Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework GitLab provider #231

Merged
merged 7 commits into from
Aug 6, 2019
Merged

Rework GitLab provider #231

merged 7 commits into from
Aug 6, 2019

Conversation

Overv
Copy link
Contributor

@Overv Overv commented Aug 1, 2019
edited
Loading

Description

Similar to #137, I've implemented a group membership and email domain check for the GitLab provider. The difference is that I've reimplemented the provider to use OIDC so that group memberships can be retrieved without requiring the whole api scope. Instead it only requires the openid, profile and email scopes (which were already used by default).

It does change how the GitLab provider is used, as it now requires specifying an OIDC issuer URL to reference a custom GitLab instance. This is mentioned in the updated documentation.

Example parameters:

--provider=gitlab
--oidc-issuer-url=https://gitlab.mycompany.com
--gitlab-group=infra

Motivation and Context

It implements features that people have asked for the GitLab provider to support (#228).

How Has This Been Tested?

I've tested the provider with both gitlab.com and a self-hosted GitLab instance, along with a new suite of unit tests.

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • I have created a feature (non-master) branch for my PR.

@Overv Overv requested a review from a team August 1, 2019 15:40
@sc250024
Copy link

sc250024 commented Aug 2, 2019
edited
Loading

@Overv Thanks so much for the PR! I just did some testing with Kubernetes using a Docker image I built locally from your commit b530f18, (find it here: sc250024/oauth2_proxy:b530f18) and it worked like a charm.

I've made some comments regarding the documentation, but here was my setup in case anyone wants to replicate.

values.yaml 

config:
  clientID: <my-client-id>
  clientSecret: <my-client-secret>
  configFile: |
    pass_access_token = true
    pass_authorization_header = true
    pass_basic_auth = false
    pass_user_headers = true
    set_authorization_header = true
  cookieSecret: <my-cookie-secret>
extraArgs:
  cookie-domain: .mydomain.com
  email-domain: '*'
  gitlab-group: mygitlabgroup
  oidc-issuer-url: https://gitlab.com
  provider: gitlab
  upstream: file:///dev/null
  whitelist-domain: .mydomain.com
image:
  pullPolicy: Always
  repository: sc250024/oauth2_proxy
  tag: b530f18
ingress:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: oauth2.mydomain.com
    kubernetes.io/ingress.class: nginx-ingress
    nginx.ingress.kubernetes.io/ingress.class: nginx-ingress
  enabled: true
  hosts:
  - oauth2.mydomain.com
  tls:
  - hosts:
    - oauth2.mydomain.com
    secretName: star-mydomain-com-tls
replicaCount: 2
service:
  port: 8080

Helm command 

$ helm upgrade \
--force \
--install \
--values values.yaml \
--version 0.13.0 \
gitlab-oauth2-test \
stable/oauth2-proxy

Successful deny for non-group member

successful-deny

@sc250024
Copy link

sc250024 commented Aug 2, 2019
edited
Loading

@JoelSpeed Possible to get a quick review on this (no pun intended)? Looks all good. Thank you!

@steakunderscore
Copy link
Contributor

@sc250024 @Overv Any ideas why the tests are failing? I just restarted the travis build and it failed with the same error

@sc250024
Copy link

sc250024 commented Aug 3, 2019
edited
Loading

@steakunderscore I'm not sure what the source of the errors above are, but I've noticed that the tests are behaving inconsistently when ran against a fork of this project.

Tests ran against pusher/oauth2_proxy (PASS) 

$ git remote -v
origin	git@github.com:pusher/oauth2_proxy.git (fetch)
origin	git@github.com:pusher/oauth2_proxy.git (push)

$ git branch
* master

$ git rev-parse --short HEAD
3f219bd

$ ./configure && make test

.env
Checking for make... found
Checking for awk... found
Checking for go... found
Checking go version... 1.12.7
Checking $GOPATH... valid - /Users/scottcrooks/go
Checking for golangci-lint... found

