1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-01-06 03:53:54 +02:00

Merge branch 'master' into banner-flag

This commit is contained in:
Henry Jenkins 2019-07-02 14:03:21 +01:00 committed by GitHub
commit aa37564655
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 76 additions and 56 deletions

13
.golangci.yml Normal file
View File

@ -0,0 +1,13 @@
run:
deadline: 120s
linters:
enable:
- govet
- golint
- ineffassign
- goconst
- deadcode
- gofmt
- goimports
enable-all: false
disable-all: true

View File

@ -6,8 +6,7 @@ install:
- wget -O dep https://github.com/golang/dep/releases/download/v0.5.0/dep-linux-amd64 - wget -O dep https://github.com/golang/dep/releases/download/v0.5.0/dep-linux-amd64
- chmod +x dep - chmod +x dep
- mv dep $GOPATH/bin/dep - mv dep $GOPATH/bin/dep
- go get github.com/alecthomas/gometalinter - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $GOPATH/bin v1.17.1
- gometalinter --install
script: script:
- ./configure && make test - ./configure && make test
sudo: false sudo: false

View File

@ -63,6 +63,7 @@
- [#141](https://github.com/pusher/oauth2_proxy/pull/141) Check google group membership based on email address (@bchess) - [#141](https://github.com/pusher/oauth2_proxy/pull/141) Check google group membership based on email address (@bchess)
- Google Group membership is additionally checked via email address, allowing users outside a GSuite domain to be authorized. - Google Group membership is additionally checked via email address, allowing users outside a GSuite domain to be authorized.
- [#195](https://github.com/pusher/outh2_proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed (@steakunderscore) - [#195](https://github.com/pusher/outh2_proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed (@steakunderscore)
- [#198](https://github.com/pusher/outh2_proxy/pull/198) Switch from gometalinter to golangci-lint (@steakunderscore)
# v3.2.0 # v3.2.0

View File

@ -3,6 +3,7 @@ FROM golang:1.12-stretch AS builder
# Download tools # Download tools
RUN wget -O $GOPATH/bin/dep https://github.com/golang/dep/releases/download/v0.5.0/dep-linux-amd64 RUN wget -O $GOPATH/bin/dep https://github.com/golang/dep/releases/download/v0.5.0/dep-linux-amd64
RUN chmod +x $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.17.1
# Copy sources # Copy sources
WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy

View File

@ -3,6 +3,7 @@ FROM golang:1.12-stretch AS builder
# Download tools # Download tools
RUN wget -O $GOPATH/bin/dep https://github.com/golang/dep/releases/download/v0.5.0/dep-linux-amd64 RUN wget -O $GOPATH/bin/dep https://github.com/golang/dep/releases/download/v0.5.0/dep-linux-amd64
RUN chmod +x $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.17.1
# Copy sources # Copy sources
WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy

View File

@ -3,6 +3,7 @@ FROM golang:1.12-stretch AS builder
# Download tools # Download tools
RUN wget -O $GOPATH/bin/dep https://github.com/golang/dep/releases/download/v0.5.0/dep-linux-amd64 RUN wget -O $GOPATH/bin/dep https://github.com/golang/dep/releases/download/v0.5.0/dep-linux-amd64
RUN chmod +x $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.17.1
# Copy sources # Copy sources
WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy

View File

@ -17,17 +17,7 @@ distclean: clean
.PHONY: lint .PHONY: lint
lint: lint:
$(GOMETALINTER) --vendor --disable-all \ $(GOLANGCILINT) run
--enable=vet \
--enable=vetshadow \
--enable=golint \
--enable=ineffassign \
--enable=goconst \
--enable=deadcode \
--enable=gofmt \
--enable=goimports \
--deadline=120s \
--tests ./...
.PHONY: dep .PHONY: dep
dep: dep:

4
configure vendored
View File

@ -126,7 +126,7 @@ check_for go
check_go_version check_go_version
check_go_env check_go_env
check_for dep check_for dep
check_for gometalinter check_for golangci-lint
echo echo
@ -135,7 +135,7 @@ cat <<- EOF > .env
GO := "${tools[go]}" GO := "${tools[go]}"
GO_VERSION := ${tools[go_version]} GO_VERSION := ${tools[go_version]}
DEP := "${tools[dep]}" DEP := "${tools[dep]}"
GOMETALINTER := "${tools[gometalinter]}" GOLANGCILINT := "${tools[golangci-lint]}"
EOF EOF
echo "Environment configuration written to .env" echo "Environment configuration written to .env"

View File

@ -8,6 +8,9 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
const localhost = "127.0.0.1"
const host = "test-server"
func TestGCPHealthcheckLiveness(t *testing.T) { func TestGCPHealthcheckLiveness(t *testing.T) {
handler := func(w http.ResponseWriter, req *http.Request) { handler := func(w http.ResponseWriter, req *http.Request) {
w.Write([]byte("test")) w.Write([]byte("test"))
@ -16,8 +19,8 @@ func TestGCPHealthcheckLiveness(t *testing.T) {
h := gcpHealthcheck(http.HandlerFunc(handler)) h := gcpHealthcheck(http.HandlerFunc(handler))
rw := httptest.NewRecorder() rw := httptest.NewRecorder()
r, _ := http.NewRequest("GET", "/liveness_check", nil) r, _ := http.NewRequest("GET", "/liveness_check", nil)
r.RemoteAddr = "127.0.0.1" r.RemoteAddr = localhost
r.Host = "test-server" r.Host = host
h.ServeHTTP(rw, r) h.ServeHTTP(rw, r)
assert.Equal(t, 200, rw.Code) assert.Equal(t, 200, rw.Code)
@ -32,8 +35,8 @@ func TestGCPHealthcheckReadiness(t *testing.T) {
h := gcpHealthcheck(http.HandlerFunc(handler)) h := gcpHealthcheck(http.HandlerFunc(handler))
rw := httptest.NewRecorder() rw := httptest.NewRecorder()
r, _ := http.NewRequest("GET", "/readiness_check", nil) r, _ := http.NewRequest("GET", "/readiness_check", nil)
r.RemoteAddr = "127.0.0.1" r.RemoteAddr = localhost
r.Host = "test-server" r.Host = host
h.ServeHTTP(rw, r) h.ServeHTTP(rw, r)
assert.Equal(t, 200, rw.Code) assert.Equal(t, 200, rw.Code)
@ -48,8 +51,8 @@ func TestGCPHealthcheckNotHealthcheck(t *testing.T) {
h := gcpHealthcheck(http.HandlerFunc(handler)) h := gcpHealthcheck(http.HandlerFunc(handler))
rw := httptest.NewRecorder() rw := httptest.NewRecorder()
r, _ := http.NewRequest("GET", "/not_any_check", nil) r, _ := http.NewRequest("GET", "/not_any_check", nil)
r.RemoteAddr = "127.0.0.1" r.RemoteAddr = localhost
r.Host = "test-server" r.Host = host
h.ServeHTTP(rw, r) h.ServeHTTP(rw, r)
assert.Equal(t, "test", rw.Body.String()) assert.Equal(t, "test", rw.Body.String())
@ -63,8 +66,8 @@ func TestGCPHealthcheckIngress(t *testing.T) {
h := gcpHealthcheck(http.HandlerFunc(handler)) h := gcpHealthcheck(http.HandlerFunc(handler))
rw := httptest.NewRecorder() rw := httptest.NewRecorder()
r, _ := http.NewRequest("GET", "/", nil) r, _ := http.NewRequest("GET", "/", nil)
r.RemoteAddr = "127.0.0.1" r.RemoteAddr = localhost
r.Host = "test-server" r.Host = host
r.Header.Set(userAgentHeader, googleHealthCheckUserAgent) r.Header.Set(userAgentHeader, googleHealthCheckUserAgent)
h.ServeHTTP(rw, r) h.ServeHTTP(rw, r)
@ -80,8 +83,8 @@ func TestGCPHealthcheckNotIngress(t *testing.T) {
h := gcpHealthcheck(http.HandlerFunc(handler)) h := gcpHealthcheck(http.HandlerFunc(handler))
rw := httptest.NewRecorder() rw := httptest.NewRecorder()
r, _ := http.NewRequest("GET", "/foo", nil) r, _ := http.NewRequest("GET", "/foo", nil)
r.RemoteAddr = "127.0.0.1" r.RemoteAddr = localhost
r.Host = "test-server" r.Host = host
r.Header.Set(userAgentHeader, googleHealthCheckUserAgent) r.Header.Set(userAgentHeader, googleHealthCheckUserAgent)
h.ServeHTTP(rw, r) h.ServeHTTP(rw, r)
@ -96,8 +99,8 @@ func TestGCPHealthcheckNotIngressPut(t *testing.T) {
h := gcpHealthcheck(http.HandlerFunc(handler)) h := gcpHealthcheck(http.HandlerFunc(handler))
rw := httptest.NewRecorder() rw := httptest.NewRecorder()
r, _ := http.NewRequest("PUT", "/", nil) r, _ := http.NewRequest("PUT", "/", nil)
r.RemoteAddr = "127.0.0.1" r.RemoteAddr = localhost
r.Host = "test-server" r.Host = host
r.Header.Set(userAgentHeader, googleHealthCheckUserAgent) r.Header.Set(userAgentHeader, googleHealthCheckUserAgent)
h.ServeHTTP(rw, r) h.ServeHTTP(rw, r)

View File

@ -161,7 +161,7 @@ func NewFileServer(path string, filesystemPath string) (proxy http.Handler) {
} }
// NewWebSocketOrRestReverseProxy creates a reverse proxy for REST or websocket based on url // NewWebSocketOrRestReverseProxy creates a reverse proxy for REST or websocket based on url
func NewWebSocketOrRestReverseProxy(u *url.URL, opts *Options, auth hmacauth.HmacAuth) (restProxy http.Handler) { func NewWebSocketOrRestReverseProxy(u *url.URL, opts *Options, auth hmacauth.HmacAuth) http.Handler {
u.Path = "" u.Path = ""
proxy := NewReverseProxy(u, opts.FlushInterval) proxy := NewReverseProxy(u, opts.FlushInterval)
if !opts.PassHostHeader { if !opts.PassHostHeader {
@ -177,7 +177,12 @@ func NewWebSocketOrRestReverseProxy(u *url.URL, opts *Options, auth hmacauth.Hma
wsURL := &url.URL{Scheme: wsScheme, Host: u.Host} wsURL := &url.URL{Scheme: wsScheme, Host: u.Host}
wsProxy = wsutil.NewSingleHostReverseProxy(wsURL) wsProxy = wsutil.NewSingleHostReverseProxy(wsURL)
} }
return &UpstreamProxy{u.Host, proxy, wsProxy, auth} return &UpstreamProxy{
upstream: u.Host,
handler: proxy,
wsHandler: wsProxy,
auth: auth,
}
} }
// NewOAuthProxy creates a new instance of OOuthProxy from the options provided // NewOAuthProxy creates a new instance of OOuthProxy from the options provided
@ -202,7 +207,13 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy {
} }
logger.Printf("mapping path %q => file system %q", path, u.Path) logger.Printf("mapping path %q => file system %q", path, u.Path)
proxy := NewFileServer(path, u.Path) proxy := NewFileServer(path, u.Path)
serveMux.Handle(path, &UpstreamProxy{path, proxy, nil, nil}) uProxy := UpstreamProxy{
upstream: path,
handler: proxy,
wsHandler: nil,
auth: nil,
}
serveMux.Handle(path, &uProxy)
default: default:
panic(fmt.Sprintf("unknown upstream protocol %s", u.Scheme)) panic(fmt.Sprintf("unknown upstream protocol %s", u.Scheme))
} }

