Commit Graph

136 Commits

Author SHA1 Message Date
Mike Bland
2808ba7beb Update cookie-refresh doc string 2015-05-11 09:55:07 -04:00
Mike Bland
37f287bef4 Calculate cookie expiration from encoded timestamp
Found out the hard way that _incoming_ cookies do _not_ have their expiration
timestamps encoded. To perform auto-refresh based on expiration time, we have
to recalculate it from the time encoded in the cookie value.
2015-05-10 00:11:26 -04:00
Mike Bland
41b21dd0b1 Enforce that cookie_refresh < cookie_expire 2015-05-09 17:37:33 -04:00
Mike Bland
8ec967ac32 Check cookie_secret size when cookie_refresh set 2015-05-09 17:37:33 -04:00
Mike Bland
082b7c0ec8 Set cookie-refresh flag = 0; update README, config 2015-05-09 17:36:17 -04:00
Mike Bland
84190ab19a Validate user during cookie refresh 2015-05-09 16:54:27 -04:00
Mike Bland
610341a068 Make ProcessCookie() fail when cookie parse fails 2015-05-09 16:54:27 -04:00
Mike Bland
bd4eae8fec Store access token when cookie-refresh is set
cookie-refresh now no longer requires pass-access-token in order to work.
2015-05-09 16:54:27 -04:00
Mike Bland
b6e07d51b2 Validate access_token when auto-refreshing cookie 2015-05-09 15:09:31 -04:00
Mike Bland
25372567ac ValidateToken() to check access_token validity 2015-05-09 13:17:37 -04:00
Mike Bland
72857018ee Introduce validate-url flag/config 2015-05-08 17:13:35 -04:00
Mike Bland
8e2d83600c Implement cookie auto-refresh
The intention is to refresh the cookie whenever the user accesses an
authenticated service with less than `cookie-refresh` time to go before the
cookie expires.
2015-05-08 14:05:09 -04:00
Mike Bland
5cbdb74518 Add ProcessCookie() test 2015-05-08 14:05:09 -04:00
Mike Bland
f554f99abd Ensure all errors are logged in ProcessCookie() 2015-05-08 14:05:09 -04:00
Mike Bland
beed9fb9a2 Extract MakeCookie() 2015-05-08 14:05:09 -04:00
Mike Bland
1bd90cefe7 Extract ProcessCookie() from ServeHTTP() 2015-05-08 12:41:22 -04:00
Jehiah Czebotar
26170c56af Merge pull request #84 from balshor/master
Add LinkedIn provider
2015-04-17 23:40:23 -04:00
Darren Lee
5bc77b0ee8 LinkedIn OAuth support. 2015-04-17 17:35:40 -07:00
Jehiah Czebotar
78e080ec46 Merge pull request #83 from 18F/case-insensitive-comparisons
Make address/domain comparisons case-insensitive
2015-04-17 20:01:47 -04:00
Mike Bland
781f34e817 Make address/domain comparisons case-insensitive 2015-04-07 17:25:46 -04:00
Jehiah Czebotar
9534808a0d Merge pull request #81 from 18F/access-token-refactor
Refactor pass_access_token changes from #80
2015-04-07 16:48:07 -04:00
Mike Bland
83ad43a571 Make proper PassAccessTokenTest methods 2015-04-07 10:11:35 -04:00
Mike Bland
9887ac3be5 Refactor cookie building and parsing
Extracts buildCookieValue() and parseCookieValue() from OauthProxy.ServeHTTP()
and adds tests for both.
2015-04-07 05:53:41 -04:00
Mike Bland
cf79fd9e4c Refactor pass_access_token+cookie_secret check
Moves the check from NewOauthProxy() to Options.Validate() and adds a test.