Environment configuration written to .env
GO111MODULE=on "/Users/scottcrooks/go/bin/golangci-lint" run
GO111MODULE=on "/usr/local/bin/go" test -v -race ./...
=== RUN   TestSHA
--- PASS: TestSHA (0.00s)
=== RUN   TestBcrypt
--- PASS: TestBcrypt (2.81s)
=== RUN   TestGCPHealthcheckLiveness
--- PASS: TestGCPHealthcheckLiveness (0.00s)
=== RUN   TestGCPHealthcheckReadiness
--- PASS: TestGCPHealthcheckReadiness (0.00s)
=== RUN   TestGCPHealthcheckNotHealthcheck
--- PASS: TestGCPHealthcheckNotHealthcheck (0.00s)
=== RUN   TestGCPHealthcheckIngress
--- PASS: TestGCPHealthcheckIngress (0.00s)
=== RUN   TestGCPHealthcheckNotIngress
--- PASS: TestGCPHealthcheckNotIngress (0.00s)
=== RUN   TestGCPHealthcheckNotIngressPut
--- PASS: TestGCPHealthcheckNotIngressPut (0.00s)
=== RUN   TestLoggingHandler_ServeHTTP
--- PASS: TestLoggingHandler_ServeHTTP (0.00s)
=== RUN   TestWebSocketProxy
--- PASS: TestWebSocketProxy (0.01s)
=== RUN   TestNewReverseProxy
--- PASS: TestNewReverseProxy (0.00s)
=== RUN   TestEncodedSlashes
--- PASS: TestEncodedSlashes (0.00s)
=== RUN   TestRobotsTxt
--- PASS: TestRobotsTxt (0.00s)
=== RUN   TestIsValidRedirect
--- PASS: TestIsValidRedirect (0.00s)
=== RUN   TestBasicAuthPassword
--- PASS: TestBasicAuthPassword (0.00s)
=== RUN   TestForwardAccessTokenUpstream
--- PASS: TestForwardAccessTokenUpstream (0.00s)
=== RUN   TestDoNotForwardAccessTokenUpstream
--- PASS: TestDoNotForwardAccessTokenUpstream (0.01s)
=== RUN   TestSignInPageIncludesTargetRedirect
--- PASS: TestSignInPageIncludesTargetRedirect (0.00s)
=== RUN   TestSignInPageDirectAccessRedirectsToRoot
--- PASS: TestSignInPageDirectAccessRedirectsToRoot (0.00s)
=== RUN   TestSignInPageSkipProvider
--- PASS: TestSignInPageSkipProvider (0.00s)
=== RUN   TestSignInPageSkipProviderDirect
--- PASS: TestSignInPageSkipProviderDirect (0.00s)
=== RUN   TestLoadCookiedSession
--- PASS: TestLoadCookiedSession (0.00s)
=== RUN   TestProcessCookieNoCookieError
--- PASS: TestProcessCookieNoCookieError (0.00s)
=== RUN   TestProcessCookieRefreshNotSet
--- PASS: TestProcessCookieRefreshNotSet (0.00s)
=== RUN   TestProcessCookieFailIfCookieExpired
--- PASS: TestProcessCookieFailIfCookieExpired (0.00s)
=== RUN   TestProcessCookieFailIfRefreshSetAndCookieExpired
--- PASS: TestProcessCookieFailIfRefreshSetAndCookieExpired (0.00s)
=== RUN   TestAuthOnlyEndpointAccepted
--- PASS: TestAuthOnlyEndpointAccepted (0.00s)
=== RUN   TestAuthOnlyEndpointUnauthorizedOnNoCookieSetError
--- PASS: TestAuthOnlyEndpointUnauthorizedOnNoCookieSetError (0.00s)
=== RUN   TestAuthOnlyEndpointUnauthorizedOnExpiration
--- PASS: TestAuthOnlyEndpointUnauthorizedOnExpiration (0.00s)
=== RUN   TestAuthOnlyEndpointUnauthorizedOnEmailValidationFailure
--- PASS: TestAuthOnlyEndpointUnauthorizedOnEmailValidationFailure (0.00s)
=== RUN   TestAuthOnlyEndpointUnauthorizedOnProviderGroupValidationFailure
--- PASS: TestAuthOnlyEndpointUnauthorizedOnProviderGroupValidationFailure (0.00s)
=== RUN   TestAuthOnlyEndpointSetXAuthRequestHeaders
--- PASS: TestAuthOnlyEndpointSetXAuthRequestHeaders (0.00s)
=== RUN   TestAuthSkippedForPreflightRequests