View File

@ -163,9 +163,9 @@ func TestEncodedSlashes(t *testing.T) {
func TestRobotsTxt(t *testing.T) { func TestRobotsTxt(t *testing.T) {
opts := NewOptions() opts := NewOptions()
opts.ClientID = "bazquux" opts.ClientID = "asdlkjx"
opts.ClientSecret = "foobar" opts.ClientSecret = "alkgks"
opts.CookieSecret = "xyzzyplugh" opts.CookieSecret = "asdkugkj"
opts.Validate() opts.Validate()
proxy := NewOAuthProxy(opts, func(string) bool { return true }) proxy := NewOAuthProxy(opts, func(string) bool { return true })
@ -178,9 +178,9 @@ func TestRobotsTxt(t *testing.T) {
func TestIsValidRedirect(t *testing.T) { func TestIsValidRedirect(t *testing.T) {
opts := NewOptions() opts := NewOptions()
opts.ClientID = "bazquux" opts.ClientID = "skdlfj"
opts.ClientSecret = "foobar" opts.ClientSecret = "fgkdsgj"
opts.CookieSecret = "xyzzyplugh" opts.CookieSecret = "ljgiogbj"
// Should match domains that are exactly foo.bar and any subdomain of bar.foo // Should match domains that are exactly foo.bar and any subdomain of bar.foo
opts.WhitelistDomains = []string{"foo.bar", ".bar.foo"} opts.WhitelistDomains = []string{"foo.bar", ".bar.foo"}
opts.Validate() opts.Validate()
@ -298,8 +298,8 @@ func TestBasicAuthPassword(t *testing.T) {
// The CookieSecret must be 32 bytes in order to create the AES // The CookieSecret must be 32 bytes in order to create the AES
// cipher. // cipher.
opts.CookieSecret = "xyzzyplughxyzzyplughxyzzyplughxp" opts.CookieSecret = "xyzzyplughxyzzyplughxyzzyplughxp"
opts.ClientID = "bazquux" opts.ClientID = "dlgkj"
opts.ClientSecret = "foobar" opts.ClientSecret = "alkgret"
opts.CookieSecure = false opts.CookieSecure = false
opts.PassBasicAuth = true opts.PassBasicAuth = true
opts.PassUserHeaders = true opts.PassUserHeaders = true
@ -392,8 +392,8 @@ func NewPassAccessTokenTest(opts PassAccessTokenTestOptions) *PassAccessTokenTes
// The CookieSecret must be 32 bytes in order to create the AES // The CookieSecret must be 32 bytes in order to create the AES
// cipher. // cipher.
t.opts.CookieSecret = "xyzzyplughxyzzyplughxyzzyplughxp" t.opts.CookieSecret = "xyzzyplughxyzzyplughxyzzyplughxp"
t.opts.ClientID = "bazquux" t.opts.ClientID = "slgkj"
t.opts.ClientSecret = "foobar" t.opts.ClientSecret = "gfjgojl"
t.opts.CookieSecure = false t.opts.CookieSecure = false
t.opts.PassAccessToken = opts.PassAccessToken t.opts.PassAccessToken = opts.PassAccessToken
t.opts.Validate() t.opts.Validate()
@ -518,9 +518,9 @@ func NewSignInPageTest(skipProvider bool) *SignInPageTest {
var sipTest SignInPageTest var sipTest SignInPageTest
sipTest.opts = NewOptions() sipTest.opts = NewOptions()
sipTest.opts.CookieSecret = "foobar" sipTest.opts.CookieSecret = "adklsj2"
sipTest.opts.ClientID = "bazquux" sipTest.opts.ClientID = "lkdgj"
sipTest.opts.ClientSecret = "xyzzyplugh" sipTest.opts.ClientSecret = "sgiufgoi"
sipTest.opts.SkipProviderButton = skipProvider sipTest.opts.SkipProviderButton = skipProvider
sipTest.opts.Validate() sipTest.opts.Validate()
@ -624,8 +624,8 @@ func NewProcessCookieTest(opts ProcessCookieTestOpts, modifiers ...OptionsModifi
for _, modifier := range modifiers { for _, modifier := range modifiers {
modifier(pcTest.opts) modifier(pcTest.opts)
} }
pcTest.opts.ClientID = "bazquux" pcTest.opts.ClientID = "asdfljk"
pcTest.opts.ClientSecret = "xyzzyplugh" pcTest.opts.ClientSecret = "lkjfdsig"
