Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor getPAT, linting fixes #451

Merged
merged 3 commits into from
Apr 24, 2024
Merged

Refactor getPAT, linting fixes #451

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bce5a26
Update bootstrap in html templates
p53 Apr 22, 2024
e2699b8
Refactor getPAT, linting fixes
p53 Apr 24, 2024
2ce8508
Merge branch 'master' of github.com:gogatekeeper/gatekeeper into upda…
p53 Apr 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions cmd/google/gatekeeper-google.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/*
Copyright 2015 All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package main

import (
"os"

googlecore "github.com/gogatekeeper/gatekeeper/pkg/google/proxy/core"
"github.com/gogatekeeper/gatekeeper/pkg/proxy"
)

func main() {
app := proxy.NewOauthProxyApp(googlecore.Provider)
_ = app.Run(os.Args)
}
3 changes: 2 additions & 1 deletion cmd/gatekeeper-keycloak.go → cmd/keycloak/gatekeeper-keycloak.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,11 @@ package main
import (
"os"

keycloakcore "github.com/gogatekeeper/gatekeeper/pkg/keycloak/proxy/core"
"github.com/gogatekeeper/gatekeeper/pkg/proxy"
)

func main() {
app := proxy.NewOauthProxyApp()
app := proxy.NewOauthProxyApp(keycloakcore.Provider)
_ = app.Run(os.Args)
}
51 changes: 29 additions & 22 deletions e2e/e2e_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"net/http/httptest"
"net/url"
"os"
"strconv"
"strings"
"time"

Expand All @@ -20,6 +21,7 @@ import (

resty "github.com/go-resty/resty/v2"
"github.com/gogatekeeper/gatekeeper/pkg/constant"
keycloakcore "github.com/gogatekeeper/gatekeeper/pkg/keycloak/proxy/core"
"github.com/gogatekeeper/gatekeeper/pkg/proxy"
"github.com/gogatekeeper/gatekeeper/pkg/testsuite"
)
Expand All @@ -34,6 +36,10 @@ const (
umaTestClientSecret = "A5vokiGdI3H2r4aXFrANbKvn4R7cbf6P"
timeout = time.Second * 300
idpURI = "http://localhost:8081"
localURI = "http://localhost:"
logoutURI = "/oauth/logout"
allInterfaces = "0.0.0.0:"
anyURI = "/any"
testUser = "myuser"
testPass = "baba1234"
testPath = "/test"
Expand All @@ -52,13 +58,14 @@ func generateRandomPort() string {
rg := rand.New(rand.NewSource(time.Now().UnixNano()))
min := 1024
max := 65000
return fmt.Sprintf("%d", rg.Intn(max-min+1)+min)
return strconv.Itoa(rg.Intn(max-min+1) + min)
}

func startAndWait(portNum string, osArgs []string) {
go func() {
defer GinkgoRecover()
app := proxy.NewOauthProxyApp()

app := proxy.NewOauthProxyApp(keycloakcore.Provider)
Expect(app.Run(osArgs)).To(Succeed())
}()

Expand Down Expand Up @@ -106,13 +113,13 @@ var _ = Describe("NoRedirects Simple login/logout", func() {
BeforeEach(func() {
server := httptest.NewServer(&testsuite.FakeUpstreamService{})
portNum = generateRandomPort()
proxyAddress = "http://localhost:" + portNum
proxyAddress = localURI + portNum

osArgs := []string{os.Args[0]}
proxyArgs := []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + portNum,
"--listen=" + allInterfaces + portNum,
"--client-id=" + testClient,
"--client-secret=" + testClientSecret,
"--upstream-url=" + server.URL,
Expand Down Expand Up @@ -149,7 +156,7 @@ var _ = Describe("NoRedirects Simple login/logout", func() {
Expect(resp.StatusCode()).To(Equal(http.StatusOK))