--- PASS: TestAuthSkippedForPreflightRequests (0.00s)
=== RUN   TestNoRequestSignature
--- PASS: TestNoRequestSignature (0.00s)
=== RUN   TestRequestSignatureGetRequest
--- PASS: TestRequestSignatureGetRequest (0.00s)
=== RUN   TestRequestSignaturePostRequest
--- PASS: TestRequestSignaturePostRequest (0.00s)
=== RUN   TestGetRedirect
=== RUN   TestGetRedirect/request_outside_of_ProxyPrefix_redirects_to_original_URL
=== RUN   TestGetRedirect/request_under_ProxyPrefix_redirects_to_root
--- PASS: TestGetRedirect (0.00s)
    --- PASS: TestGetRedirect/request_outside_of_ProxyPrefix_redirects_to_original_URL (0.00s)
    --- PASS: TestGetRedirect/request_under_ProxyPrefix_redirects_to_root (0.00s)
=== RUN   TestAjaxUnauthorizedRequest1
--- PASS: TestAjaxUnauthorizedRequest1 (0.00s)
=== RUN   TestAjaxUnauthorizedRequest2
--- PASS: TestAjaxUnauthorizedRequest2 (0.00s)
=== RUN   TestAjaxForbiddendRequest
--- PASS: TestAjaxForbiddendRequest (0.00s)
=== RUN   TestClearSplitCookie
--- PASS: TestClearSplitCookie (0.00s)
=== RUN   TestClearSingleCookie
--- PASS: TestClearSingleCookie (0.00s)
=== RUN   TestGetJwtSession
--- PASS: TestGetJwtSession (0.00s)
=== RUN   TestJwtUnauthorizedOnGroupValidationFailure
--- PASS: TestJwtUnauthorizedOnGroupValidationFailure (0.00s)
=== RUN   TestFindJwtBearerToken
eyJfoobar.eyJfoobar.12345asdf--- PASS: TestFindJwtBearerToken (0.00s)
=== RUN   TestNewOptions
--- PASS: TestNewOptions (0.00s)
=== RUN   TestGoogleGroupOptions
--- PASS: TestGoogleGroupOptions (0.00s)
=== RUN   TestGoogleGroupInvalidFile
--- PASS: TestGoogleGroupInvalidFile (0.00s)
=== RUN   TestInitializedOptions
--- PASS: TestInitializedOptions (0.00s)
=== RUN   TestRedirectURL
--- PASS: TestRedirectURL (0.00s)
=== RUN   TestProxyURLs
--- PASS: TestProxyURLs (0.00s)
=== RUN   TestProxyURLsError
--- PASS: TestProxyURLsError (0.00s)
=== RUN   TestCompiledRegex
--- PASS: TestCompiledRegex (0.00s)
=== RUN   TestCompiledRegexError
--- PASS: TestCompiledRegexError (0.00s)
=== RUN   TestDefaultProviderApiSettings
--- PASS: TestDefaultProviderApiSettings (0.00s)
=== RUN   TestPassAccessTokenRequiresSpecificCookieSecretLengths
--- PASS: TestPassAccessTokenRequiresSpecificCookieSecretLengths (0.01s)
=== RUN   TestCookieRefreshMustBeLessThanCookieExpire
--- PASS: TestCookieRefreshMustBeLessThanCookieExpire (0.00s)
=== RUN   TestBase64CookieSecret
--- PASS: TestBase64CookieSecret (0.00s)
=== RUN   TestValidateSignatureKey
--- PASS: TestValidateSignatureKey (0.00s)
=== RUN   TestValidateSignatureKeyInvalidSpec
--- PASS: TestValidateSignatureKeyInvalidSpec (0.00s)
=== RUN   TestValidateSignatureKeyUnsupportedAlgorithm
--- PASS: TestValidateSignatureKeyUnsupportedAlgorithm (0.00s)
=== RUN   TestValidateCookie
--- PASS: TestValidateCookie (0.00s)
=== RUN   TestValidateCookieBadName
--- PASS: TestValidateCookieBadName (0.00s)
=== RUN   TestSkipOIDCDiscovery
--- PASS: TestSkipOIDCDiscovery (0.00s)
=== RUN   TestGCPHealthcheck
--- PASS: TestGCPHealthcheck (0.00s)
=== RUN   TestTemplatesCompile
--- PASS: TestTemplatesCompile (0.00s)
=== RUN   TestValidatorEmpty
