v2.0 & cleanup changes

* bump version to 2.0
* remove --cookie-https-only option
* add windows build to dist.sh
* rename --cookie-key to --cookie-name

.travis.yml

@@ -3,10 +3,11 @@ go:
   - 1.3.3
   - 1.4.2
 script:
-  - curl -s https://raw.githubusercontent.com/pote/gpm/v1.3.1/bin/gpm > gpm
+  - curl -s https://raw.githubusercontent.com/pote/gpm/v1.3.2/bin/gpm > gpm
   - chmod +x gpm
   - ./gpm install
   - ./test.sh
+sudo: false
 notifications:
   email: false
 

README.md

@@ -17,7 +17,7 @@ to validate accounts by email, domain or group.
 
 ## Installation
 
-1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v1.1.1`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin`
+1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.0`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin`
 2. Select a Provider and Register an OAuth Application with a Provider
 3. Configure OAuth2 Proxy using config file, command line options, or environment variables
 4. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
@@ -99,8 +99,7 @@ Usage of oauth2_proxy:
   -cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)*
   -cookie-expire=168h0m0s: expire timeframe for cookie
   -cookie-httponly=true: set HttpOnly cookie flag
-  -cookie-https-only=true: set secure (HTTPS) cookies (deprecated. use --cookie-secure setting)
-  -cookie-key="_oauth2proxy": the name of the cookie that the oauth_proxy creates
+  -cookie-key="_oauth2_proxy": the name of the cookie that the oauth_proxy creates
   -cookie-refresh=0: refresh the cookie when less than this much time remains before expiration; 0 to disable
   -cookie-secret="": the seed string for secure cookies
   -cookie-secure=true: set secure (HTTPS) cookie flag

contrib/oauth2_proxy.cfg.example

@@ -54,7 +54,7 @@
 # custom_templates_dir = ""
 
 ## Cookie Settings
-## Key    - the cookie name
+## Name    - the cookie name
 ## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes
 ##          for use with an AES cipher when cookie_refresh or pass_access_token
 ##          is set
@@ -65,7 +65,7 @@
 ##           Refresh revalidated the OAuth token to ensure it is still valid. ie: 24h
 ## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended)
 ## HttpOnly - httponly cookies are not readable by javascript (recommended)
-# cookie_key = "_oauth2proxy"
+# cookie_name = "_oauth2_proxy"
 # cookie_secret = ""
 # cookie_domain = ""
 # cookie_expire = "168h"

dist.sh

@@ -18,7 +18,7 @@ goversion=$(go version | awk '{print $3}')
 echo "... running tests"
 ./test.sh || exit 1
 
-for os in linux darwin; do
+for os in windows linux darwin; do
     echo "... building v$version for $os/$arch"
     BUILD=$(mktemp -d -t oauth2_proxy)
     TARGET="oauth2_proxy-$version.$os-$arch.$goversion"

main.go

@@ -46,12 +46,11 @@ func main() {
 	flagSet.String("custom-templates-dir", "", "path to custom html templates")
 	flagSet.String("proxy-prefix", "/oauth2", "the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in)")
 
-	flagSet.String("cookie-key", "_oauth2proxy", "the name of the cookie that the oauth_proxy creates")
+	flagSet.String("cookie-name", "_oauth2_proxy", "the name of the cookie that the oauth_proxy creates")
 	flagSet.String("cookie-secret", "", "the seed string for secure cookies")
 	flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*")
 	flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie")
-	flagSet.Duration("cookie-refresh", time.Duration(0)*time.Hour, "refresh the cookie when less than this much time remains before expiration; 0 to disable")
-	flagSet.Bool("cookie-https-only", true, "set secure (HTTPS) cookies (deprecated. use --cookie-secure setting)")
+	flagSet.Duration("cookie-refresh", time.Duration(0), "refresh the cookie when less than this much time remains before expiration; 0 to disable")
 	flagSet.Bool("cookie-secure", true, "set secure (HTTPS) cookie flag")
 	flagSet.Bool("cookie-httponly", true, "set HttpOnly cookie flag")
 

oauthproxy.go

@@ -21,7 +21,7 @@ import (
 
 type OauthProxy struct {
 	CookieSeed     string
-	CookieKey      string
+	CookieName     string
 	CookieDomain   string
 	CookieSecure   bool
 	CookieHttpOnly bool
@@ -109,12 +109,8 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
 	if domain == "" {
 		domain = "<default>"
 	}
-	if !opts.CookieHttpsOnly {
-		log.Printf("Warning: cookie-https-only setting is deprecated and will be removed in a future version. use cookie-secure")
-		opts.CookieSecure = opts.CookieHttpsOnly
-	}
 
