diff --git a/.travis.yml b/.travis.yml index 91cd4a4..31f33e2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,10 +3,11 @@ go: - 1.3.3 - 1.4.2 script: - - curl -s https://raw.githubusercontent.com/pote/gpm/v1.3.1/bin/gpm > gpm + - curl -s https://raw.githubusercontent.com/pote/gpm/v1.3.2/bin/gpm > gpm - chmod +x gpm - ./gpm install - ./test.sh +sudo: false notifications: email: false diff --git a/README.md b/README.md index 2541a1f..4cb2bc0 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ to validate accounts by email, domain or group. ## Installation -1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v1.1.1`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin` +1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.0`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin` 2. Select a Provider and Register an OAuth Application with a Provider 3. Configure OAuth2 Proxy using config file, command line options, or environment variables 4. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx) @@ -99,8 +99,7 @@ Usage of oauth2_proxy: -cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)* -cookie-expire=168h0m0s: expire timeframe for cookie -cookie-httponly=true: set HttpOnly cookie flag - -cookie-https-only=true: set secure (HTTPS) cookies (deprecated. use --cookie-secure setting) - -cookie-key="_oauth2proxy": the name of the cookie that the oauth_proxy creates + -cookie-key="_oauth2_proxy": the name of the cookie that the oauth_proxy creates -cookie-refresh=0: refresh the cookie when less than this much time remains before expiration; 0 to disable -cookie-secret="": the seed string for secure cookies -cookie-secure=true: set secure (HTTPS) cookie flag diff --git a/contrib/oauth2_proxy.cfg.example b/contrib/oauth2_proxy.cfg.example index 76320de..1ba1c27 100644 --- a/contrib/oauth2_proxy.cfg.example +++ b/contrib/oauth2_proxy.cfg.example @@ -54,7 +54,7 @@ # custom_templates_dir = "" ## Cookie Settings -## Key - the cookie name +## Name - the cookie name ## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes ## for use with an AES cipher when cookie_refresh or pass_access_token ## is set @@ -65,7 +65,7 @@ ## Refresh revalidated the OAuth token to ensure it is still valid. ie: 24h ## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended) ## HttpOnly - httponly cookies are not readable by javascript (recommended) -# cookie_key = "_oauth2proxy" +# cookie_name = "_oauth2_proxy" # cookie_secret = "" # cookie_domain = "" # cookie_expire = "168h" diff --git a/dist.sh b/dist.sh index cb9e0f6..e069e19 100755 --- a/dist.sh +++ b/dist.sh @@ -18,7 +18,7 @@ goversion=$(go version | awk '{print $3}') echo "... running tests" ./test.sh || exit 1 -for os in linux darwin; do +for os in windows linux darwin; do echo "... building v$version for $os/$arch" BUILD=$(mktemp -d -t oauth2_proxy) TARGET="oauth2_proxy-$version.$os-$arch.$goversion" diff --git a/main.go b/main.go index 5765432..fb97e87 100644 --- a/main.go +++ b/main.go @@ -46,12 +46,11 @@ func main() { flagSet.String("custom-templates-dir", "", "path to custom html templates") flagSet.String("proxy-prefix", "/oauth2", "the url root path that this proxy should be nested under (e.g. //sign_in)") - flagSet.String("cookie-key", "_oauth2proxy", "the name of the cookie that the oauth_proxy creates") + flagSet.String("cookie-name", "_oauth2_proxy", "the name of the cookie that the oauth_proxy creates") flagSet.String("cookie-secret", "", "the seed string for secure cookies") flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*") flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie") - flagSet.Duration("cookie-refresh", time.Duration(0)*time.Hour, "refresh the cookie when less than this much time remains before expiration; 0 to disable") - flagSet.Bool("cookie-https-only", true, "set secure (HTTPS) cookies (deprecated. use --cookie-secure setting)") + flagSet.Duration("cookie-refresh", time.Duration(0), "refresh the cookie when less than this much time remains before expiration; 0 to disable") flagSet.Bool("cookie-secure", true, "set secure (HTTPS) cookie flag") flagSet.Bool("cookie-httponly", true, "set HttpOnly cookie flag") diff --git a/oauthproxy.go b/oauthproxy.go index 4567ff0..6db668f 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -21,7 +21,7 @@ import ( type OauthProxy struct { CookieSeed string - CookieKey string + CookieName string CookieDomain string CookieSecure bool CookieHttpOnly bool @@ -109,12 +109,8 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { if domain == "" { domain = "" } - if !opts.CookieHttpsOnly { - log.Printf("Warning: cookie-https-only setting is deprecated and will be removed in a future version. use cookie-secure") - opts.CookieSecure = opts.CookieHttpsOnly - } - log.Printf("Cookie settings: name:%s secure (https):%v httponly:%v expiry:%s domain:%s", opts.CookieKey, opts.CookieSecure, opts.CookieHttpOnly, opts.CookieExpire, domain) + log.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s", opts.CookieName, opts.CookieSecure, opts.CookieHttpOnly, opts.CookieExpire, domain) var aes_cipher cipher.Block if opts.PassAccessToken || (opts.CookieRefresh != time.Duration(0)) { @@ -127,7 +123,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { } return &OauthProxy{ - CookieKey: opts.CookieKey, + CookieName: opts.CookieName, CookieSeed: opts.CookieSecret, CookieDomain: opts.CookieDomain, CookieSecure: opts.CookieSecure, @@ -208,11 +204,11 @@ func (p *OauthProxy) MakeCookie(req *http.Request, value string, expiration time } if value != "" { - value = signedCookieValue(p.CookieSeed, p.CookieKey, value) + value = signedCookieValue(p.CookieSeed, p.CookieName, value) } return &http.Cookie{ - Name: p.CookieKey, + Name: p.CookieName, Value: value, Path: "/", Domain: domain, @@ -233,7 +229,7 @@ func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val st func (p *OauthProxy) ProcessCookie(rw http.ResponseWriter, req *http.Request) (email, user, access_token string, ok bool) { var value string var timestamp time.Time - cookie, err := req.Cookie(p.CookieKey) + cookie, err := req.Cookie(p.CookieName) if err == nil { value, timestamp, ok = validateCookie(cookie, p.CookieSeed) if ok { diff --git a/oauthproxy_test.go b/oauthproxy_test.go index 7d1d46b..f53d31e 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -193,9 +193,9 @@ func (pat_test *PassAccessTokenTest) getCallbackEndpoint() (http_code int, } func (pat_test *PassAccessTokenTest) getRootEndpoint(cookie string) (http_code int, access_token string) { - cookie_key := pat_test.proxy.CookieKey + cookieName := pat_test.proxy.CookieName var value string - key_prefix := cookie_key + "=" + key_prefix := cookieName + "=" for _, field := range strings.Split(cookie, "; ") { value = strings.TrimPrefix(field, key_prefix) @@ -214,7 +214,7 @@ func (pat_test *PassAccessTokenTest) getRootEndpoint(cookie string) (http_code i return 0, "" } req.AddCookie(&http.Cookie{ - Name: cookie_key, + Name: cookieName, Value: value, Path: "/", Expires: time.Now().Add(time.Duration(24)), diff --git a/options.go b/options.go index 4218af5..7bf488f 100644 --- a/options.go +++ b/options.go @@ -29,14 +29,13 @@ type Options struct { DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"` CustomTemplatesDir string `flag:"custom-templates-dir" cfg:"custom_templates_dir"` - CookieKey string `flag:"cookie-key" cfg:"cookie_key" env:"OAUTH2_PROXY_COOKIE_KEY"` - CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"OAUTH2_PROXY_COOKIE_SECRET"` - CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"OAUTH2_PROXY_COOKIE_DOMAIN"` - CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"OAUTH2_PROXY_COOKIE_EXPIRE"` - CookieRefresh time.Duration `flag:"cookie-refresh" cfg:"cookie_refresh" env:"OAUTH2_PROXY_COOKIE_REFRESH"` - CookieHttpsOnly bool `flag:"cookie-https-only" cfg:"cookie_https_only"` // deprecated use cookie-secure - CookieSecure bool `flag:"cookie-secure" cfg:"cookie_secure"` - CookieHttpOnly bool `flag:"cookie-httponly" cfg:"cookie_httponly"` + CookieName string `flag:"cookie-name" cfg:"cookie_name" env:"OAUTH2_PROXY_COOKIE_NAME"` + CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"OAUTH2_PROXY_COOKIE_SECRET"` + CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"OAUTH2_PROXY_COOKIE_DOMAIN"` + CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"OAUTH2_PROXY_COOKIE_EXPIRE"` + CookieRefresh time.Duration `flag:"cookie-refresh" cfg:"cookie_refresh" env:"OAUTH2_PROXY_COOKIE_REFRESH"` + CookieSecure bool `flag:"cookie-secure" cfg:"cookie_secure"` + CookieHttpOnly bool `flag:"cookie-httponly" cfg:"cookie_httponly"` Upstreams []string `flag:"upstream" cfg:"upstreams"` SkipAuthRegex []string `flag:"skip-auth-regex" cfg:"skip_auth_regex"` @@ -68,8 +67,7 @@ func NewOptions() *Options { HttpAddress: "127.0.0.1:4180", HttpsAddress: ":443", DisplayHtpasswdForm: true, - CookieKey: "_oauthproxy", - CookieHttpsOnly: true, + CookieName: "_oauth2_proxy", CookieSecure: true, CookieHttpOnly: true, CookieExpire: time.Duration(168) * time.Hour, diff --git a/version.go b/version.go index bbedb5b..3cce96e 100644 --- a/version.go +++ b/version.go @@ -1,3 +1,3 @@ package main -const VERSION = "1.1.1" +const VERSION = "2.0"