--- PASS: TestValidatorEmpty (0.00s)
=== RUN   TestValidatorSingleEmail
--- PASS: TestValidatorSingleEmail (0.00s)
=== RUN   TestValidatorSingleDomain
--- PASS: TestValidatorSingleDomain (0.00s)
=== RUN   TestValidatorMultipleEmailsMultipleDomains
--- PASS: TestValidatorMultipleEmailsMultipleDomains (0.00s)
=== RUN   TestValidatorComparisonsAreCaseInsensitive
--- PASS: TestValidatorComparisonsAreCaseInsensitive (0.00s)
=== RUN   TestValidatorIgnoreSpacesInAuthEmails
--- PASS: TestValidatorIgnoreSpacesInAuthEmails (0.00s)
=== RUN   TestValidatorOverwriteEmailListViaCopyingOver
--- PASS: TestValidatorOverwriteEmailListViaCopyingOver (0.00s)
=== RUN   TestValidatorOverwriteEmailListDirectly
--- PASS: TestValidatorOverwriteEmailListDirectly (0.00s)
=== RUN   TestValidatorOverwriteEmailListViaRenameAndReplace
--- PASS: TestValidatorOverwriteEmailListViaRenameAndReplace (0.00s)
=== RUN   TestLoadEnvForStruct
--- PASS: TestLoadEnvForStruct (0.00s)
=== RUN   TestLoadEnvForStructWithEmbeddedFields
--- PASS: TestLoadEnvForStructWithEmbeddedFields (0.00s)
PASS
ok  	github.com/pusher/oauth2_proxy	(cached)
?   	github.com/pusher/oauth2_proxy/pkg/apis/options	[no test files]
=== RUN   TestSessionStateSerialization
--- PASS: TestSessionStateSerialization (0.00s)
    session_state_test.go:33: &sessions.SessionState{AccessToken:"token1234", IDToken:"rawtoken1234", CreatedAt:time.Time{wall:0x1de021e0, ext:63700422079, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0x1de021e0, ext:63700425679, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"user@domain.com"}
    session_state_test.go:45: &sessions.SessionState{AccessToken:"\xe3wI)9צ[T", IDToken:"\a\x02\x9b\xdbQ\xc9J\x80đ\b\xef", CreatedAt:time.Time{wall:0x1de021e0, ext:63700422079, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0x1de021e0, ext:63700425679, loc:(*time.Location)(0x17e2320)}, RefreshToken:"lv\x96\x8a\xa348\x10(\xbb\xb1", Email:"gGo\xbb\xa4\xdf\f\xa9\xaf\xb5\x97\x8c\x10h\b", User:"gGo\xbb\xa4\xdf\f\xa9\xaf\xb5\x97\x8c\x10h\b"}
=== RUN   TestSessionStateSerializationWithUser
--- PASS: TestSessionStateSerializationWithUser (0.00s)
    session_state_test.go:73: &sessions.SessionState{AccessToken:"token1234", IDToken:"", CreatedAt:time.Time{wall:0x1df88028, ext:63700422079, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0x1df88028, ext:63700425679, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"just-user"}
    session_state_test.go:84: &sessions.SessionState{AccessToken:";5\x99{\x97\xf1Z\xfb\xd8", IDToken:"", CreatedAt:time.Time{wall:0x1df88028, ext:63700422079, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0x1df88028, ext:63700425679, loc:(*time.Location)(0x17e2320)}, RefreshToken:"\x8a\x05\x9e\x8fd\fM\x8d\x10:\x1e", Email:"\x84\x9f\x98\xdf\xc5N~\xd3.\x8d\xbbP\xd2\x00F", User:"\u03a2\xffa\xa4mcG\x92"}
=== RUN   TestSessionStateSerializationNoCipher
--- PASS: TestSessionStateSerializationNoCipher (0.00s)
=== RUN   TestSessionStateSerializationNoCipherWithUser
--- PASS: TestSessionStateSerializationNoCipherWithUser (0.00s)
=== RUN   TestExpired
--- PASS: TestExpired (0.00s)