request = resty.New().R().SetAuthToken(respToken.AccessToken)
resp, err = request.Get(proxyAddress + "/oauth/logout")
resp, err = request.Get(proxyAddress + logoutURI)
Expect(err).NotTo(HaveOccurred())
Expect(resp.StatusCode()).To(Equal(http.StatusOK))
},
Expand All @@ -164,13 +171,13 @@ var _ = Describe("Code Flow login/logout", func() {
BeforeEach(func() {
server := httptest.NewServer(&testsuite.FakeUpstreamService{})
portNum = generateRandomPort()
proxyAddress = "http://localhost:" + portNum
proxyAddress = localURI + portNum

osArgs := []string{os.Args[0]}
proxyArgs := []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + portNum,
"--listen=" + allInterfaces + portNum,
"--client-id=" + testClient,
"--client-secret=" + testClientSecret,
"--upstream-url=" + server.URL,
Expand Down Expand Up @@ -215,11 +222,11 @@ var _ = Describe("Code Flow login/logout", func() {

By("wait for access token expiration")
time.Sleep(32 * time.Second)
resp, err = rClient.R().Get(proxyAddress + "/any")
resp, err = rClient.R().Get(proxyAddress + anyURI)
Expect(err).NotTo(HaveOccurred())
Expect(resp.Header().Get("Proxy-Accepted")).To(Equal("true"))
body = resp.Body()
Expect(strings.Contains(string(body), "/any")).To(BeTrue())
Expect(strings.Contains(string(body), anyURI)).To(BeTrue())
Expect(resp.StatusCode()).To(Equal(http.StatusOK))
Expect(err).NotTo(HaveOccurred())
cookiesAfterRefresh := rClient.GetClient().Jar.Cookies(jarURI)
Expand All @@ -235,15 +242,15 @@ var _ = Describe("Code Flow login/logout", func() {
Expect(accessCookieLogin).NotTo(Equal(accessCookieAfterRefresh))

By("make another request with new access token")
resp, err = rClient.R().Get(proxyAddress + "/any")
resp, err = rClient.R().Get(proxyAddress + anyURI)
Expect(err).NotTo(HaveOccurred())
Expect(resp.Header().Get("Proxy-Accepted")).To(Equal("true"))
body = resp.Body()
Expect(strings.Contains(string(body), "/any")).To(BeTrue())
Expect(strings.Contains(string(body), anyURI)).To(BeTrue())
Expect(resp.StatusCode()).To(Equal(http.StatusOK))

By("log out")
resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
resp, err = rClient.R().Get(proxyAddress + logoutURI)
Expect(err).NotTo(HaveOccurred())
Expect(resp.StatusCode()).To(Equal(http.StatusOK))

Expand Down Expand Up @@ -285,13 +292,13 @@ var _ = Describe("Code Flow login/logout", func() {
rClient.GetClient().Jar.SetCookies(jarURI, cookiesLogin)

By("make another request with forged access token")
resp, err = rClient.R().Get(proxyAddress + "/any")
resp, err = rClient.R().Get(proxyAddress + anyURI)
Expect(err).NotTo(HaveOccurred())
Expect(strings.Contains(string(body), "/any")).To(BeFalse())
Expect(strings.Contains(string(body), anyURI)).To(BeFalse())
Expect(resp.StatusCode()).To(Equal(http.StatusForbidden))

By("log out")
resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
resp, err = rClient.R().Get(proxyAddress + logoutURI)
Expect(err).NotTo(HaveOccurred())
Expect(resp.StatusCode()).To(Equal(http.StatusForbidden))
},
Expand All @@ -306,12 +313,12 @@ var _ = Describe("Code Flow PKCE login/logout", func() {
BeforeEach(func() {
server := httptest.NewServer(&testsuite.FakeUpstreamService{})
portNum = generateRandomPort()
proxyAddress = "http://localhost:" + portNum
proxyAddress = localURI + portNum
osArgs := []string{os.Args[0]}
proxyArgs := []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + portNum,
"--listen=" + allInterfaces + portNum,
"--client-id=" + pkceTestClient,
"--client-secret=" + pkceTestClientSecret,
"--upstream-url=" + server.URL,
Expand Down Expand Up @@ -341,7 +348,7 @@ var _ = Describe("Code Flow PKCE login/logout", func() {
body := resp.Body()
Expect(strings.Contains(string(body), pkceCookieName)).To(BeTrue())

resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
resp, err = rClient.R().Get(proxyAddress + logoutURI)
Expect(err).NotTo(HaveOccurred())
Expect(resp.StatusCode()).To(Equal(http.StatusOK))

