1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-07-03 01:07:02 +02:00

ACR values should not be automatically added when blank (#598)

* ACR values should not be automatically added when blank

* Added changelog
This commit is contained in:
Scott Guymer
2020-06-02 19:17:27 +02:00
committed by GitHub
parent d8d43bb51b
commit 3aeca4368c
3 changed files with 32 additions and 1 deletions

View File

@ -55,6 +55,7 @@
## Changes since v5.1.1 ## Changes since v5.1.1
- [#598](https://github.com/oauth2-proxy/oauth2-proxy/pull/598) acr_values no longer sent to IdP when empty (@ScottGuymer)
- [#548](https://github.com/oauth2-proxy/oauth2-proxy/pull/548) Separate logging options out of main options structure (@JoelSpeed) - [#548](https://github.com/oauth2-proxy/oauth2-proxy/pull/548) Separate logging options out of main options structure (@JoelSpeed)
- [#536](https://github.com/oauth2-proxy/oauth2-proxy/pull/536) Improvements to Session State code (@JoelSpeed) - [#536](https://github.com/oauth2-proxy/oauth2-proxy/pull/536) Improvements to Session State code (@JoelSpeed)
- [#573](https://github.com/oauth2-proxy/oauth2-proxy/pull/573) Properly parse redis urls for cluster and sentinel connections (@amnay-mo) - [#573](https://github.com/oauth2-proxy/oauth2-proxy/pull/573) Properly parse redis urls for cluster and sentinel connections (@amnay-mo)

View File

@ -94,7 +94,9 @@ func (p *ProviderData) GetLoginURL(redirectURI, state string) string {
a := *p.LoginURL a := *p.LoginURL
params, _ := url.ParseQuery(a.RawQuery) params, _ := url.ParseQuery(a.RawQuery)
params.Set("redirect_uri", redirectURI) params.Set("redirect_uri", redirectURI)
if p.AcrValues != "" {
params.Add("acr_values", p.AcrValues) params.Add("acr_values", p.AcrValues)
}
if p.Prompt != "" { if p.Prompt != "" {
params.Set("prompt", p.Prompt) params.Set("prompt", p.Prompt)
} else { // Legacy variant of the prompt param: } else { // Legacy variant of the prompt param:

View File

@ -2,6 +2,7 @@ package providers
import ( import (
"context" "context"
"net/url"
"testing" "testing"
"time" "time"
@ -19,3 +20,30 @@ func TestRefresh(t *testing.T) {
assert.Equal(t, false, refreshed) assert.Equal(t, false, refreshed)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
} }
func TestAcrValuesNotConfigured(t *testing.T) {
p := &ProviderData{
LoginURL: &url.URL{
Scheme: "http",
Host: "my.test.idp",
Path: "/oauth/authorize",
},
}
result := p.GetLoginURL("https://my.test.app/oauth", "")
assert.NotContains(t, result, "acr_values")
}
func TestAcrValuesConfigured(t *testing.T) {
p := &ProviderData{
LoginURL: &url.URL{
Scheme: "http",
Host: "my.test.idp",
Path: "/oauth/authorize",
},
AcrValues: "testValue",
}
result := p.GetLoginURL("https://my.test.app/oauth", "")
assert.Contains(t, result, "acr_values=testValue")
}