=== RUN   TestEncodeSessionState
--- PASS: TestEncodeSessionState (0.00s)
    session_state_test.go:185: i:0 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\"}"sessions.SessionState:sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:185: i:1 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\"}"sessions.SessionState:sessions.SessionState{AccessToken:"token1234", IDToken:"rawtoken1234", CreatedAt:time.Time{wall:0xbf49738fde0a98f8, ext:5266155, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0xbf497713de0a98f8, ext:3600005266292, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"just-user"} Error:<nil>
=== RUN   TestDecodeSessionState
--- PASS: TestDecodeSessionState (0.00s)
    session_state_test.go:316: i:0 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:1 Encoded:"{\"Email\":\"user@domain.com\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"user@domain.com"} Error:<nil>
    session_state_test.go:316: i:2 Encoded:"{\"User\":\"just-user\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:3 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\",\"AccessToken\":\"I6s+ml+/MldBMgHIiC35BTKTh57skGX24w==\",\"IDToken\":\"xojNdyyjB1HgYWh6XMtXY/Ph5eCVxa1cNsklJw==\",\"RefreshToken\":\"qEX0x6RmASxo4dhlBG6YuRs9Syn/e9sHu/+K\",\"CreatedAt\":\"2019-08-03T11:41:19.504406+02:00\",\"ExpiresOn\":\"2019-08-03T12:41:19.504412+02:00\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:4 Encoded:"{\"Email\":\"FsKKYrTWZWrxSOAqA/fTNAUZS5QWCqOBjuAbBlbVOw==\",\"User\":\"rT6JP3dxQhxUhkWrrd7yt6c1mDVyQCVVxw==\",\"AccessToken\":\"I6s+ml+/MldBMgHIiC35BTKTh57skGX24w==\",\"IDToken\":\"xojNdyyjB1HgYWh6XMtXY/Ph5eCVxa1cNsklJw==\",\"RefreshToken\":\"qEX0x6RmASxo4dhlBG6YuRs9Syn/e9sHu/+K\",\"CreatedAt\":\"2019-08-03T11:41:19.504406+02:00\",\"ExpiresOn\":\"2019-08-03T12:41:19.504412+02:00\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"token1234", IDToken:"rawtoken1234", CreatedAt:time.Time{wall:0x1e109ff0, ext:63700422079, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0x1e10b760, ext:63700425679, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:5 Encoded:"{\"Email\":\"EGTllJcOFC16b7LBYzLekaHAC5SMMSPdyUrg8hd25g==\",\"User\":\"rT6JP3dxQhxUhkWrrd7yt6c1mDVyQCVVxw==\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:6 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\",\"AccessToken\":\"X\"}"sessions.SessionState:(*sessions.SessionState)(nil) Error:&errors.errorString{s:"failed to decrypt cookie value illegal base64 data at input byte 0"}
    session_state_test.go:316: i:7 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\",\"IDToken\":\"XXXX\"}"sessions.SessionState:(*sessions.SessionState)(nil) Error:&errors.errorString{s:"encrypted cookie value should be at least 16 bytes, but is only 3 bytes"}
    session_state_test.go:316: i:8 Encoded:"email:user@domain.com user:just-user"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:9 Encoded:"email:user@domain.com user:just-user||||"sessions.SessionState:(*sessions.SessionState)(nil) Error:&errors.errorString{s:"invalid session state (legacy: expected 1 chunk for plain got 5)"}
