1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-30 09:16:52 +02:00
Commit Graph

11 Commits

Author SHA1 Message Date
Andrew Hamade
7fe6384f38
Fix Linting Errors (#1835)
* initial commit: add groups to azure

Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com>

* fix deprecations and linting errors

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* remove groups testing from azure provider

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* fix test error

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* verify-generate

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com>
Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>
2022-10-21 11:57:51 +01:00
Valentin Pichard
2b4c8a9846 Add the allowed_email_domains and the allowed_groups on the auth_request endpoint + support standard wildcard char for validation with sub-domain and email-domain.
Signed-off-by: Valentin Pichard <github@w3st.fr>
2022-02-14 18:03:20 +01:00
Moraru Costel
7a83d18f23
Extend email-domain validation with sub-domain capability (#1233)
* Extend email-domain validation with sub-domain capability

* Adding the CHANGELOG entry

* Fixing lint erros

* Fixing lint erros

* Renamed the emailDomains to allowedDomains, plus tests

* Bringing together all basic test-cases

* Fixing unit tests

* Add unit tests to validate additional vulnerability concerns
2021-06-29 19:37:03 +01:00
Dan Bond
9d0a0c7426
remove unnecessary validator tests (#288)
* remove unnecessary validator tests

* fix WriteString error
2019-10-18 08:49:33 -07:00
Joel Speed
8ee802d4e5
Lint for non-comment linter errors 2018-11-29 14:26:41 +00:00
Jehiah Czebotar
c4905f2347 Switch from gpm -> dep for dependency management 2017-11-16 20:58:11 -05:00
Stan Hu
dd4642813b Ignore spaces in authorized emails list 2015-12-23 00:08:51 -08:00
Mike Bland
5f2df7167a Ensure watcher tests don't block during shutdown
These test failures from #93 inspired this change:
https://travis-ci.org/bitly/google_auth_proxy/jobs/62474406
https://travis-ci.org/bitly/google_auth_proxy/jobs/62474407

Both tests exhibited this pattern:
2015/05/13 22:10:54 validating: is xyzzy@example.com valid? false
2015/05/13 22:10:54 watching interrupted on event: "/tmp/test_auth_emails_300880185": CHMOD
2015/05/13 22:10:54 watching resumed for /tmp/test_auth_emails_300880185
2015/05/13 22:10:54 reloading after event: "/tmp/test_auth_emails_300880185": CHMOD
panic: test timed out after 1m0s

[snip]

goroutine 175 [chan send]:
github.com/bitly/google_auth_proxy.(*ValidatorTest).TearDown(0xc2080bc330)
        /home/travis/gopath/src/github.com/bitly/google_auth_proxy/validator_test.go:27 +0x43
github.com/bitly/google_auth_proxy.TestValidatorOverwriteEmailListViaRenameAndReplace(0xc2080f2480)
        /home/travis/gopath/src/github.com/bitly/google_auth_proxy/validator_watcher_test.go:103 +0x3b9

[snip]

goroutine 177 [chan send]:
github.com/bitly/google_auth_proxy.func·017()
        /home/travis/gopath/src/github.com/bitly/google_auth_proxy/validator_test.go:34 +0x41

I realized that the spurious CHMOD events were causing calls to
`func() { updated <- true }` (from validator_test.go:34), which caused
the goroutine running the watcher to block. At the same time,
ValidatorTest.TearDown was blocked by trying to send into the `done` channel.
The solution was to create a flag that ensured only one value was ever sent
into the update channel.
2015-05-13 18:48:39 -04:00
Mike Bland
6a0f119fc2 Provide graceful shutdown of file watcher in tests
This test failure from #92 inspired this change:
https://travis-ci.org/bitly/google_auth_proxy/jobs/62425336

2015/05/13 16:27:33 using authenticated emails file /tmp/test_auth_emails_952353477
2015/05/13 16:27:33 watching /tmp/test_auth_emails_952353477 for updates
2015/05/13 16:27:33 validating: is xyzzy@example.com valid? true
2015/05/13 16:27:33 watching interrupted on event: "/tmp/test_auth_emails_952353477": CHMOD
2015/05/13 16:27:33 watching resumed for /tmp/test_auth_emails_952353477
2015/05/13 16:27:33 reloading after event: "/tmp/test_auth_emails_952353477": CHMOD
2015/05/13 16:27:33 watching interrupted on event: "/tmp/test_auth_emails_952353477": REMOVE
2015/05/13 16:27:33 validating: is xyzzy@example.com valid? false
2015/05/13 16:27:33 watching resumed for /tmp/test_auth_emails_952353477
2015/05/13 16:27:33 reloading after event: "/tmp/test_auth_emails_952353477": REMOVE
2015/05/13 16:27:33 failed opening authenticated-emails-file="/tmp/test_auth_emails_952353477", open /tmp/test_auth_emails_952353477: no such file or directory

I believe that what happened was that the call to reload the file after the
second "reloading after event" lost the race when the test shut down and the
file was removed. This change introduces a `done` channel that ensures
outstanding actions complete and the watcher exits before the test removes the
file.
2015-05-13 18:02:22 -04:00
Mike Bland
ca91b5eddd Reload authenticated-emails-file upon update
This change extracts the UserMap class from NewValidator() so that its
LoadAuthenticatedEmailsFile() method can be called concurrently. This method
is called by a goroutine containing a fsnotify.Watcher watching the
authenticated emails file.

Watching isn't forever aborted when the authenticated emails file disappears.
The goroutine will call os.Stat() up to twenty times a second if the file is
persistently missing, but that's the pathological case, not the common one.

The common case is that some editors (including Vim) will perform a
rename-and-replace when updating a file, triggering fsnotify.Rename events,
and the file will temporarily disappear. This watcher goroutine handles that
case.

Also, on some platforms (notably Arch Linux), a remove will be preceded by a
fsnotify.Chmod, causing a race between the upcoming fsnotify.Remove and the
call to UserMap.LoadAuthenticatedEmailsFile(). Hence, we treat fsnotify.Chmod
the same as fsnotify.Remove and fsnotify.Rename. There's no significant
penalty to re-adding a file to the watcher.

Also contains the following small changes from the summary of commits below:

- Minor optimization of email domain search
- Fixed api_test.go on Windows
- Add deferred File.Close() calls where needed
- Log error and return if emails file doesn't parse

These are the original commits from #89 squashed into this one:

0c6f2b6 Refactor validator_test to prepare for more tests
e0c792b Add more test cases to validator_test
a9a9d93 Minor optimization of email domain search
b763ea5 Extract LoadAuthenticatedEmailsFile()
8cdaf7f Introduce synchronized UserMap type
1b84eef Add UserMap methods, locking
af15dcf Reload authenticated-emails-file upon update
6d95548 Make UserMap operations lock-free
        Per:
        - http://stackoverflow.com/questions/21447463/is-assigning-a-pointer-atomic-in-golang
        - https://groups.google.com/forum/#!msg/golang-nuts/ueSvaEKgyLY/ZW_74IC4PekJ
75755d5 Fix tests on Windows
d0eab2e Ignore email file watcher Chmod events
0b9798b Fix watcher on Ubuntu 12.04
3a8251a WaitForReplacement() to retry emails file watch
a57fd29 Add deferred File.Close() calls where needed
        Because correctness: Don't leak file handles anywhere, and prepare for
        future panics and early returns.
52ed3fd Log error and return if emails file doesn't parse
40100d4 Add gopkg.in/fsnotify.v1 dependency to Godeps file
17dfbbc Avoid a race when Remove is preceded by Chmod
2015-05-12 10:39:18 -04:00
Mike Bland
781f34e817 Make address/domain comparisons case-insensitive 2015-04-07 17:25:46 -04:00