go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-17 00:17:40 +02:00
Code Issues Releases Activity

Preserve projects after RefreshSession

Browse Source 
RefreshSession will override session.Groups with the new
`groups` claims. We need to preserve all `project:` prefixed
groups and reattach them post refresh.
This commit is contained in:
Nick Meves
2021-06-19 15:18:50 -07:00
parent 11c2177f18
commit 95f9de5979
2 changed files with 101 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
providers/gitlab_test.go
View File

@ -307,4 +307,55 @@ var _ = Describe("Gitlab Provider Tests", func() {
}),
)
})
Context("when refreshing", func() {
It("keeps existing projects after refreshing groups", func() {
session := &sessions.SessionState{}
session.Groups = []string{"foo", "bar", "project:thing", "project:sample"}
p.oidcRefreshFunc = func(_ context.Context, s *sessions.SessionState) (bool, error) {
s.Groups = []string{"baz"}
return true, nil
}
refreshed, err := p.RefreshSession(context.Background(), session)
Expect(refreshed).To(BeTrue())
Expect(err).ToNot(HaveOccurred())
Expect(len(session.Groups)).To(Equal(3))
Expect(session.Groups).
To(ContainElements([]string{"baz", "project:thing", "project:sample"}))
})
It("leaves existing groups when not refreshed", func() {
session := &sessions.SessionState{}
session.Groups = []string{"foo", "bar", "project:thing", "project:sample"}
p.oidcRefreshFunc = func(_ context.Context, s *sessions.SessionState) (bool, error) {
return false, nil
}
refreshed, err := p.RefreshSession(context.Background(), session)
Expect(refreshed).To(BeFalse())
Expect(err).ToNot(HaveOccurred())
Expect(len(session.Groups)).To(Equal(4))
Expect(session.Groups).
To(ContainElements([]string{"foo", "bar", "project:thing", "project:sample"}))
})
It("leaves existing groups when OIDC refresh errors", func() {
session := &sessions.SessionState{}
session.Groups = []string{"foo", "bar", "project:thing", "project:sample"}
p.oidcRefreshFunc = func(_ context.Context, s *sessions.SessionState) (bool, error) {
return false, errors.New("failure")
}
refreshed, err := p.RefreshSession(context.Background(), session)
Expect(refreshed).To(BeFalse())
Expect(err).To(HaveOccurred())
Expect(len(session.Groups)).To(Equal(4))
Expect(session.Groups).
To(ContainElements([]string{"foo", "bar", "project:thing", "project:sample"}))
})
})
})