Skip to content
Snippets Groups Projects
Commit 13880bee authored by Rohith's avatar Rohith
Browse files

Merge pull request #2 from gambol99/rj/wip

fixes
parents 6356a837 9515bded
No related branches found
No related tags found
No related merge requests found
NAME=keycloak-proxy NAME=keycloak-proxy
AUTHOR=gambol99
HARDWARE=$(shell uname -m) HARDWARE=$(shell uname -m)
VERSION=$(shell awk '/Version =/ { print $$3 }' doc.go | sed 's/"//g') VERSION=$(shell awk '/Version =/ { print $$3 }' doc.go | sed 's/"//g')
DEPS=$(shell go list -f '{{range .TestImports}}{{.}} {{end}}' ./...) DEPS=$(shell go list -f '{{range .TestImports}}{{.}} {{end}}' ./...)
...@@ -20,6 +21,10 @@ static: ...@@ -20,6 +21,10 @@ static:
mkdir -p bin mkdir -p bin
CGO_ENABLED=0 GOOS=linux godep go build -a -tags netgo -ldflags '-w' -o bin/${NAME} CGO_ENABLED=0 GOOS=linux godep go build -a -tags netgo -ldflags '-w' -o bin/${NAME}
docker: static
@echo "--> Building the docker image"
sudo docker build -t docker.io/${AUTHOR}/${NAME}:${VERSION} .
release: static release: static
mkdir -p release mkdir -p release
gzip -c bin/${NAME} > release/${NAME}_${VERSION}_linux_${HARDWARE}.gz gzip -c bin/${NAME} > release/${NAME}_${VERSION}_linux_${HARDWARE}.gz
......
...@@ -17,9 +17,8 @@ package main ...@@ -17,9 +17,8 @@ package main
import ( import (
"net/http" "net/http"
"net/http/httputil"
"time"
"strings" "strings"
"time"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/golang/glog" "github.com/golang/glog"
...@@ -33,6 +32,7 @@ import ( ...@@ -33,6 +32,7 @@ import (
// c) proxyHandler is responsible for handling the reverse proxy to the upstream endpoint // c) proxyHandler is responsible for handling the reverse proxy to the upstream endpoint
// //
/*
// loggingHandler is logging middleware // loggingHandler is logging middleware
func (r *KeycloakProxy) loggingHandler() gin.HandlerFunc { func (r *KeycloakProxy) loggingHandler() gin.HandlerFunc {
return func(cx *gin.Context) { return func(cx *gin.Context) {
...@@ -42,6 +42,7 @@ func (r *KeycloakProxy) loggingHandler() gin.HandlerFunc { ...@@ -42,6 +42,7 @@ func (r *KeycloakProxy) loggingHandler() gin.HandlerFunc {
} }
} }
} }
*/
// authenticationHandler is responsible for verifying the access token // authenticationHandler is responsible for verifying the access token
func (r *KeycloakProxy) authenticationHandler(cx *gin.Context) { func (r *KeycloakProxy) authenticationHandler(cx *gin.Context) {
......
...@@ -112,19 +112,19 @@ func (r *KeycloakProxy) callbackHandler(cx *gin.Context) { ...@@ -112,19 +112,19 @@ func (r *KeycloakProxy) callbackHandler(cx *gin.Context) {
return return
} }
glog.Infof("retrieved the refresh token for user: %s, expires at: %s", identity, ident.ExpiresAt) glog.Infof("retrieved the refresh token for user: %s, expires at: %s", identity.Email, ident.ExpiresAt)
// step: create the state session // step: create the state session
state := &SessionState{ state := &SessionState{
refreshToken: response.RefreshToken, refreshToken: response.RefreshToken,
} }
max_session := time.Now().Add(r.config.MaxSessionDuration) maxSession := time.Now().Add(r.config.MaxSessionDuration)
switch max_session.After(ident.ExpiresAt) { switch maxSession.After(ident.ExpiresAt) {
case true: case true:
state.expireOn = ident.ExpiresAt state.expireOn = ident.ExpiresAt
default: default:
state.expireOn = max_session state.expireOn = maxSession
} }
if err := r.createSessionState(state, cx); err != nil { if err := r.createSessionState(state, cx); err != nil {
...@@ -154,7 +154,6 @@ func (r *KeycloakProxy) refreshAccessToken(refreshToken string) (jose.JWT, time. ...@@ -154,7 +154,6 @@ func (r *KeycloakProxy) refreshAccessToken(refreshToken string) (jose.JWT, time.
return jose.JWT{}, time.Time{}, err return jose.JWT{}, time.Time{}, err
} }
return token, identity.ExpiresAt, nil return token, identity.ExpiresAt, nil
} }
......