Expand All @@ -367,7 +374,7 @@ var _ = Describe("Code Flow login/logout with session check", func() {
proxyArgs := []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + portNum,
"--listen=" + allInterfaces + portNum,
"--client-id=" + testClient,
"--client-secret=" + testClientSecret,
"--upstream-url=" + server.URL,
Expand All @@ -386,12 +393,12 @@ var _ = Describe("Code Flow login/logout with session check", func() {
startAndWait(portNum, osArgs)

portNum = generateRandomPort()
proxyAddressSec = "http://localhost:" + portNum
proxyAddressSec = localURI + portNum
osArgs = []string{os.Args[0]}
proxyArgs = []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + portNum,
"--listen=" + allInterfaces + portNum,
"--client-id=" + pkceTestClient,
"--client-secret=" + pkceTestClientSecret,
"--upstream-url=" + server.URL,
Expand Down Expand Up @@ -433,7 +440,7 @@ var _ = Describe("Code Flow login/logout with session check", func() {
Expect(strings.Contains(string(body), testPath)).To(BeTrue())

By("Logout user on first client")
resp, err = rClient.R().Get(proxyAddressFirst + "/oauth/logout")
resp, err = rClient.R().Get(proxyAddressFirst + logoutURI)
Expect(err).NotTo(HaveOccurred())
Expect(resp.StatusCode()).To(Equal(http.StatusOK))

Expand Down
34 changes: 17 additions & 17 deletions e2e/e2e_uma_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,12 @@ var _ = Describe("UMA Code Flow authorization", func() {
BeforeEach(func() {
server := httptest.NewServer(&testsuite.FakeUpstreamService{})
portNum = generateRandomPort()
proxyAddress = "http://localhost:" + portNum
proxyAddress = localURI + portNum
osArgs := []string{os.Args[0]}
proxyArgs := []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + portNum,
"--listen=" + allInterfaces + portNum,
"--client-id=" + umaTestClient,
"--client-secret=" + umaTestClientSecret,
"--upstream-url=" + server.URL,
Expand Down Expand Up @@ -63,7 +63,7 @@ var _ = Describe("UMA Code Flow authorization", func() {
Expect(resp.StatusCode()).To(Equal(http.StatusForbidden))
Expect(strings.Contains(string(body), umaCookieName)).To(BeFalse())

resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
resp, err = rClient.R().Get(proxyAddress + logoutURI)
Expect(err).NotTo(HaveOccurred())
Expect(resp.StatusCode()).To(Equal(http.StatusOK))

Expand Down Expand Up @@ -117,12 +117,12 @@ var _ = Describe("UMA Code Flow authorization with method scope", func() {
BeforeEach(func() {
server := httptest.NewServer(&testsuite.FakeUpstreamService{})
portNum = generateRandomPort()
proxyAddress = "http://localhost:" + portNum
proxyAddress = localURI + portNum
osArgs := []string{os.Args[0]}
proxyArgs := []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + portNum,
"--listen=" + allInterfaces + portNum,
"--client-id=" + umaTestClient,
"--client-secret=" + umaTestClientSecret,
"--upstream-url=" + server.URL,
Expand Down Expand Up @@ -159,7 +159,7 @@ var _ = Describe("UMA Code Flow authorization with method scope", func() {
Expect(resp.StatusCode()).To(Equal(http.StatusForbidden))
Expect(strings.Contains(string(body), umaCookieName)).To(BeFalse())

resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
resp, err = rClient.R().Get(proxyAddress + logoutURI)
Expect(err).NotTo(HaveOccurred())
Expect(resp.StatusCode()).To(Equal(http.StatusOK))