2015-04-07 05:53:40 -04:00
Mike Bland
ca32394c6f Add vim .swp files to gitignore 2015-04-07 05:53:40 -04:00
Jehiah Czebotar
b0f0409f2b Merge pull request #82 from 18F/sign-in-redirect
Redirect to / when /oauth2/sign_in accessed
2015-04-06 23:20:26 -04:00
Mike Bland
5f747bb768 Redirect to / when /oauth2/sign_in accessed
Without this change, clicking the sign-in button on /oauth2/sign_in will
always redirect back to /oauth2/sign_in, essentially creating an infinite
loop.
2015-04-06 22:10:03 -04:00
Jehiah Czebotar
864d4787e9 Merge pull request #80 from 18F/pass-access-token
Pass the access token to the upstream server
2015-04-03 15:45:22 -04:00
Mike Bland
ad3c9a886f Pass the access token to the upstream client
This is accomplished by encoding the access_token in the auth cookie and
unpacking it as the X-Forwarded-Access-Token header for upstream requests.
2015-04-03 15:32:01 -04:00
Mike Bland
a9837f90aa Ensure TestNewReverseProxy() passes when offline
This reflects the apparent intent of TestNewReverseProxy(). Without this
change, the test will fail when run without an Internet connection.
2015-04-02 21:38:48 -04:00
Jehiah Czebotar
66d4d72d2e Merge pull request #79 from 18F/add-myusa-provider
Add myusa provider
2015-03-31 15:59:11 -04:00
Mike Bland
291a0b76b9 Add alternate provider information to README 2015-03-31 15:31:22 -04:00
Mike Bland
59c3ba40f6 Add MyUSA provider 2015-03-31 15:17:17 -04:00
Jehiah Czebotar
243dbb77fb Merge pull request #78 from 18F/generalize-templates
Add ProviderName field; use in sign_in template
2015-03-31 13:21:03 -04:00
Mike Bland
666e6ad436 Add ProviderName field; use in sign_in template 2015-03-31 12:59:07 -04:00
Jehiah Czebotar
0136ab01fd Merge pull request #77 from 18F/extract-providers-package
Extract providers package
2015-03-31 10:22:52 -04:00
Mike Bland
d9a945ebc3 Integrate Provider into Options and OauthProxy 2015-03-31 09:34:50 -04:00
Mike Bland
e2931da853 Create providers package with Google default 2015-03-31 09:34:50 -04:00
Jehiah Czebotar
41044ecac0 Merge pull request #76 from 18F/extract-api-package
Extract api package
2015-03-30 22:47:16 -04:00
Mike Bland
45286af4a4 s/18F/bitly/ in import path 2015-03-30 11:42:37 -04:00
Mike Bland
9d8f932797 Extract api package
This is the first step towards genericizing the google_auth_proxy to support
OAuth2 providers other than Google as discussed in #65. The `api` package will
enable multiple providers to use the same `api.Request()` implementation.
2015-03-30 10:23:30 -04:00
Jehiah Czebotar
fd74eae9c3 tag 1.1.1 2015-03-23 09:19:24 -04:00
Jehiah Czebotar
e1f4941522 Merge pull request #74 from jehiah/request_path_74
request path contains full URL
2015-03-22 07:56:05 -04:00
Jehiah Czebotar
16f2c981f3 fix upstream request path 2015-03-21 15:29:07 -04:00
Jehiah Czebotar
736ec2aa9f Merge pull request #56 from jehiah/release_56
Cut a new release
2015-03-19 23:03:16 -04:00
Jehiah Czebotar
6b771fdd9e show Go version 2015-03-19 23:03:00 -04:00
Jehiah Czebotar
8751f48a4c bump to version 1.1 2015-03-19 22:36:04 -04:00
Jehiah Czebotar
eb67be7ea0 Merge pull request #73 from jehiah/logging_73
Request Logging:
2015-03-19 22:35:45 -04:00
Jehiah Czebotar
b9b5e817fc improve request logging (closer to Apache Common Log) 2015-03-19 22:34:01 -04:00
Jehiah Czebotar
c0160c1e4c Merge pull request #72 from jehiah/cookie_fixes_72
clear cookie fix
2015-03-19 16:18:50 -04:00