    session_state_test.go:316: i:10 Encoded:"email:user@domain.com user:just-user"sessions.SessionState:(*sessions.SessionState)(nil) Error:&errors.errorString{s:"invalid session state (legacy: expected 4 or 5 chunks for full got 1)"}
    session_state_test.go:316: i:11 Encoded:"email:user@domain.com user:just-user|||99999999999999999999|"sessions.SessionState:(*sessions.SessionState)(nil) Error:&errors.errorString{s:"invalid session state (legacy: wrong expiration time: strconv.Atoi: parsing \"99999999999999999999\": value out of range)"}
    session_state_test.go:316: i:12 Encoded:"email:user@domain.com user:just-user|I6s+ml+/MldBMgHIiC35BTKTh57skGX24w==|1564828879|qEX0x6RmASxo4dhlBG6YuRs9Syn/e9sHu/+K"sessions.SessionState:&sessions.SessionState{AccessToken:"token1234", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:63700425679, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:13 Encoded:"email:user@domain.com user:just-user|I6s+ml+/MldBMgHIiC35BTKTh57skGX24w==|xojNdyyjB1HgYWh6XMtXY/Ph5eCVxa1cNsklJw==|1564828879|qEX0x6RmASxo4dhlBG6YuRs9Syn/e9sHu/+K"sessions.SessionState:&sessions.SessionState{AccessToken:"token1234", IDToken:"rawtoken1234", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:63700425679, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"just-user"} Error:<nil>
=== RUN   TestSessionStateAge
--- PASS: TestSessionStateAge (0.00s)
PASS
ok  	github.com/pusher/oauth2_proxy/pkg/apis/sessions	(cached)
?   	github.com/pusher/oauth2_proxy/pkg/cookies	[no test files]
=== RUN   TestEncodeAndDecodeAccessToken
--- PASS: TestEncodeAndDecodeAccessToken (0.00s)
=== RUN   TestEncodeAndDecodeAccessTokenB64
--- PASS: TestEncodeAndDecodeAccessTokenB64 (0.00s)
PASS
ok  	github.com/pusher/oauth2_proxy/pkg/encryption	(cached)
?   	github.com/pusher/oauth2_proxy/pkg/logger	[no test files]
=== RUN   TestRequest
[2019/08/03 11:41:19] [requests.go:22] 200 GET http://127.0.0.1:50216 {"foo": "bar"}
--- PASS: TestRequest (0.00s)
=== RUN   TestRequestFailure
[2019/08/03 11:41:19] [requests.go:17] GET http://127.0.0.1:50218 Get http://127.0.0.1:50218: dial tcp 127.0.0.1:50218: connect: connection refused
--- PASS: TestRequestFailure (0.00s)
=== RUN   TestHttpErrorCode
[2019/08/03 11:41:19] [requests.go:22] 404 GET http://127.0.0.1:50220 {"foo": "bar"}
--- PASS: TestHttpErrorCode (0.00s)
=== RUN   TestJsonParsingError
[2019/08/03 11:41:19] [requests.go:22] 200 GET http://127.0.0.1:50222 not well-formed JSON
--- PASS: TestJsonParsingError (0.00s)
=== RUN   TestRequestUnparsedResponseUsingAccessTokenParameter
--- PASS: TestRequestUnparsedResponseUsingAccessTokenParameter (0.00s)
=== RUN   TestRequestUnparsedResponseUsingAccessTokenParameterFailedResponse
--- PASS: TestRequestUnparsedResponseUsingAccessTokenParameterFailedResponse (0.00s)
=== RUN   TestRequestUnparsedResponseUsingHeaders
--- PASS: TestRequestUnparsedResponseUsingHeaders (0.00s)
PASS
ok  	github.com/pusher/oauth2_proxy/pkg/requests	(cached)
=== RUN   TestSessionStore
Running Suite: SessionStore
===========================
Random Seed: 1564825281
Will run 150 of 150 specs

••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
Ran 150 of 150 Specs in 0.104 seconds
SUCCESS! -- 150 Passed | 0 Failed | 0 Pending | 0 Skipped
--- PASS: TestSessionStore (0.11s)
PASS
ok  	github.com/pusher/oauth2_proxy/pkg/sessions	(cached)
?   	github.com/pusher/oauth2_proxy/pkg/sessions/cookie	[no test files]
?   	github.com/pusher/oauth2_proxy/pkg/sessions/redis	[no test files]
?   	github.com/pusher/oauth2_proxy/pkg/sessions/utils	[no test files]
=== RUN   TestAzureProviderDefaults
--- PASS: TestAzureProviderDefaults (0.00s)
=== RUN   TestAzureProviderOverrides
--- PASS: TestAzureProviderOverrides (0.00s)
=== RUN   TestAzureSetTenant
--- PASS: TestAzureSetTenant (0.00s)
=== RUN   TestAzureProviderGetEmailAddress
[2019/08/03 11:41:22] [requests.go:22] 200 GET http://127.0.0.1:50397/me?api-version=1.6 { "mail": "user@windows.net" }
--- PASS: TestAzureProviderGetEmailAddress (0.00s)
=== RUN   TestAzureProviderGetEmailAddressMailNull
[2019/08/03 11:41:22] [requests.go:22] 200 GET http://127.0.0.1:50399/me?api-version=1.6 { "mail": null, "otherMails": ["user@windows.net", "altuser@windows.net"] }
--- PASS: TestAzureProviderGetEmailAddressMailNull (0.00s)
=== RUN   TestAzureProviderGetEmailAddressGetUserPrincipalName
[2019/08/03 11:41:22] [requests.go:22] 200 GET http://127.0.0.1:50401/me?api-version=1.6 { "mail": null, "otherMails": [], "userPrincipalName": "user@windows.net" }
--- PASS: TestAzureProviderGetEmailAddressGetUserPrincipalName (0.00s)
=== RUN   TestAzureProviderGetEmailAddressFailToGetEmailAddress
[2019/08/03 11:41:22] [requests.go:22] 200 GET http://127.0.0.1:50403/me?api-version=1.6 { "mail": null, "otherMails": [], "userPrincipalName": null }
[2019/08/03 11:41:22] [azure.go:120] failed making request type assertion to string failed
--- PASS: TestAzureProviderGetEmailAddressFailToGetEmailAddress (0.00s)
=== RUN   TestAzureProviderGetEmailAddressEmptyUserPrincipalName
[2019/08/03 11:41:22] [requests.go:22] 200 GET http://127.0.0.1:50405/me?api-version=1.6 { "mail": null, "otherMails": [], "userPrincipalName": "" }
[2019/08/03 11:41:22] [azure.go:125] failed to get email address
--- PASS: TestAzureProviderGetEmailAddressEmptyUserPrincipalName (0.00s)
=== RUN   TestAzureProviderGetEmailAddressIncorrectOtherMails
[2019/08/03 11:41:22] [requests.go:22] 200 GET http://127.0.0.1:50407/me?api-version=1.6 { "mail": null, "otherMails": "", "userPrincipalName": null }
[2019/08/03 11:41:22] [azure.go:120] failed making request type assertion to string failed
--- PASS: TestAzureProviderGetEmailAddressIncorrectOtherMails (0.00s)
=== RUN   TestGitHubProviderDefaults
--- PASS: TestGitHubProviderDefaults (0.00s)
=== RUN   TestGitHubProviderOverrides
--- PASS: TestGitHubProviderOverrides (0.00s)
=== RUN   TestGitHubProviderGetEmailAddress
[2019/08/03 11:41:22] [github.go:247] got 200 from "http://127.0.0.1:50409/user/emails" [ {"email": "michael.bland@gsa.gov", "verified": true, "primary": true} ]
--- PASS: TestGitHubProviderGetEmailAddress (0.00s)
=== RUN   TestGitHubProviderGetEmailAddressNotVerified
[2019/08/03 11:41:22] [github.go:247] got 200 from "http://127.0.0.1:50411/user/emails" [ {"email": "michael.bland@gsa.gov", "verified": false, "primary": true} ]
--- PASS: TestGitHubProviderGetEmailAddressNotVerified (0.00s)
=== RUN   TestGitHubProviderGetEmailAddressWithOrg
[2019/08/03 11:41:22] [github.go:121] Found Github Organization: "testorg1"
[2019/08/03 11:41:22] [github.go:247] got 200 from "http://127.0.0.1:50413/user/emails" [ {"email": "michael.bland@gsa.gov", "primary": true, "verified": true, "login":"testorg"} ]
--- PASS: TestGitHubProviderGetEmailAddressWithOrg (0.00s)
=== RUN   TestGitHubProviderGetEmailAddressFailedRequest
[2019/08/03 11:41:22] [github.go:247] got 200 from "http://127.0.0.1:50415/user/emails" unused payload
--- PASS: TestGitHubProviderGetEmailAddressFailedRequest (0.00s)