Expand All @@ -180,14 +180,14 @@ var _ = Describe("UMA no-redirects authorization with forwarding client credenti
server := httptest.NewServer(&testsuite.FakeUpstreamService{})
portNum = generateRandomPort()
fwdPortNum = generateRandomPort()
proxyAddress = "http://localhost:" + portNum
fwdProxyAddress = "http://localhost:" + fwdPortNum
proxyAddress = localURI + portNum
fwdProxyAddress = localURI + fwdPortNum
osArgs := []string{os.Args[0]}
fwdOsArgs := []string{os.Args[0]}
proxyArgs := []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + portNum,
"--listen=" + allInterfaces + portNum,
"--client-id=" + umaTestClient,
"--client-secret=" + umaTestClientSecret,
"--upstream-url=" + server.URL,
Expand All @@ -203,7 +203,7 @@ var _ = Describe("UMA no-redirects authorization with forwarding client credenti
fwdProxyArgs := []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + fwdPortNum,
"--listen=" + allInterfaces + fwdPortNum,
"--client-id=" + testClient,
"--client-secret=" + testClientSecret,
"--enable-uma=true",
Expand Down Expand Up @@ -260,14 +260,14 @@ var _ = Describe("UMA no-redirects authorization with forwarding direct access g
server := httptest.NewServer(&testsuite.FakeUpstreamService{})
portNum = generateRandomPort()
fwdPortNum = generateRandomPort()
proxyAddress = "http://localhost:" + portNum
fwdProxyAddress = "http://localhost:" + fwdPortNum
proxyAddress = localURI + portNum
fwdProxyAddress = localURI + fwdPortNum
osArgs := []string{os.Args[0]}
fwdOsArgs := []string{os.Args[0]}
proxyArgs := []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + portNum,
"--listen=" + allInterfaces + portNum,
"--client-id=" + umaTestClient,
"--client-secret=" + umaTestClientSecret,
"--upstream-url=" + server.URL,
Expand All @@ -284,7 +284,7 @@ var _ = Describe("UMA no-redirects authorization with forwarding direct access g
fwdProxyArgs := []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + fwdPortNum,
"--listen=" + allInterfaces + fwdPortNum,
"--client-id=" + testClient,
"--client-secret=" + testClientSecret,
"--forwarding-username=" + testUser,
Expand Down Expand Up @@ -356,12 +356,12 @@ var _ = Describe("UMA Code Flow, NOPROXY authorization with method scope", func(

BeforeEach(func() {
portNum = generateRandomPort()
proxyAddress = "http://localhost:" + portNum
proxyAddress = localURI + portNum
osArgs := []string{os.Args[0]}
proxyArgs := []string{
"--discovery-url=" + idpRealmURI,
"--openid-provider-timeout=120s",
"--listen=" + "0.0.0.0:" + portNum,
"--listen=" + allInterfaces + portNum,
"--client-id=" + umaTestClient,
"--client-secret=" + umaTestClientSecret,
"--no-redirects=false",
Expand Down Expand Up @@ -394,7 +394,7 @@ var _ = Describe("UMA Code Flow, NOPROXY authorization with method scope", func(
resp := codeFlowLogin(rClient, proxyAddress, http.StatusOK)
Expect(resp.Header().Get(constant.AuthorizationHeader)).ToNot(BeEmpty())

resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
resp, err = rClient.R().Get(proxyAddress + logoutURI)
Expect(err).NotTo(HaveOccurred())
Expect(resp.StatusCode()).To(Equal(http.StatusOK))

Expand Down
3 changes: 2 additions & 1 deletion pkg/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,10 @@ import (
"github.com/gogatekeeper/gatekeeper/pkg/config/core"
googleconfig "github.com/gogatekeeper/gatekeeper/pkg/google/config"
keycloakconfig "github.com/gogatekeeper/gatekeeper/pkg/keycloak/config"
proxycore "github.com/gogatekeeper/gatekeeper/pkg/proxy/core"
)

func ProduceConfig(provider string) core.Configs {
func ProduceConfig[T proxycore.KeycloakProvider | proxycore.GoogleProvider](provider T) core.Configs {
switch provider {
case "keycloak":
return keycloakconfig.NewDefaultConfig()
Expand Down
Loading
Loading