From d7eb102ca6521295659099c1d0bda3fbdac38d47 Mon Sep 17 00:00:00 2001
From: Rohith <gambol99@gmail.com>
Date: Mon, 20 Jun 2016 14:14:26 +0100
Subject: [PATCH] - changed the /oauth/login to use post form values rather
 than query string (#103)

- updated the README to reflect the changes
---
 CHANGELOG.md     | 14 +++++++++++++-
 README.md        |  4 ++--
 doc.go           |  2 +-
 handlers.go      |  4 ++--
 handlers_test.go |  8 ++++----
 5 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f59a833..08823e2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,17 @@
 
-#### **1.1.0 (unreleased)**
+
+#### **1.2.0**
+
+BREAKING CHANGES:
+ * Changed the /oauth/login handler to use post form values rather than query parameter to ensure (to a degree) they
+   are not logged
+
+#### **1.1.1**
+
+FIXES:
+ * Fixed the configuration bug which required a redirection-url even when redirection was shifted off
+
+#### **1.1.0**
 
 FIXES:
  * Added a auto build to quay.io on the travis build for master and tags
diff --git a/README.md b/README.md
index 947d81b..11c3e22 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ USAGE:
    keycloak-proxy [options]
 
 VERSION:
-   v1.1.0 (git+sha: 1209149)
+   v1.2.0 (git+sha: fc38244)
 
 AUTHOR(S):
    Rohith <gambol99@gmail.com>
@@ -442,6 +442,6 @@ You can control the upstream endpoint via the --upstream-url option. Both http a
 * **/oauth/callback** is provider openid callback endpoint
 * **/oauth/expired** is a helper endpoint to check if a access token has expired, 200 for ok and, 401 for no token and 401 for expired
 * **/oauth/health** is the health checking endpoint for the proxy, you can also grab version from headers
-* **/oauth/login** provides a relay endpoint to login via grant_type=password i.e. POST /oauth/login?username=USERNAME&password=PASSWORD
+* **/oauth/login** provides a relay endpoint to login via grant_type=password i.e. POST /oauth/login form values are username=USERNAME&password=PASSWORD
 * **/oauth/logout** provides a convenient endpoint to log the user out, it will always attempt to perform a back channel logout of offline tokens
 * **/oauth/token** is a helper endpoint which will display the current access token for you
diff --git a/doc.go b/doc.go
index 9ccf21c..d1fa9df 100644
--- a/doc.go
+++ b/doc.go
@@ -21,7 +21,7 @@ import (
 )
 
 var (
-	release = "v1.1.1"
+	release = "v1.2.0"
 	gitsha  = "no gitsha provided"
 	version = release + " (git+sha: " + gitsha + ")"
 )
diff --git a/handlers.go b/handlers.go
index 3e9c63f..814bc32 100644
--- a/handlers.go
+++ b/handlers.go
@@ -198,8 +198,8 @@ func (r *oauthProxy) oauthCallbackHandler(cx *gin.Context) {
 //
 func (r *oauthProxy) loginHandler(cx *gin.Context) {
 	// step: parse the client credentials
-	username := cx.Request.URL.Query().Get("username")
-	password := cx.Request.URL.Query().Get("password")
+	username := cx.Request.PostFormValue("username")
+	password := cx.Request.PostFormValue("password")
 
 	if username == "" || password == "" {
 		log.WithFields(log.Fields{
diff --git a/handlers_test.go b/handlers_test.go
index 2907111..5e92e74 100644
--- a/handlers_test.go
+++ b/handlers_test.go
@@ -115,15 +115,15 @@ func TestLoginHandler(t *testing.T) {
 
 	for i, x := range cs {
 		u := u + oauthURL + loginURL
-		query := url.Values{}
+		values := url.Values{}
 		if x.Username != "" {
-			query.Add("username", x.Username)
+			values.Add("username", x.Username)
 		}
 		if x.Password != "" {
-			query.Add("password", x.Password)
+			values.Add("password", x.Password)
 		}
 
-		resp, err := http.Post(u+"?"+query.Encode(), "", nil)
+		resp, err := http.PostForm(u, values)
 		if err != nil {
 			t.Errorf("case %d, unable to make requets, error: %s", i, err)
 			continue
-- 
GitLab