Skip to content
Snippets Groups Projects
Commit d7eb102c authored by Rohith's avatar Rohith Committed by GitHub
Browse files

- changed the /oauth/login to use post form values rather than query string (#103)

- updated the README to reflect the changes
parent 02384bcf
No related branches found
No related tags found
No related merge requests found
#### **1.1.0 (unreleased)**
#### **1.2.0**
BREAKING CHANGES:
* Changed the /oauth/login handler to use post form values rather than query parameter to ensure (to a degree) they
are not logged
#### **1.1.1**
FIXES:
* Fixed the configuration bug which required a redirection-url even when redirection was shifted off
#### **1.1.0**
FIXES:
* Added a auto build to quay.io on the travis build for master and tags
......
......@@ -31,7 +31,7 @@ USAGE:
keycloak-proxy [options]
VERSION:
v1.1.0 (git+sha: 1209149)
v1.2.0 (git+sha: fc38244)
AUTHOR(S):
Rohith <gambol99@gmail.com>
......@@ -442,6 +442,6 @@ You can control the upstream endpoint via the --upstream-url option. Both http a
* **/oauth/callback** is provider openid callback endpoint
* **/oauth/expired** is a helper endpoint to check if a access token has expired, 200 for ok and, 401 for no token and 401 for expired
* **/oauth/health** is the health checking endpoint for the proxy, you can also grab version from headers
* **/oauth/login** provides a relay endpoint to login via grant_type=password i.e. POST /oauth/login?username=USERNAME&password=PASSWORD
* **/oauth/login** provides a relay endpoint to login via grant_type=password i.e. POST /oauth/login form values are username=USERNAME&password=PASSWORD
* **/oauth/logout** provides a convenient endpoint to log the user out, it will always attempt to perform a back channel logout of offline tokens
* **/oauth/token** is a helper endpoint which will display the current access token for you
......@@ -21,7 +21,7 @@ import (
)
var (
release = "v1.1.1"
release = "v1.2.0"
gitsha = "no gitsha provided"
version = release + " (git+sha: " + gitsha + ")"
)
......
......@@ -198,8 +198,8 @@ func (r *oauthProxy) oauthCallbackHandler(cx *gin.Context) {
//
func (r *oauthProxy) loginHandler(cx *gin.Context) {
// step: parse the client credentials
username := cx.Request.URL.Query().Get("username")
password := cx.Request.URL.Query().Get("password")
username := cx.Request.PostFormValue("username")
password := cx.Request.PostFormValue("password")
if username == "" || password == "" {
log.WithFields(log.Fields{
......
......@@ -115,15 +115,15 @@ func TestLoginHandler(t *testing.T) {
for i, x := range cs {
u := u + oauthURL + loginURL
query := url.Values{}
values := url.Values{}
if x.Username != "" {
query.Add("username", x.Username)
values.Add("username", x.Username)
}
if x.Password != "" {
query.Add("password", x.Password)
values.Add("password", x.Password)
}
resp, err := http.Post(u+"?"+query.Encode(), "", nil)
resp, err := http.PostForm(u, values)
if err != nil {
t.Errorf("case %d, unable to make requets, error: %s", i, err)
continue
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment