meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

v2.0 & cleanup changes

Browse Source 
* bump version to 2.0
* remove --cookie-https-only option
* add windows build to dist.sh
* rename --cookie-key to --cookie-name
This commit is contained in:
Jehiah Czebotar 2015-06-07 23:52:28 -04:00
parent 1946739e98
commit d78aa13464
9 changed files with 27 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.travis.yml
View File

@ -3,10 +3,11 @@ go:
- 1.3.3 - 1.3.3
- 1.4.2 - 1.4.2
script: script:
- curl -s https://raw.githubusercontent.com/pote/gpm/v1.3.1/bin/gpm > gpm - curl -s https://raw.githubusercontent.com/pote/gpm/v1.3.2/bin/gpm > gpm
- chmod +x gpm - chmod +x gpm
- ./gpm install - ./gpm install
- ./test.sh - ./test.sh
sudo: false
notifications: notifications:
email: false email: false

5
README.md
View File

@ -17,7 +17,7 @@ to validate accounts by email, domain or group.
## Installation ## Installation
1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v1.1.1`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin` 1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.0`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin`
2. Select a Provider and Register an OAuth Application with a Provider 2. Select a Provider and Register an OAuth Application with a Provider
3. Configure OAuth2 Proxy using config file, command line options, or environment variables 3. Configure OAuth2 Proxy using config file, command line options, or environment variables
4. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx) 4. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
@ -99,8 +99,7 @@ Usage of oauth2_proxy:
-cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)* -cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)*
-cookie-expire=168h0m0s: expire timeframe for cookie -cookie-expire=168h0m0s: expire timeframe for cookie
-cookie-httponly=true: set HttpOnly cookie flag -cookie-httponly=true: set HttpOnly cookie flag
-cookie-https-only=true: set secure (HTTPS) cookies (deprecated. use --cookie-secure setting) -cookie-key="_oauth2_proxy": the name of the cookie that the oauth_proxy creates
-cookie-key="_oauth2proxy": the name of the cookie that the oauth_proxy creates
-cookie-refresh=0: refresh the cookie when less than this much time remains before expiration; 0 to disable -cookie-refresh=0: refresh the cookie when less than this much time remains before expiration; 0 to disable
-cookie-secret="": the seed string for secure cookies -cookie-secret="": the seed string for secure cookies
-cookie-secure=true: set secure (HTTPS) cookie flag -cookie-secure=true: set secure (HTTPS) cookie flag

4
contrib/oauth2_proxy.cfg.example
View File

@ -54,7 +54,7 @@
# custom_templates_dir = "" # custom_templates_dir = ""
## Cookie Settings ## Cookie Settings
## Key - the cookie name ## Name - the cookie name
## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes ## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes
## for use with an AES cipher when cookie_refresh or pass_access_token ## for use with an AES cipher when cookie_refresh or pass_access_token
## is set ## is set
@ -65,7 +65,7 @@
## Refresh revalidated the OAuth token to ensure it is still valid. ie: 24h ## Refresh revalidated the OAuth token to ensure it is still valid. ie: 24h
## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended) ## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended)
## HttpOnly - httponly cookies are not readable by javascript (recommended) ## HttpOnly - httponly cookies are not readable by javascript (recommended)
# cookie_key = "_oauth2proxy" # cookie_name = "_oauth2_proxy"
# cookie_secret = "" # cookie_secret = ""
# cookie_domain = "" # cookie_domain = ""
# cookie_expire = "168h" # cookie_expire = "168h"

2
dist.sh
View File

@ -18,7 +18,7 @@ goversion=$(go version | awk '{print $3}')
echo "... running tests" echo "... running tests"
./test.sh || exit 1 ./test.sh || exit 1
for os in linux darwin; do for os in windows linux darwin; do
echo "... building v$version for $os/$arch" echo "... building v$version for $os/$arch"
BUILD=$(mktemp -d -t oauth2_proxy) BUILD=$(mktemp -d -t oauth2_proxy)
TARGET="oauth2_proxy-$version.$os-$arch.$goversion" TARGET="oauth2_proxy-$version.$os-$arch.$goversion"

5
main.go
View File

@ -46,12 +46,11 @@ func main() {
flagSet.String("custom-templates-dir", "", "path to custom html templates") flagSet.String("custom-templates-dir", "", "path to custom html templates")
flagSet.String("proxy-prefix", "/oauth2", "the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in)") flagSet.String("proxy-prefix", "/oauth2", "the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in)")
flagSet.String("cookie-key", "_oauth2proxy", "the name of the cookie that the oauth_proxy creates") flagSet.String("cookie-name", "_oauth2_proxy", "the name of the cookie that the oauth_proxy creates")
flagSet.String("cookie-secret", "", "the seed string for secure cookies") flagSet.String("cookie-secret", "", "the seed string for secure cookies")
flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*") flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*")
flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie") flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie")
flagSet.Duration("cookie-refresh", time.Duration(0)*time.Hour, "refresh the cookie when less than this much time remains before expiration; 0 to disable") flagSet.Duration("cookie-refresh", time.Duration(0), "refresh the cookie when less than this much time remains before expiration; 0 to disable")
flagSet.Bool("cookie-https-only", true, "set secure (HTTPS) cookies (deprecated. use --cookie-secure setting)")
flagSet.Bool("cookie-secure", true, "set secure (HTTPS) cookie flag") flagSet.Bool("cookie-secure", true, "set secure (HTTPS) cookie flag")
flagSet.Bool("cookie-httponly", true, "set HttpOnly cookie flag") flagSet.Bool("cookie-httponly", true, "set HttpOnly cookie flag")

16
oauthproxy.go
View File

@ -21,7 +21,7 @@ import (
type OauthProxy struct { type OauthProxy struct {
CookieSeed string CookieSeed string
CookieKey string CookieName string
CookieDomain string CookieDomain string
CookieSecure bool CookieSecure bool
CookieHttpOnly bool CookieHttpOnly bool
@ -109,12 +109,8 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
if domain == "" { if domain == "" {
domain = "<default>" domain = "<default>"
} }
if !opts.CookieHttpsOnly {
log.Printf("Warning: cookie-https-only setting is deprecated and will be removed in a future version. use cookie-secure")
opts.CookieSecure = opts.CookieHttpsOnly
}
log.Printf("Cookie settings: name:%s secure (https):%v httponly:%v expiry:%s domain:%s", opts.CookieKey, opts.CookieSecure, opts.CookieHttpOnly, opts.CookieExpire, domain) log.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s", opts.CookieName, opts.CookieSecure, opts.CookieHttpOnly, opts.CookieExpire, domain)
var aes_cipher cipher.Block var aes_cipher cipher.Block
if opts.PassAccessToken || (opts.CookieRefresh != time.Duration(0)) { if opts.PassAccessToken || (opts.CookieRefresh != time.Duration(0)) {
@ -127,7 +123,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
} }
return &OauthProxy{ return &OauthProxy{
CookieKey: opts.CookieKey, CookieName: opts.CookieName,
CookieSeed: opts.CookieSecret, CookieSeed: opts.CookieSecret,
CookieDomain: opts.CookieDomain, CookieDomain: opts.CookieDomain,
CookieSecure: opts.CookieSecure, CookieSecure: opts.CookieSecure,
@ -208,11 +204,11 @@ func (p *OauthProxy) MakeCookie(req *http.Request, value string, expiration time
} }
if value != "" { if value != "" {
value = signedCookieValue(p.CookieSeed, p.CookieKey, value) value = signedCookieValue(p.CookieSeed, p.CookieName, value)
} }
return &http.Cookie{ return &http.Cookie{
Name: p.CookieKey, Name: p.CookieName,
Value: value, Value: value,
Path: "/", Path: "/",
Domain: domain, Domain: domain,
@ -233,7 +229,7 @@ func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val st
func (p *OauthProxy) ProcessCookie(rw http.ResponseWriter, req *http.Request) (email, user, access_token string, ok bool) { func (p *OauthProxy) ProcessCookie(rw http.ResponseWriter, req *http.Request) (email, user, access_token string, ok bool) {
var value string var value string
var timestamp time.Time var timestamp time.Time
cookie, err := req.Cookie(p.CookieKey) cookie, err := req.Cookie(p.CookieName)
if err == nil { if err == nil {
value, timestamp, ok = validateCookie(cookie, p.CookieSeed) value, timestamp, ok = validateCookie(cookie, p.CookieSeed)
if ok { if ok {

