Commit Graph

121 Commits

Author SHA1 Message Date
Mike Bland
ca91b5eddd Reload authenticated-emails-file upon update
This change extracts the UserMap class from NewValidator() so that its
LoadAuthenticatedEmailsFile() method can be called concurrently. This method
is called by a goroutine containing a fsnotify.Watcher watching the
authenticated emails file.

Watching isn't forever aborted when the authenticated emails file disappears.
The goroutine will call os.Stat() up to twenty times a second if the file is
persistently missing, but that's the pathological case, not the common one.

The common case is that some editors (including Vim) will perform a
rename-and-replace when updating a file, triggering fsnotify.Rename events,
and the file will temporarily disappear. This watcher goroutine handles that
case.

Also, on some platforms (notably Arch Linux), a remove will be preceded by a
fsnotify.Chmod, causing a race between the upcoming fsnotify.Remove and the
call to UserMap.LoadAuthenticatedEmailsFile(). Hence, we treat fsnotify.Chmod
the same as fsnotify.Remove and fsnotify.Rename. There's no significant
penalty to re-adding a file to the watcher.

Also contains the following small changes from the summary of commits below:

- Minor optimization of email domain search
- Fixed api_test.go on Windows
- Add deferred File.Close() calls where needed
- Log error and return if emails file doesn't parse

These are the original commits from #89 squashed into this one:

0c6f2b6 Refactor validator_test to prepare for more tests
e0c792b Add more test cases to validator_test
a9a9d93 Minor optimization of email domain search
b763ea5 Extract LoadAuthenticatedEmailsFile()
8cdaf7f Introduce synchronized UserMap type
1b84eef Add UserMap methods, locking
af15dcf Reload authenticated-emails-file upon update
6d95548 Make UserMap operations lock-free
        Per:
        - http://stackoverflow.com/questions/21447463/is-assigning-a-pointer-atomic-in-golang
        - https://groups.google.com/forum/#!msg/golang-nuts/ueSvaEKgyLY/ZW_74IC4PekJ
75755d5 Fix tests on Windows
d0eab2e Ignore email file watcher Chmod events
0b9798b Fix watcher on Ubuntu 12.04
3a8251a WaitForReplacement() to retry emails file watch
a57fd29 Add deferred File.Close() calls where needed
        Because correctness: Don't leak file handles anywhere, and prepare for
        future panics and early returns.
52ed3fd Log error and return if emails file doesn't parse
40100d4 Add gopkg.in/fsnotify.v1 dependency to Godeps file
17dfbbc Avoid a race when Remove is preceded by Chmod
2015-05-12 10:39:18 -04:00
Jehiah Czebotar
26170c56af Merge pull request #84 from balshor/master
Add LinkedIn provider
2015-04-17 23:40:23 -04:00
Darren Lee
5bc77b0ee8 LinkedIn OAuth support. 2015-04-17 17:35:40 -07:00
Jehiah Czebotar
78e080ec46 Merge pull request #83 from 18F/case-insensitive-comparisons
Make address/domain comparisons case-insensitive
2015-04-17 20:01:47 -04:00
Mike Bland
781f34e817 Make address/domain comparisons case-insensitive 2015-04-07 17:25:46 -04:00
Jehiah Czebotar
9534808a0d Merge pull request #81 from 18F/access-token-refactor
Refactor pass_access_token changes from #80
2015-04-07 16:48:07 -04:00
Mike Bland
83ad43a571 Make proper PassAccessTokenTest methods 2015-04-07 10:11:35 -04:00
Mike Bland
9887ac3be5 Refactor cookie building and parsing
Extracts buildCookieValue() and parseCookieValue() from OauthProxy.ServeHTTP()
and adds tests for both.
2015-04-07 05:53:41 -04:00
Mike Bland
cf79fd9e4c Refactor pass_access_token+cookie_secret check
Moves the check from NewOauthProxy() to Options.Validate() and adds a test.
2015-04-07 05:53:40 -04:00
Mike Bland
ca32394c6f Add vim .swp files to gitignore 2015-04-07 05:53:40 -04:00
Jehiah Czebotar
b0f0409f2b Merge pull request #82 from 18F/sign-in-redirect
Redirect to / when /oauth2/sign_in accessed
2015-04-06 23:20:26 -04:00
Mike Bland
5f747bb768 Redirect to / when /oauth2/sign_in accessed
Without this change, clicking the sign-in button on /oauth2/sign_in will
always redirect back to /oauth2/sign_in, essentially creating an infinite
loop.
2015-04-06 22:10:03 -04:00
Jehiah Czebotar
864d4787e9 Merge pull request #80 from 18F/pass-access-token
Pass the access token to the upstream server
2015-04-03 15:45:22 -04:00
Mike Bland
ad3c9a886f Pass the access token to the upstream client
This is accomplished by encoding the access_token in the auth cookie and
unpacking it as the X-Forwarded-Access-Token header for upstream requests.
2015-04-03 15:32:01 -04:00
Mike Bland
a9837f90aa Ensure TestNewReverseProxy() passes when offline
This reflects the apparent intent of TestNewReverseProxy(). Without this
change, the test will fail when run without an Internet connection.
2015-04-02 21:38:48 -04:00
Jehiah Czebotar
66d4d72d2e Merge pull request #79 from 18F/add-myusa-provider
Add myusa provider
2015-03-31 15:59:11 -04:00
Mike Bland
291a0b76b9 Add alternate provider information to README 2015-03-31 15:31:22 -04:00
Mike Bland
59c3ba40f6 Add MyUSA provider 2015-03-31 15:17:17 -04:00
Jehiah Czebotar
243dbb77fb Merge pull request #78 from 18F/generalize-templates
Add ProviderName field; use in sign_in template
2015-03-31 13:21:03 -04:00
Mike Bland
666e6ad436 Add ProviderName field; use in sign_in template 2015-03-31 12:59:07 -04:00
Jehiah Czebotar
0136ab01fd Merge pull request #77 from 18F/extract-providers-package
Extract providers package
2015-03-31 10:22:52 -04:00
Mike Bland
d9a945ebc3 Integrate Provider into Options and OauthProxy 2015-03-31 09:34:50 -04:00
Mike Bland
e2931da853 Create providers package with Google default 2015-03-31 09:34:50 -04:00
Jehiah Czebotar
41044ecac0 Merge pull request #76 from 18F/extract-api-package
Extract api package
2015-03-30 22:47:16 -04:00
Mike Bland
45286af4a4 s/18F/bitly/ in import path 2015-03-30 11:42:37 -04:00
Mike Bland
9d8f932797 Extract api package
This is the first step towards genericizing the google_auth_proxy to support
OAuth2 providers other than Google as discussed in #65. The `api` package will
enable multiple providers to use the same `api.Request()` implementation.
2015-03-30 10:23:30 -04:00
Jehiah Czebotar
fd74eae9c3 tag 1.1.1 2015-03-23 09:19:24 -04:00
Jehiah Czebotar
e1f4941522 Merge pull request #74 from jehiah/request_path_74
request path contains full URL
2015-03-22 07:56:05 -04:00
Jehiah Czebotar
16f2c981f3 fix upstream request path 2015-03-21 15:29:07 -04:00
Jehiah Czebotar
736ec2aa9f Merge pull request #56 from jehiah/release_56
Cut a new release
2015-03-19 23:03:16 -04:00
Jehiah Czebotar
6b771fdd9e show Go version 2015-03-19 23:03:00 -04:00
Jehiah Czebotar
8751f48a4c bump to version 1.1 2015-03-19 22:36:04 -04:00
Jehiah Czebotar
eb67be7ea0 Merge pull request #73 from jehiah/logging_73
Request Logging:
2015-03-19 22:35:45 -04:00
Jehiah Czebotar
b9b5e817fc improve request logging (closer to Apache Common Log) 2015-03-19 22:34:01 -04:00
Jehiah Czebotar
c0160c1e4c Merge pull request #72 from jehiah/cookie_fixes_72
clear cookie fix
2015-03-19 16:18:50 -04:00
Jehiah Czebotar
07c74f55c6 improve handling of cookie domains 2015-03-19 16:18:02 -04:00
Jehiah Czebotar
d5169f92f7 Merge pull request #71 from jehiah/cookie_secure_flag_71
Rename flag to set secure (https) cookies
2015-03-19 14:49:11 -04:00
Jehiah Czebotar
de04e0c519 rename cookie secure flag 2015-03-19 14:08:17 -04:00
Jehiah Czebotar
e67f2d5944 Merge pull request #69 from jehiah/default_redirect_url_69
make redirect-uri optional
2015-03-19 14:04:05 -04:00
Jehiah Czebotar
ebae065b11 make redirect_uri optional 2015-03-19 14:03:05 -04:00
Jehiah Czebotar
748247dde1 Merge pull request #17 from jehiah/encoded_slashes_17
Encoded slashes are expanded by the proxy
2015-03-19 14:01:56 -04:00
Jehiah Czebotar
71ae70834d pass raw unencoded request URI upstream 2015-03-19 13:18:49 -04:00
Jehiah Czebotar
85e025db25 Merge pull request #70 from jehiah/templates_dir_70
Custom Sign In Template Support
2015-03-17 23:18:00 -04:00
Jehiah Czebotar
2b2324e410 support (optional) custom templates 2015-03-17 18:11:58 -04:00
Jehiah Czebotar
b2dfbd8564 Merge pull request #68 from jehiah/upstream_host_header_68
Proxied requests use the upstream Host as Host Header
2015-03-17 16:03:53 -04:00
Jehiah Czebotar
a162ee809e bump travis Go versions 2015-03-17 16:02:21 -04:00
Jehiah Czebotar
263e16eeea add --proxy-host-header option 2015-03-17 15:53:01 -04:00
John Boxall
24ef555547 Requests are proxied to the Host specified by the target. 2015-03-17 15:04:27 -04:00
John Boxall
20a152261c Adds failing test for using upstream Host header. 2015-03-17 15:04:27 -04:00
Jehiah Czebotar
ade9502dd2 Merge pull request #66 from 18F/enforce-cookie-secret
Catch more options errors at once; add test
2015-03-16 23:03:11 -04:00