- changed the /oauth/login to use post form values rather than query string (#103)

- updated the README to reflect the changes

- changed the /oauth/login to use post form values rather than query string (#103)
d7eb102c · Rohith · GitHub · 02384bcf · d7eb102c · d7eb102c
Commit d7eb102c authored 9 years ago by Rohith Committed by GitHub 9 years ago
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
-#### **1.1.0 (unreleased)**
+#### **1.2.0**
+BREAKING CHANGES:
+ * Changed the /oauth/login handler to use post form values rather than query parameter to ensure (to a degree) they
+   are not logged
+#### **1.1.1**
+FIXES:
+ * Fixed the configuration bug which required a redirection-url even when redirection was shifted off
+#### **1.1.0**
 FIXES:
 * Added a auto build to quay.io on the travis build for master and tags

--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ USAGE:
   keycloak-proxy [options]
 VERSION:
-   v1.1.0 (git+sha: 1209149)
+   v1.2.0 (git+sha: fc38244)
 AUTHOR(S):
   Rohith <gambol99@gmail.com>
@@ -442,6 +442,6 @@ You can control the upstream endpoint via the --upstream-url option. Both http a
 * **/oauth/callback** is provider openid callback endpoint
 * **/oauth/expired** is a helper endpoint to check if a access token has expired, 200 for ok and, 401 for no token and 401 for expired
 * **/oauth/health** is the health checking endpoint for the proxy, you can also grab version from headers
-* **/oauth/login** provides a relay endpoint to login via grant_type=password i.e. POST /oauth/login?username=USERNAME&password=PASSWORD
+* **/oauth/login** provides a relay endpoint to login via grant_type=password i.e. POST /oauth/login form values are username=USERNAME&password=PASSWORD
 * **/oauth/logout** provides a convenient endpoint to log the user out, it will always attempt to perform a back channel logout of offline tokens
 * **/oauth/token** is a helper endpoint which will display the current access token for you
--- a/doc.go
+++ b/doc.go
@@ -21,7 +21,7 @@ import (
 )
 var (
-	release = "v1.1.1"
+	release = "v1.2.0"
 	gitsha  = "no gitsha provided"
 	version = release + " (git+sha: " + gitsha + ")"
 )

--- a/handlers.go
+++ b/handlers.go
@@ -198,8 +198,8 @@ func (r *oauthProxy) oauthCallbackHandler(cx *gin.Context) {
 //
 func (r *oauthProxy) loginHandler(cx *gin.Context) {
 	// step: parse the client credentials
-	username := cx.Request.URL.Query().Get("username")
+	username := cx.Request.PostFormValue("username")
-	password := cx.Request.URL.Query().Get("password")
+	password := cx.Request.PostFormValue("password")
 	if username == "" || password == "" {
 		log.WithFields(log.Fields{

--- a/handlers_test.go
+++ b/handlers_test.go
@@ -115,15 +115,15 @@ func TestLoginHandler(t *testing.T) {
 	for i, x := range cs {
 		u := u + oauthURL + loginURL
-		query := url.Values{}
+		values := url.Values{}
 		if x.Username != "" {
-			query.Add("username", x.Username)
+			values.Add("username", x.Username)
 		}
 		if x.Password != "" {
-			query.Add("password", x.Password)
+			values.Add("password", x.Password)
 		}
-		resp, err := http.Post(u+"?"+query.Encode(), "", nil)
+		resp, err := http.PostForm(u, values)
 		if err != nil {
 			t.Errorf("case %d, unable to make requets, error: %s", i, err)
 			continue