diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 880f2ce..981ae91 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-22.04 strategy: matrix: - go: ['1.23', '1.24'] + go: ['1.24', '1.25'] name: Go ${{ matrix.go }} test steps: - uses: actions/checkout@v6 diff --git a/README.md b/README.md index b60e17c..1f8fc5e 100644 --- a/README.md +++ b/README.md @@ -27,18 +27,18 @@ The most important packages of the library: Supported SAML features: -| Feature | Identity provider | -| --- | --- | -| POST-binding | yes | -| Redirect-binding | yes | -| Artifact-binding | [no](https://github.com/zitadel/zitadel/issues/3089) | -| Request signing | yes | -| Response signing | yes | -| Metadata signing | yes | -| Response encryption | [no](https://github.com/zitadel/zitadel/issues/3090) | -| Assertion Query/Request | no | -| Attribute Query | yes | -| NameID Mapping | no | +| Feature | Identity provider | +|-------------------------|------------------------------------------------------| +| POST-binding | yes | +| Redirect-binding | yes | +| Artifact-binding | [no](https://github.com/zitadel/zitadel/issues/3089) | +| Request signing | yes | +| Response signing | yes | +| Metadata signing | yes | +| Response encryption | [no](https://github.com/zitadel/zitadel/issues/3090) | +| Assertion Query/Request | no | +| Attribute Query | yes | +| NameID Mapping | no | ## Resources @@ -55,15 +55,13 @@ For your convenience you can find the relevant standards linked below. ## Supported Go Versions -For security reasons, we only support and recommend the use of one of the latest three Go versions (:white_check_mark:) -. -Versions that also build are marked with :warning:. +For security reasons, we only support and recommend the use of one of the latest three Go versions (:white_check_mark:). | Version | Supported | -| ------- | ------------------ | -| <1.23 | :x: | -| 1.23 | :white_check_mark: | +|---------|--------------------| +| <1.24 | :x: | | 1.24 | :white_check_mark: | +| 1.25 | :white_check_mark: | ## Why another library diff --git a/go.mod b/go.mod index 524216c..e8e9951 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/zitadel/saml -go 1.23.7 +go 1.24.10 require ( github.com/amdonov/xmlsig v0.1.0 diff --git a/pkg/provider/login.go b/pkg/provider/login.go index 435f951..e156d7d 100644 --- a/pkg/provider/login.go +++ b/pkg/provider/login.go @@ -2,6 +2,7 @@ package provider import ( "context" + "errors" "fmt" "net/http" @@ -66,25 +67,25 @@ func (p *IdentityProvider) callbackHandleFunc(w http.ResponseWriter, r *http.Req func (p *IdentityProvider) loginResponse(ctx context.Context, authRequest models.AuthRequestInt, response *Response) (*samlp.ResponseType, error) { if !authRequest.Done() { logging.Error(StatusCodeAuthNFailed) - return nil, fmt.Errorf(StatusCodeAuthNFailed) + return nil, errors.New(StatusCodeAuthNFailed) } attrs := &Attributes{} if err := p.storage.SetUserinfoWithUserID(ctx, authRequest.GetApplicationID(), attrs, authRequest.GetUserID(), []int{}); err != nil { logging.Error(err) - return nil, fmt.Errorf(StatusCodeInvalidAttrNameOrValue) + return nil, errors.New(StatusCodeInvalidAttrNameOrValue) } cert, key, err := getResponseCert(ctx, p.storage) if err != nil { logging.Error(err) - return nil, fmt.Errorf(StatusCodeInvalidAttrNameOrValue) + return nil, errors.New(StatusCodeInvalidAttrNameOrValue) } samlResponse := response.makeSuccessfulResponse(attrs, p.TimeFormat, p.Expiration) if err := createSignature(response, samlResponse, key, cert, p.conf.SignatureAlgorithm); err != nil { logging.Error(err) - return nil, fmt.Errorf(StatusCodeResponder) + return nil, errors.New(StatusCodeResponder) } return samlResponse, nil } diff --git a/pkg/provider/response.go b/pkg/provider/response.go index f868602..e03a321 100644 --- a/pkg/provider/response.go +++ b/pkg/provider/response.go @@ -13,7 +13,7 @@ import ( "github.com/zitadel/saml/pkg/provider/xml/samlp" ) -var ( +const ( StatusCodeSuccess = "urn:oasis:names:tc:SAML:2.0:status:Success" StatusCodeVersionMissmatch = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch" StatusCodeAuthNFailed = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed" diff --git a/pkg/provider/signature/certificates.go b/pkg/provider/signature/certificates.go index 805abcc..6e25196 100644 --- a/pkg/provider/signature/certificates.go +++ b/pkg/provider/signature/certificates.go @@ -26,7 +26,7 @@ func ParseCertificates(certStrs []string) ([]*x509.Certificate, error) { certStr = strings.TrimPrefix(strings.TrimSuffix(certStr, "-----ENDCERTIFICATE-----"), "-----BEGINCERTIFICATE-----") certBytes, err := base64.StdEncoding.DecodeString(certStr) if err != nil { - return nil, fmt.Errorf("failed to decode certificate:" + err.Error()) + return nil, fmt.Errorf("failed to decode certificate: %v", err) } block, _ := pem.Decode(certBytes) if block != nil { @@ -34,7 +34,7 @@ func ParseCertificates(certStrs []string) ([]*x509.Certificate, error) { } parsedCert, err := x509.ParseCertificate(certBytes) if err != nil { - return nil, fmt.Errorf("failed to parse certificate: " + err.Error()) + return nil, fmt.Errorf("failed to parse certificate: %s", err) } certs[i] = parsedCert } diff --git a/pkg/provider/signature/signature_test.go b/pkg/provider/signature/signature_test.go index 1dad5e1..ffb6ce7 100644 --- a/pkg/provider/signature/signature_test.go +++ b/pkg/provider/signature/signature_test.go @@ -250,18 +250,18 @@ func TestSignature_ValidateRedirect(t *testing.T) { certBytes, err := base64.StdEncoding.DecodeString(certStr) if err != nil { - t.Errorf("failed to parse PEM block containing the public key") + t.Error("failed to parse PEM block containing the public key") return } parsedCert, err := x509.ParseCertificate(certBytes) if err != nil { - t.Errorf("failed to parse certificate: " + err.Error()) + t.Errorf("failed to parse certificate: %v", err) return } signatureValue, err := base64.StdEncoding.DecodeString(tt.args.sig) if err != nil { - t.Errorf("failed to decode sig: " + err.Error()) + t.Errorf("failed to decode sig: %v", err) return }