6
oauthproxy_test.go
View File

@ -193,9 +193,9 @@ func (pat_test *PassAccessTokenTest) getCallbackEndpoint() (http_code int,
} }
func (pat_test *PassAccessTokenTest) getRootEndpoint(cookie string) (http_code int, access_token string) { func (pat_test *PassAccessTokenTest) getRootEndpoint(cookie string) (http_code int, access_token string) {
cookie_key := pat_test.proxy.CookieKey cookieName := pat_test.proxy.CookieName
var value string var value string
key_prefix := cookie_key + "=" key_prefix := cookieName + "="
for _, field := range strings.Split(cookie, "; ") { for _, field := range strings.Split(cookie, "; ") {
value = strings.TrimPrefix(field, key_prefix) value = strings.TrimPrefix(field, key_prefix)
@ -214,7 +214,7 @@ func (pat_test *PassAccessTokenTest) getRootEndpoint(cookie string) (http_code i
return 0, "" return 0, ""
} }
req.AddCookie(&http.Cookie{ req.AddCookie(&http.Cookie{
Name: cookie_key, Name: cookieName,
Value: value, Value: value,
Path: "/", Path: "/",
Expires: time.Now().Add(time.Duration(24)), Expires: time.Now().Add(time.Duration(24)),

6
options.go
View File

@ -29,12 +29,11 @@ type Options struct {
DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"` DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
CustomTemplatesDir string `flag:"custom-templates-dir" cfg:"custom_templates_dir"` CustomTemplatesDir string `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
CookieKey string `flag:"cookie-key" cfg:"cookie_key" env:"OAUTH2_PROXY_COOKIE_KEY"` CookieName string `flag:"cookie-name" cfg:"cookie_name" env:"OAUTH2_PROXY_COOKIE_NAME"`
CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"OAUTH2_PROXY_COOKIE_SECRET"` CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"OAUTH2_PROXY_COOKIE_SECRET"`
CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"OAUTH2_PROXY_COOKIE_DOMAIN"` CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"OAUTH2_PROXY_COOKIE_DOMAIN"`
CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"OAUTH2_PROXY_COOKIE_EXPIRE"` CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"OAUTH2_PROXY_COOKIE_EXPIRE"`
CookieRefresh time.Duration `flag:"cookie-refresh" cfg:"cookie_refresh" env:"OAUTH2_PROXY_COOKIE_REFRESH"` CookieRefresh time.Duration `flag:"cookie-refresh" cfg:"cookie_refresh" env:"OAUTH2_PROXY_COOKIE_REFRESH"`
CookieHttpsOnly bool `flag:"cookie-https-only" cfg:"cookie_https_only"` // deprecated use cookie-secure
CookieSecure bool `flag:"cookie-secure" cfg:"cookie_secure"` CookieSecure bool `flag:"cookie-secure" cfg:"cookie_secure"`
CookieHttpOnly bool `flag:"cookie-httponly" cfg:"cookie_httponly"` CookieHttpOnly bool `flag:"cookie-httponly" cfg:"cookie_httponly"`
@ -68,8 +67,7 @@ func NewOptions() *Options {
HttpAddress: "127.0.0.1:4180", HttpAddress: "127.0.0.1:4180",
HttpsAddress: ":443", HttpsAddress: ":443",
DisplayHtpasswdForm: true, DisplayHtpasswdForm: true,
CookieKey: "_oauthproxy", CookieName: "_oauth2_proxy",
CookieHttpsOnly: true,
CookieSecure: true, CookieSecure: true,
CookieHttpOnly: true, CookieHttpOnly: true,
CookieExpire: time.Duration(168) * time.Hour, CookieExpire: time.Duration(168) * time.Hour,

2
version.go
View File

@ -1,3 +1,3 @@
package main package main
const VERSION = "1.1.1" const VERSION = "2.0"