Merge pull request #2 from gambol99/rj/wip

fixes

Merge pull request #2 from gambol99/rj/wip
13880bee · Rohith · 6356a837 · 9515bded · 13880bee · 13880bee
Commit 13880bee authored 9 years ago by Rohith
--- a/Makefile
+++ b/Makefile

 NAME=keycloak-proxy
+AUTHOR=gambol99
 HARDWARE=$(shell uname -m)
 VERSION=$(shell awk '/Version =/ { print $$3 }' doc.go | sed 's/"//g')
 DEPS=$(shell go list -f '{{range .TestImports}}{{.}} {{end}}' ./...)
@@ -20,6 +21,10 @@ static:
 	mkdir -p bin
 	CGO_ENABLED=0 GOOS=linux godep go build -a -tags netgo -ldflags '-w' -o bin/${NAME}

+docker: static
+	@echo "--> Building the docker image"
+	sudo docker build -t docker.io/${AUTHOR}/${NAME}:${VERSION} .
+
 release: static
 	mkdir -p release
 	gzip -c bin/${NAME} > release/${NAME}_${VERSION}_linux_${HARDWARE}.gz

--- a/handlers.go
+++ b/handlers.go
@@ -17,9 +17,8 @@ package main

 import (
 	"net/http"
-	"net/http/httputil"
-	"time"
 	"strings"
+	"time"

 	"github.com/gin-gonic/gin"
 	"github.com/golang/glog"
@@ -33,6 +32,7 @@ import (
 //  c) proxyHandler is responsible for handling the reverse proxy to the upstream endpoint
 //

+/*
 // loggingHandler is logging middleware
 func (r *KeycloakProxy) loggingHandler() gin.HandlerFunc {
 	return func(cx *gin.Context) {
@@ -42,6 +42,7 @@ func (r *KeycloakProxy) loggingHandler() gin.HandlerFunc {
 		}
 	}
 }
+*/

 // authenticationHandler is responsible for verifying the access token
 func (r *KeycloakProxy) authenticationHandler(cx *gin.Context) {

--- a/oauth.go
+++ b/oauth.go
@@ -112,19 +112,19 @@ func (r *KeycloakProxy) callbackHandler(cx *gin.Context) {
 			return
 		}

-		glog.Infof("retrieved the refresh token for user: %s, expires at: %s", identity, ident.ExpiresAt)
+		glog.Infof("retrieved the refresh token for user: %s, expires at: %s", identity.Email, ident.ExpiresAt)

 		// step: create the state session
 		state := &SessionState{
 			refreshToken: response.RefreshToken,
 		}

-		max_session := time.Now().Add(r.config.MaxSessionDuration)
-		switch max_session.After(ident.ExpiresAt) {
+		maxSession := time.Now().Add(r.config.MaxSessionDuration)
+		switch maxSession.After(ident.ExpiresAt) {
 		case true:
 			state.expireOn = ident.ExpiresAt
 		default:
-			state.expireOn = max_session
+			state.expireOn = maxSession
 		}

 		if err := r.createSessionState(state, cx); err != nil {
@@ -154,7 +154,6 @@ func (r *KeycloakProxy) refreshAccessToken(refreshToken string) (jose.JWT, time.
 		return jose.JWT{}, time.Time{}, err
 	}

-
 	return token, identity.ExpiresAt, nil
 }


--- a/server.go
+++ b/server.go
@@ -58,8 +58,6 @@ func NewProxy(cfg *Config) (*KeycloakProxy, error) {
 	glog.V(3).Infof("initializing the http router, listening: %s", cfg.Listen)

 	service.router = gin.Default()
-	service.router.Use(service.loggingHandler())
-
 	for _, resource := range cfg.Resources {
 		glog.Infof("protecting resource: %s", resource)
 		for _, method := range resource.Methods {
@@ -97,7 +95,7 @@ func (r *KeycloakProxy) Run() error {

 // redirectToURL redirects the user and aborts the context
 func (r KeycloakProxy) redirectToURL(url string, cx *gin.Context) {
-	glog.V(10).Infof("redirecting the client to: %s", url)
+	glog.Infof("redirecting the client to: %s", url)
 	cx.Redirect(http.StatusTemporaryRedirect, url)
 	cx.Abort()
 }

--- a/session.go
+++ b/session.go
@@ -58,7 +58,7 @@ func (r *KeycloakProxy) refreshUserSessionToken(cx *gin.Context) (jose.JWT, erro
 	}

 	// step: inject the refreshed access token
-	glog.V(10).Infof("injecting the refreshed access token into seesion, expires on: %s", expires)
+	glog.Infof("injecting the refreshed access token into seesion, expires on: %s", expires)

 	// step: create the session
 	if err := r.createSession(token, expires, cx); err != nil {
@@ -144,7 +144,7 @@ func (r *KeycloakProxy) getUserContext(token jose.JWT) (*UserContext, error) {

 // createSession creates a session cookie with the access token
 func (r *KeycloakProxy) createSession(token jose.JWT, expires time.Time, cx *gin.Context) error {
-	glog.V(10).Infof("creating a user session cookie, expires on: %s, token: %s", expires, token)
+	glog.V(10).Infof("creating a user session cookie, expires on: %s, token: %s", expires, token.Encode())
 	http.SetCookie(cx.Writer, createSessionCookie(token.Encode(), cx.Request.Host, expires))

 	return nil

--- a/session_test.go
+++ b/session_test.go
@@ -14,3 +14,52 @@ limitations under the License.
 */

 package main
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetUserContext(t *testing.T) {
+
+}
+
+func TestEncodeState(t *testing.T) {
+	proxy := newFakeKeycloakProxy(t)
+
+	state := &SessionState{
+		refreshToken: "this is a fake session",
+		expireOn:     time.Now(),
+	}
+
+	session, err := proxy.encodeState(state)
+	assert.NotEmpty(t, session)
+	assert.NoError(t, err)
+}
+
+func TestDecodeState(t *testing.T) {
+	proxy := newFakeKeycloakProxy(t)
+
+	fakeToken := "this is a fake session"
+	fakeExpiresOn := time.Now()
+
+	state := &SessionState{
+		refreshToken: fakeToken,
+		expireOn:     fakeExpiresOn,
+	}
+
+	session, err := proxy.encodeState(state)
+	assert.NotEmpty(t, session)
+	if err != nil {
+		t.Errorf("the encodeState() should not have handed an error")
+		t.FailNow()
+	}
+
+	decoded, err := proxy.decodeState(session)
+	assert.NotNil(t, decoded, "the session should not have been nil")
+	if assert.NoError(t, err, "the decodeState() should not have thrown an error") {
+		assert.Equal(t, fakeToken, decoded.refreshToken, "the token should been the same")
+	}
+}
--- a/util_test.go
+++ b/util_test.go
@@ -26,10 +26,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-func TestIsValidMethod(t *testing.T) {
-
-}
-
 func TestEncryptDataBlock(t *testing.T) {
 	testCase := []struct {
 		Text string