- fixing the --cookie-domain option (#137)

- adding extra test for verify the cookie domain is working correctly

cli.go

@@ -179,7 +179,7 @@ func getCLIOptions() []cli.Flag {
 			Name:  "http-only-cookie",
 			Usage: "enforces the cookie is in http only mode, default to false",
 		},
-		cli.StringSliceFlag{
+		cli.StringFlag{
 			Name:  "cookie-domain",
 			Usage: "a domain the access cookie is available to, defaults host header",
 		},

cookies_test.go

@@ -16,11 +16,45 @@ limitations under the License.
 package main
 
 import (
+	"net/http"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 )
 
+func TestCookieDomainHostHeader(t *testing.T) {
+	svc := newTestService()
+	resp, err := makeTestCodeFlowLogin(svc + "/admin")
+	assert.NoError(t, err)
+	assert.NotNil(t, resp)
+
+	var cookie *http.Cookie
+	for _, c := range resp.Cookies() {
+		if c.Name == "kc-access" {
+			cookie = c
+		}
+	}
+	assert.NotNil(t, cookie)
+	assert.Equal(t, cookie.Domain, "127.0.0.1")
+}
+
+func TestCookieDomain(t *testing.T) {
+	p, _, svc := newTestProxyService(nil)
+	p.config.CookieDomain = "domain.com"
+	resp, err := makeTestCodeFlowLogin(svc + "/admin")
+	assert.NoError(t, err)
+	assert.NotNil(t, resp)
+
+	var cookie *http.Cookie
+	for _, c := range resp.Cookies() {
+		if c.Name == "kc-access" {
+			cookie = c
+		}
+	}
+	assert.NotNil(t, cookie)
+	assert.Equal(t, cookie.Domain, "domain.com")
+}
+
 func TestDropCookie(t *testing.T) {
 	p, _, _ := newTestProxyService(nil)
 

server_test.go

@@ -269,39 +269,48 @@ func newFakeGinContext(method, uri string) *gin.Context {
 
 // makeTestOauthLogin performs a fake oauth login into the service, retrieving the access token
 func makeTestOauthLogin(location string) (string, error) {
-	u, err := url.Parse(location)
+	resp, err := makeTestCodeFlowLogin(location)
 	if err != nil {
 		return "", err
 	}
+
+	// step: check the cookie is there
+	for _, c := range resp.Cookies() {
+		if c.Name == "kc-access" {
+			return c.Value, nil
+		}
+	}
+
+	return "", errors.New("access cookie not found in response from oauth service")
+}
+
+func makeTestCodeFlowLogin(location string) (*http.Response, error) {
+	u, err := url.Parse(location)
+	if err != nil {
+		return nil, err
+	}
 	// step: get the redirect
-	var response *http.Response
+	var resp *http.Response
 	for count := 0; count < 4; count++ {
 		req, err := http.NewRequest("GET", location, nil)
 		if err != nil {
-			return "", err
+			return nil, err
 		}
 		// step: make the request
-		response, err = http.DefaultTransport.RoundTrip(req)
+		resp, err = http.DefaultTransport.RoundTrip(req)
 		if err != nil {
-			return "", err
+			return nil, err
 		}
-		if response.StatusCode != http.StatusTemporaryRedirect {
-			return "", errors.New("no redirection found in response")
+		if resp.StatusCode != http.StatusTemporaryRedirect {
+			return nil, errors.New("no redirection found in resp")
 		}
-		location = response.Header.Get("Location")
+		location = resp.Header.Get("Location")
 		if !strings.HasPrefix(location, "http") {
 			location = fmt.Sprintf("%s://%s%s", u.Scheme, u.Host, location)
 		}
 	}
 
-	// step: check the cookie is there
-	for _, c := range response.Cookies() {
-		if c.Name == "kc-access" {
-			return c.Value, nil
-		}
-	}
-
-	return "", errors.New("access cookie not found in response from oauth service")
+	return resp, nil
 }
 
 func newFakeGinContextWithCookies(method, url string, cookies []*http.Cookie) *gin.Context {