pcTest.opts.CookieSecret = "0123456789abcdefabcd" pcTest.opts.CookieSecret = "0123456789abcdefabcd"
// First, set the CookieRefresh option so proxy.AesCipher is created, // First, set the CookieRefresh option so proxy.AesCipher is created,
// needed to encrypt the access_token. // needed to encrypt the access_token.
@ -860,9 +860,9 @@ func TestAuthSkippedForPreflightRequests(t *testing.T) {
opts := NewOptions() opts := NewOptions()
opts.Upstreams = append(opts.Upstreams, upstream.URL) opts.Upstreams = append(opts.Upstreams, upstream.URL)
opts.ClientID = "bazquux" opts.ClientID = "aljsal"
opts.ClientSecret = "foobar" opts.ClientSecret = "jglkfsdgj"
opts.CookieSecret = "xyzzyplugh" opts.CookieSecret = "dkfjgdls"
opts.SkipAuthPreflight = true opts.SkipAuthPreflight = true
opts.Validate() opts.Validate()
@ -999,8 +999,8 @@ func TestNoRequestSignature(t *testing.T) {
func TestRequestSignatureGetRequest(t *testing.T) { func TestRequestSignatureGetRequest(t *testing.T) {
st := NewSignatureTest() st := NewSignatureTest()
defer st.Close() defer st.Close()
st.opts.SignatureKey = "sha1:foobar" st.opts.SignatureKey = "sha1:7d9e1aa87a5954e6f9fc59266b3af9d7c35fda2d"
st.MakeRequestWithExpectedKey("GET", "", "foobar") st.MakeRequestWithExpectedKey("GET", "", "7d9e1aa87a5954e6f9fc59266b3af9d7c35fda2d")
assert.Equal(t, 200, st.rw.Code) assert.Equal(t, 200, st.rw.Code)
assert.Equal(t, st.rw.Body.String(), "signatures match") assert.Equal(t, st.rw.Body.String(), "signatures match")
} }
@ -1008,9 +1008,9 @@ func TestRequestSignatureGetRequest(t *testing.T) {
func TestRequestSignaturePostRequest(t *testing.T) { func TestRequestSignaturePostRequest(t *testing.T) {
st := NewSignatureTest() st := NewSignatureTest()
defer st.Close() defer st.Close()
st.opts.SignatureKey = "sha1:foobar" st.opts.SignatureKey = "sha1:d90df39e2d19282840252612dd7c81421a372f61"
payload := `{ "hello": "world!" }` payload := `{ "hello": "world!" }`
st.MakeRequestWithExpectedKey("POST", payload, "foobar") st.MakeRequestWithExpectedKey("POST", payload, "d90df39e2d19282840252612dd7c81421a372f61")
assert.Equal(t, 200, st.rw.Code) assert.Equal(t, 200, st.rw.Code)
assert.Equal(t, st.rw.Body.String(), "signatures match") assert.Equal(t, st.rw.Body.String(), "signatures match")
} }
@ -1056,9 +1056,9 @@ type ajaxRequestTest struct {
func newAjaxRequestTest() *ajaxRequestTest { func newAjaxRequestTest() *ajaxRequestTest {
test := &ajaxRequestTest{} test := &ajaxRequestTest{}
test.opts = NewOptions() test.opts = NewOptions()
test.opts.CookieSecret = "foobar" test.opts.CookieSecret = "sdflsw"
test.opts.ClientID = "bazquux" test.opts.ClientID = "gkljfdl"
test.opts.ClientSecret = "xyzzyplugh" test.opts.ClientSecret = "sdflkjs"
test.opts.Validate() test.opts.Validate()
test.proxy = NewOAuthProxy(test.opts, func(email string) bool { test.proxy = NewOAuthProxy(test.opts, func(email string) bool {
return true return true

View File

@ -455,7 +455,7 @@ func parseSignatureKey(o *Options, msgs []string) []string {
return append(msgs, "unsupported signature hash algorithm: "+ return append(msgs, "unsupported signature hash algorithm: "+
o.SignatureKey) o.SignatureKey)
} }
o.signatureData = &SignatureData{hash, secretKey} o.signatureData = &SignatureData{hash: hash, key: secretKey}
return msgs return msgs
} }