Merge pull request #407 from segmentio/sign-in-redirect

nginx auth_request: fix -skip-provider-button
This commit is contained in:
Jehiah Czebotar 2017-08-28 20:57:09 -04:00 committed by GitHub
commit b1e29c329b
2 changed files with 47 additions and 10 deletions

View File

@ -482,7 +482,11 @@ func (p *OAuthProxy) SignIn(rw http.ResponseWriter, req *http.Request) {
p.SaveSession(rw, req, session)
http.Redirect(rw, req, redirect, 302)
} else {
p.SignInPage(rw, req, 200)
if p.SkipProviderButton {
p.OAuthStart(rw, req)
} else {
p.SignInPage(rw, req, http.StatusOK)
}
}
}

View File

@ -3,9 +3,6 @@ package main
import (
"crypto"
"encoding/base64"
"github.com/18F/hmacauth"
"github.com/bitly/oauth2_proxy/providers"
"github.com/bmizerany/assert"
"io"
"io/ioutil"
"log"
@ -17,6 +14,10 @@ import (
"strings"
"testing"
"time"
"github.com/18F/hmacauth"
"github.com/bitly/oauth2_proxy/providers"
"github.com/bmizerany/assert"
)
func init() {
@ -359,26 +360,30 @@ func TestDoNotForwardAccessTokenUpstream(t *testing.T) {
}
type SignInPageTest struct {
opts *Options
proxy *OAuthProxy
sign_in_regexp *regexp.Regexp
opts *Options
proxy *OAuthProxy
sign_in_regexp *regexp.Regexp
sign_in_provider_regexp *regexp.Regexp
}
const signInRedirectPattern = `<input type="hidden" name="rd" value="(.*)">`
const signInSkipProvider = `>Found<`
func NewSignInPageTest() *SignInPageTest {
func NewSignInPageTest(skipProvider bool) *SignInPageTest {
var sip_test SignInPageTest
sip_test.opts = NewOptions()
sip_test.opts.CookieSecret = "foobar"
sip_test.opts.ClientID = "bazquux"
sip_test.opts.ClientSecret = "xyzzyplugh"
sip_test.opts.SkipProviderButton = skipProvider
sip_test.opts.Validate()
sip_test.proxy = NewOAuthProxy(sip_test.opts, func(email string) bool {
return true
})
sip_test.sign_in_regexp = regexp.MustCompile(signInRedirectPattern)
sip_test.sign_in_provider_regexp = regexp.MustCompile(signInSkipProvider)
return &sip_test
}
@ -391,7 +396,7 @@ func (sip_test *SignInPageTest) GetEndpoint(endpoint string) (int, string) {
}
func TestSignInPageIncludesTargetRedirect(t *testing.T) {
sip_test := NewSignInPageTest()
sip_test := NewSignInPageTest(false)
const endpoint = "/some/random/endpoint"
code, body := sip_test.GetEndpoint(endpoint)
@ -409,7 +414,7 @@ func TestSignInPageIncludesTargetRedirect(t *testing.T) {
}
func TestSignInPageDirectAccessRedirectsToRoot(t *testing.T) {
sip_test := NewSignInPageTest()
sip_test := NewSignInPageTest(false)
code, body := sip_test.GetEndpoint("/oauth2/sign_in")
assert.Equal(t, 200, code)
@ -423,6 +428,34 @@ func TestSignInPageDirectAccessRedirectsToRoot(t *testing.T) {
}
}
func TestSignInPageSkipProvider(t *testing.T) {
sip_test := NewSignInPageTest(true)
const endpoint = "/some/random/endpoint"
code, body := sip_test.GetEndpoint(endpoint)
assert.Equal(t, 302, code)
match := sip_test.sign_in_provider_regexp.FindStringSubmatch(body)
if match == nil {
t.Fatal("Did not find pattern in body: " +
signInSkipProvider + "\nBody:\n" + body)
}
}
func TestSignInPageSkipProviderDirect(t *testing.T) {
sip_test := NewSignInPageTest(true)
const endpoint = "/sign_in"
code, body := sip_test.GetEndpoint(endpoint)
assert.Equal(t, 302, code)
match := sip_test.sign_in_provider_regexp.FindStringSubmatch(body)
if match == nil {
t.Fatal("Did not find pattern in body: " +
signInSkipProvider + "\nBody:\n" + body)
}
}
type ProcessCookieTest struct {
opts *Options
proxy *OAuthProxy