...@@ -58,8 +58,6 @@ func NewProxy(cfg *Config) (*KeycloakProxy, error) { ...@@ -58,8 +58,6 @@ func NewProxy(cfg *Config) (*KeycloakProxy, error) {
glog.V(3).Infof("initializing the http router, listening: %s", cfg.Listen) glog.V(3).Infof("initializing the http router, listening: %s", cfg.Listen)
service.router = gin.Default() service.router = gin.Default()
service.router.Use(service.loggingHandler())
for _, resource := range cfg.Resources { for _, resource := range cfg.Resources {
glog.Infof("protecting resource: %s", resource) glog.Infof("protecting resource: %s", resource)
for _, method := range resource.Methods { for _, method := range resource.Methods {
...@@ -97,7 +95,7 @@ func (r *KeycloakProxy) Run() error { ...@@ -97,7 +95,7 @@ func (r *KeycloakProxy) Run() error {
// redirectToURL redirects the user and aborts the context // redirectToURL redirects the user and aborts the context
func (r KeycloakProxy) redirectToURL(url string, cx *gin.Context) { func (r KeycloakProxy) redirectToURL(url string, cx *gin.Context) {
glog.V(10).Infof("redirecting the client to: %s", url) glog.Infof("redirecting the client to: %s", url)
cx.Redirect(http.StatusTemporaryRedirect, url) cx.Redirect(http.StatusTemporaryRedirect, url)
cx.Abort() cx.Abort()
} }
......
...@@ -58,7 +58,7 @@ func (r *KeycloakProxy) refreshUserSessionToken(cx *gin.Context) (jose.JWT, erro ...@@ -58,7 +58,7 @@ func (r *KeycloakProxy) refreshUserSessionToken(cx *gin.Context) (jose.JWT, erro
} }
// step: inject the refreshed access token // step: inject the refreshed access token
glog.V(10).Infof("injecting the refreshed access token into seesion, expires on: %s", expires) glog.Infof("injecting the refreshed access token into seesion, expires on: %s", expires)
// step: create the session // step: create the session
if err := r.createSession(token, expires, cx); err != nil { if err := r.createSession(token, expires, cx); err != nil {
...@@ -144,7 +144,7 @@ func (r *KeycloakProxy) getUserContext(token jose.JWT) (*UserContext, error) { ...@@ -144,7 +144,7 @@ func (r *KeycloakProxy) getUserContext(token jose.JWT) (*UserContext, error) {
// createSession creates a session cookie with the access token // createSession creates a session cookie with the access token
func (r *KeycloakProxy) createSession(token jose.JWT, expires time.Time, cx *gin.Context) error { func (r *KeycloakProxy) createSession(token jose.JWT, expires time.Time, cx *gin.Context) error {
glog.V(10).Infof("creating a user session cookie, expires on: %s, token: %s", expires, token) glog.V(10).Infof("creating a user session cookie, expires on: %s, token: %s", expires, token.Encode())
http.SetCookie(cx.Writer, createSessionCookie(token.Encode(), cx.Request.Host, expires)) http.SetCookie(cx.Writer, createSessionCookie(token.Encode(), cx.Request.Host, expires))
return nil return nil
......
...@@ -14,3 +14,52 @@ limitations under the License. ...@@ -14,3 +14,52 @@ limitations under the License.
*/ */
package main package main
import (
"testing"
"time"
"github.com/stretchr/testify/assert"
)
func TestGetUserContext(t *testing.T) {
}
func TestEncodeState(t *testing.T) {
proxy := newFakeKeycloakProxy(t)
state := &SessionState{
refreshToken: "this is a fake session",
expireOn: time.Now(),
}
session, err := proxy.encodeState(state)
assert.NotEmpty(t, session)
assert.NoError(t, err)
}
func TestDecodeState(t *testing.T) {
proxy := newFakeKeycloakProxy(t)
fakeToken := "this is a fake session"
fakeExpiresOn := time.Now()
state := &SessionState{
refreshToken: fakeToken,
expireOn: fakeExpiresOn,
}
session, err := proxy.encodeState(state)
assert.NotEmpty(t, session)
if err != nil {
t.Errorf("the encodeState() should not have handed an error")
t.FailNow()
}
decoded, err := proxy.decodeState(session)
assert.NotNil(t, decoded, "the session should not have been nil")
if assert.NoError(t, err, "the decodeState() should not have thrown an error") {
assert.Equal(t, fakeToken, decoded.refreshToken, "the token should been the same")
}
}
...@@ -26,10 +26,6 @@ import ( ...@@ -26,10 +26,6 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
func TestIsValidMethod(t *testing.T) {
}
func TestEncryptDataBlock(t *testing.T) { func TestEncryptDataBlock(t *testing.T) {
testCase := []struct { testCase := []struct {
Text string Text string
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment