go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-15 00:15:00 +02:00
Code Issues Releases Activity

Always encrypt sessions regardless of configuration

Browse Source
This commit is contained in:
Timo Beckers
2020-02-24 12:23:35 +01:00
committed by Joel Speed
parent 0c9795a964
commit 276d1c6f19
4 changed files with 49 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
oauthproxy_test.go
View File

@ -29,6 +29,13 @@ import (
"golang.org/x/net/websocket"
)
const (
// The rawCookieSecret is 32 bytes and the base64CookieSecret is the base64
// encoded version of this.
rawCookieSecret = "secretthirtytwobytes+abcdefghijk"
base64CookieSecret = "c2VjcmV0dGhpcnR5dHdvYnl0ZXMrYWJjZGVmZ2hpamsK"
)
func init() {
logger.SetFlags(logger.Lshortfile)
@ -166,7 +173,7 @@ func TestRobotsTxt(t *testing.T) {
opts := options.NewOptions()
opts.ClientID = "asdlkjx"
opts.ClientSecret = "alkgks"
opts.Cookie.Secret = "asdkugkj"
opts.Cookie.Secret = rawCookieSecret
validation.Validate(opts)
proxy := NewOAuthProxy(opts, func(string) bool { return true })
@ -181,7 +188,7 @@ func TestIsValidRedirect(t *testing.T) {
opts := options.NewOptions()
opts.ClientID = "skdlfj"
opts.ClientSecret = "fgkdsgj"
opts.Cookie.Secret = "ljgiogbj"
opts.Cookie.Secret = base64CookieSecret
// Should match domains that are exactly foo.bar and any subdomain of bar.foo
opts.WhitelistDomains = []string{
"foo.bar",
@ -794,7 +801,7 @@ func NewSignInPageTest(skipProvider bool) *SignInPageTest {
var sipTest SignInPageTest
sipTest.opts = options.NewOptions()
sipTest.opts.Cookie.Secret = "adklsj2"
sipTest.opts.Cookie.Secret = rawCookieSecret
sipTest.opts.ClientID = "lkdgj"
sipTest.opts.ClientSecret = "sgiufgoi"
sipTest.opts.SkipProviderButton = skipProvider
@ -1208,7 +1215,7 @@ func TestAuthSkippedForPreflightRequests(t *testing.T) {
opts.Upstreams = append(opts.Upstreams, upstream.URL)
opts.ClientID = "aljsal"
opts.ClientSecret = "jglkfsdgj"
opts.Cookie.Secret = "dkfjgdls"
opts.Cookie.Secret = base64CookieSecret
opts.SkipAuthPreflight = true
validation.Validate(opts)
@ -1255,7 +1262,7 @@ type SignatureTest struct {
func NewSignatureTest() *SignatureTest {
opts := options.NewOptions()
opts.Cookie.Secret = "cookie secret"
opts.Cookie.Secret = rawCookieSecret
opts.ClientID = "client ID"
opts.ClientSecret = "client secret"
opts.EmailDomains = []string{"acm.org"}
@ -1402,7 +1409,7 @@ type ajaxRequestTest struct {
func newAjaxRequestTest() *ajaxRequestTest {
test := &ajaxRequestTest{}
test.opts = options.NewOptions()
test.opts.Cookie.Secret = "sdflsw"
test.opts.Cookie.Secret = base64CookieSecret
test.opts.ClientID = "gkljfdl"
test.opts.ClientSecret = "sdflkjs"
validation.Validate(test.opts)