1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-03-17 21:17:53 +02:00

ACR values should not be automatically added when blank (#598)

* ACR values should not be automatically added when blank

* Added changelog
This commit is contained in:
Scott Guymer 2020-06-02 19:17:27 +02:00 committed by GitHub
parent d8d43bb51b
commit 3aeca4368c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 32 additions and 1 deletions

View File

@ -55,6 +55,7 @@
## Changes since v5.1.1
- [#598](https://github.com/oauth2-proxy/oauth2-proxy/pull/598) acr_values no longer sent to IdP when empty (@ScottGuymer)
- [#548](https://github.com/oauth2-proxy/oauth2-proxy/pull/548) Separate logging options out of main options structure (@JoelSpeed)
- [#536](https://github.com/oauth2-proxy/oauth2-proxy/pull/536) Improvements to Session State code (@JoelSpeed)
- [#573](https://github.com/oauth2-proxy/oauth2-proxy/pull/573) Properly parse redis urls for cluster and sentinel connections (@amnay-mo)

View File

@ -94,7 +94,9 @@ func (p *ProviderData) GetLoginURL(redirectURI, state string) string {
a := *p.LoginURL
params, _ := url.ParseQuery(a.RawQuery)
params.Set("redirect_uri", redirectURI)
params.Add("acr_values", p.AcrValues)
if p.AcrValues != "" {
params.Add("acr_values", p.AcrValues)
}
if p.Prompt != "" {
params.Set("prompt", p.Prompt)
} else { // Legacy variant of the prompt param:

View File

@ -2,6 +2,7 @@ package providers
import (
"context"
"net/url"
"testing"
"time"
@ -19,3 +20,30 @@ func TestRefresh(t *testing.T) {
assert.Equal(t, false, refreshed)
assert.Equal(t, nil, err)
}
func TestAcrValuesNotConfigured(t *testing.T) {
p := &ProviderData{
LoginURL: &url.URL{
Scheme: "http",
Host: "my.test.idp",
Path: "/oauth/authorize",
},
}
result := p.GetLoginURL("https://my.test.app/oauth", "")
assert.NotContains(t, result, "acr_values")
}
func TestAcrValuesConfigured(t *testing.T) {
p := &ProviderData{
LoginURL: &url.URL{
Scheme: "http",
Host: "my.test.idp",
Path: "/oauth/authorize",
},
AcrValues: "testValue",
}
result := p.GetLoginURL("https://my.test.app/oauth", "")
assert.Contains(t, result, "acr_values=testValue")
}