-	log.Printf("Cookie settings: name:%s secure (https):%v httponly:%v expiry:%s domain:%s", opts.CookieKey, opts.CookieSecure, opts.CookieHttpOnly, opts.CookieExpire, domain)
+	log.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s", opts.CookieName, opts.CookieSecure, opts.CookieHttpOnly, opts.CookieExpire, domain)
 
 	var aes_cipher cipher.Block
 	if opts.PassAccessToken || (opts.CookieRefresh != time.Duration(0)) {
@@ -127,7 +123,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
 	}
 
 	return &OauthProxy{
-		CookieKey:      opts.CookieKey,
+		CookieName:     opts.CookieName,
 		CookieSeed:     opts.CookieSecret,
 		CookieDomain:   opts.CookieDomain,
 		CookieSecure:   opts.CookieSecure,
@@ -208,11 +204,11 @@ func (p *OauthProxy) MakeCookie(req *http.Request, value string, expiration time
 	}
 
 	if value != "" {
-		value = signedCookieValue(p.CookieSeed, p.CookieKey, value)
+		value = signedCookieValue(p.CookieSeed, p.CookieName, value)
 	}
 
 	return &http.Cookie{
-		Name:     p.CookieKey,
+		Name:     p.CookieName,
 		Value:    value,
 		Path:     "/",
 		Domain:   domain,
@@ -233,7 +229,7 @@ func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val st
 func (p *OauthProxy) ProcessCookie(rw http.ResponseWriter, req *http.Request) (email, user, access_token string, ok bool) {
 	var value string
 	var timestamp time.Time
-	cookie, err := req.Cookie(p.CookieKey)
+	cookie, err := req.Cookie(p.CookieName)
 	if err == nil {
 		value, timestamp, ok = validateCookie(cookie, p.CookieSeed)
 		if ok {

oauthproxy_test.go

@@ -193,9 +193,9 @@ func (pat_test *PassAccessTokenTest) getCallbackEndpoint() (http_code int,
 }
 
 func (pat_test *PassAccessTokenTest) getRootEndpoint(cookie string) (http_code int, access_token string) {
-	cookie_key := pat_test.proxy.CookieKey
+	cookieName := pat_test.proxy.CookieName
 	var value string
-	key_prefix := cookie_key + "="
+	key_prefix := cookieName + "="
 
 	for _, field := range strings.Split(cookie, "; ") {
 		value = strings.TrimPrefix(field, key_prefix)
@@ -214,7 +214,7 @@ func (pat_test *PassAccessTokenTest) getRootEndpoint(cookie string) (http_code i
 		return 0, ""
 	}
 	req.AddCookie(&http.Cookie{
-		Name:     cookie_key,
+		Name:     cookieName,
 		Value:    value,
 		Path:     "/",
 		Expires:  time.Now().Add(time.Duration(24)),

options.go

@@ -29,14 +29,13 @@ type Options struct {
 	DisplayHtpasswdForm     bool     `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
 	CustomTemplatesDir      string   `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
 
-	CookieKey       string        `flag:"cookie-key" cfg:"cookie_key" env:"OAUTH2_PROXY_COOKIE_KEY"`
-	CookieSecret    string        `flag:"cookie-secret" cfg:"cookie_secret" env:"OAUTH2_PROXY_COOKIE_SECRET"`
-	CookieDomain    string        `flag:"cookie-domain" cfg:"cookie_domain" env:"OAUTH2_PROXY_COOKIE_DOMAIN"`
-	CookieExpire    time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"OAUTH2_PROXY_COOKIE_EXPIRE"`
-	CookieRefresh   time.Duration `flag:"cookie-refresh" cfg:"cookie_refresh" env:"OAUTH2_PROXY_COOKIE_REFRESH"`
-	CookieHttpsOnly bool          `flag:"cookie-https-only" cfg:"cookie_https_only"` // deprecated use cookie-secure
-	CookieSecure    bool          `flag:"cookie-secure" cfg:"cookie_secure"`
-	CookieHttpOnly  bool          `flag:"cookie-httponly" cfg:"cookie_httponly"`
+	CookieName     string        `flag:"cookie-name" cfg:"cookie_name" env:"OAUTH2_PROXY_COOKIE_NAME"`
+	CookieSecret   string        `flag:"cookie-secret" cfg:"cookie_secret" env:"OAUTH2_PROXY_COOKIE_SECRET"`
+	CookieDomain   string        `flag:"cookie-domain" cfg:"cookie_domain" env:"OAUTH2_PROXY_COOKIE_DOMAIN"`
+	CookieExpire   time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"OAUTH2_PROXY_COOKIE_EXPIRE"`
+	CookieRefresh  time.Duration `flag:"cookie-refresh" cfg:"cookie_refresh" env:"OAUTH2_PROXY_COOKIE_REFRESH"`
+	CookieSecure   bool          `flag:"cookie-secure" cfg:"cookie_secure"`
+	CookieHttpOnly bool          `flag:"cookie-httponly" cfg:"cookie_httponly"`
 
 	Upstreams       []string `flag:"upstream" cfg:"upstreams"`
 	SkipAuthRegex   []string `flag:"skip-auth-regex" cfg:"skip_auth_regex"`
@@ -68,8 +67,7 @@ func NewOptions() *Options {
 		HttpAddress:         "127.0.0.1:4180",
 		HttpsAddress:        ":443",
 		DisplayHtpasswdForm: true,
-		CookieKey:           "_oauthproxy",
-		CookieHttpsOnly:     true,
+		CookieName:          "_oauth2_proxy",
 		CookieSecure:        true,
 		CookieHttpOnly:      true,
 		CookieExpire:        time.Duration(168) * time.Hour,

version.go

@@ -1,3 +1,3 @@
 package main
 
-const VERSION = "1.1.1"
+const VERSION = "2.0"