Skip to content
Snippets Groups Projects
Commit e4424ac1 authored by Rohith's avatar Rohith
Browse files

Merge branch 'master' of github.com:gambol99/keycloak-proxy

parents aaf4ac55 eaa4f349
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
handlers.go
+ 11
0
View file @ e4424ac1
...@@ -24,9 +24,11 @@ import ( ...@@ -24,9 +24,11 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"path" "path"
"strings"
"time" "time"
log "github.com/Sirupsen/logrus" log "github.com/Sirupsen/logrus"
"github.com/coreos/go-oidc/oauth2"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
) )
...@@ -234,6 +236,15 @@ func (r *oauthProxy) loginHandler(cx *gin.Context) { ...@@ -234,6 +236,15 @@ func (r *oauthProxy) loginHandler(cx *gin.Context) {
// step: request the access token via // step: request the access token via
token, err := client.UserCredsToken(username, password) token, err := client.UserCredsToken(username, password)
if err != nil { if err != nil {
if strings.HasPrefix(err.Error(), oauth2.ErrorInvalidGrant) {
log.WithFields(log.Fields{
"client_ip": cx.ClientIP(),
"error": err.Error(),
}).Errorf("invalid user credentials provided")
cx.AbortWithStatus(http.StatusUnauthorized)
return
}
log.WithFields(log.Fields{ log.WithFields(log.Fields{
"client_ip": cx.ClientIP(), "client_ip": cx.ClientIP(),
"error": err.Error(), "error": err.Error(),
......
handlers_test.go
+ 5
0
View file @ e4424ac1
...@@ -112,6 +112,11 @@ func TestLoginHandler(t *testing.T) { ...@@ -112,6 +112,11 @@ func TestLoginHandler(t *testing.T) {
Password: "test", Password: "test",
ExpectedCode: http.StatusOK, ExpectedCode: http.StatusOK,
}, },
{
Username: "test",
Password: "notmypassword",
ExpectedCode: http.StatusUnauthorized,
},
} }
for i, x := range cs { for i, x := range cs {
......
oauth_test.go
+ 17
5
View file @ e4424ac1
...@@ -76,6 +76,11 @@ Ka0WPQGKjQJhZRtqDAT3sfnrEEUa34+MkXQeKFCu6Yi0dRFic4iqOYU= ...@@ -76,6 +76,11 @@ Ka0WPQGKjQJhZRtqDAT3sfnrEEUa34+MkXQeKFCu6Yi0dRFic4iqOYU=
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----
` `
const (
validUsername = "test"
validPassword = "test"
)
type fakeDiscoveryResponse struct { type fakeDiscoveryResponse struct {
AuthorizationEndpoint string `json:"authorization_endpoint"` AuthorizationEndpoint string `json:"authorization_endpoint"`
EndSessionEndpoint string `json:"end_session_endpoint"` EndSessionEndpoint string `json:"end_session_endpoint"`
...@@ -227,12 +232,19 @@ func (r *fakeOAuthServer) tokenHandler(cx *gin.Context) { ...@@ -227,12 +232,19 @@ func (r *fakeOAuthServer) tokenHandler(cx *gin.Context) {
cx.AbortWithStatus(http.StatusBadRequest) cx.AbortWithStatus(http.StatusBadRequest)
return return
} }
if username == validUsername && password == validPassword {
cx.JSON(http.StatusOK, tokenResponse{ cx.JSON(http.StatusOK, tokenResponse{
IDToken: token.Encode(), IDToken: token.Encode(),
AccessToken: token.Encode(), AccessToken: token.Encode(),
RefreshToken: token.Encode(), RefreshToken: token.Encode(),
ExpiresIn: expiration.Second(), ExpiresIn: expiration.Second(),
}) })
return
}
cx.JSON(http.StatusUnauthorized, gin.H{
"error": "invalid_grant",
"error_description": "Invalid user credentials",
})
case oauth2.GrantTypeAuthCode: case oauth2.GrantTypeAuthCode:
cx.JSON(http.StatusOK, tokenResponse{ cx.JSON(http.StatusOK, tokenResponse{
IDToken: token.Encode(), IDToken: token.Encode(),
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment