement the OAuth2 spec fully.
+ return false
+ }
}
// Assume the provider implements the spec properly
diff --git a/oauth2_test.go b/oauth2_test.go
index 908a190..df40ee9 100644
--- a/oauth2_test.go
+++ b/oauth2_test.go
@@ -407,3 +407,20 @@
t.Error(err)
}
}
+
+func Test_providerAuthHeaderWorks(t *testing.T) {
+ for _, p := range brokenAuthHeaderProviders {
+ if providerAuthHeaderWorks(p) {
+ t.Errorf("URL: %s not found in list", p)
+ }
+ p := fmt.Sprintf("%ssomesuffix", p)
+ if providerAuthHeaderWorks(p) {
+ t.Errorf("URL: %s not found in list", p)
+ }
+ }
+ p := "https://api.not-in-the-list-example.com/"
+ if !providerAuthHeaderWorks(p) {
+ t.Errorf("URL: %s found in list", p)
+ }
+
+}