=== RUN   TestGitHubProviderGetEmailAddressEmailNotPresentInPayload
[2019/08/03 11:41:22] [github.go:247] got 200 from "http://127.0.0.1:50417/user/emails" {"foo": "bar"}
--- PASS: TestGitHubProviderGetEmailAddressEmailNotPresentInPayload (0.00s)
=== RUN   TestGitHubProviderGetUserName
[2019/08/03 11:41:22] [github.go:297] got 200 from "http://127.0.0.1:50419/user" {"email": "michael.bland@gsa.gov", "login": "mbland"}
--- PASS: TestGitHubProviderGetUserName (0.00s)
=== RUN   TestGitLabProviderDefaults
--- PASS: TestGitLabProviderDefaults (0.00s)
=== RUN   TestGitLabProviderOverrides
--- PASS: TestGitLabProviderOverrides (0.00s)
=== RUN   TestGitLabProviderGetEmailAddress
[2019/08/03 11:41:22] [requests.go:22] 200 GET http://127.0.0.1:50421/api/v4/user?access_token=imaginary_access_token {"email": "michael.bland@gsa.gov"}
--- PASS: TestGitLabProviderGetEmailAddress (0.00s)
=== RUN   TestGitLabProviderGetEmailAddressFailedRequest
[2019/08/03 11:41:22] [requests.go:22] 404 GET http://127.0.0.1:50423/api/v4/user?access_token=unexpected_access_token
[2019/08/03 11:41:22] [gitlab.go:58] failed making request got 404
--- PASS: TestGitLabProviderGetEmailAddressFailedRequest (0.00s)
=== RUN   TestGitLabProviderGetEmailAddressEmailNotPresentInPayload
[2019/08/03 11:41:22] [requests.go:22] 200 GET http://127.0.0.1:50425/api/v4/user?access_token=imaginary_access_token {"foo": "bar"}
--- PASS: TestGitLabProviderGetEmailAddressEmailNotPresentInPayload (0.00s)
=== RUN   TestGoogleProviderDefaults
--- PASS: TestGoogleProviderDefaults (0.00s)
=== RUN   TestGoogleProviderOverrides
--- PASS: TestGoogleProviderOverrides (0.00s)
=== RUN   TestGoogleProviderGetEmailAddress
--- PASS: TestGoogleProviderGetEmailAddress (0.00s)
=== RUN   TestGoogleProviderValidateGroup
--- PASS: TestGoogleProviderValidateGroup (0.00s)
=== RUN   TestGoogleProviderWithoutValidateGroup
--- PASS: TestGoogleProviderWithoutValidateGroup (0.00s)
=== RUN   TestGoogleProviderGetEmailAddressInvalidEncoding
--- PASS: TestGoogleProviderGetEmailAddressInvalidEncoding (0.00s)
=== RUN   TestGoogleProviderGetEmailAddressInvalidJson
--- PASS: TestGoogleProviderGetEmailAddressInvalidJson (0.00s)
=== RUN   TestGoogleProviderGetEmailAddressEmailMissing
--- PASS: TestGoogleProviderGetEmailAddressEmailMissing (0.00s)
=== RUN   TestGoogleProviderUserInGroup
--- PASS: TestGoogleProviderUserInGroup (0.01s)
=== RUN   TestValidateSessionStateValidToken
[2019/08/03 11:41:22] [internal_util.go:67] 200 GET http://127.0.0.1:50437/oauth/tokeninfo?access_token=foo... only code matters; contents disregarded
--- PASS: TestValidateSessionStateValidToken (0.00s)
=== RUN   TestValidateSessionStateValidTokenWithHeaders
[2019/08/03 11:41:22] [internal_util.go:67] 200 GET http://127.0.0.1:50439/oauth/tokeninfo only code matters; contents disregarded
--- PASS: TestValidateSessionStateValidTokenWithHeaders (0.00s)
=== RUN   TestValidateSessionStateEmptyToken
--- PASS: TestValidateSessionStateEmptyToken (0.00s)
=== RUN   TestValidateSessionStateEmptyValidateURL
--- PASS: TestValidateSessionStateEmptyValidateURL (0.00s)
=== RUN   TestValidateSessionStateRequestNetworkFailure
[2019/08/03 11:41:22] [internal_util.go:60] GET http://127.0.0.1:50443/oauth/tokeninfo?access_token=foo...
[2019/08/03 11:41:22] [internal_util.go:61] token validation request failed: Get http://127.0.0.1:50443/oauth/tokeninfo?access_token=foobar: dial tcp 127.0.0.1:50443: connect: connection refused
--- PASS: TestValidateSessionStateRequestNetworkFailure (0.00s)
=== RUN   TestValidateSessionStateExpiredToken
[2019/08/03 11:41:22] [internal_util.go:67] 401 GET http://127.0.0.1:50445/oauth/tokeninfo?access_token=foo... only code matters; contents disregarded
[2019/08/03 11:41:22] [internal_util.go:72] token validation request failed: status 401 - only code matters; contents disregarded
--- PASS: TestValidateSessionStateExpiredToken (0.00s)
=== RUN   TestStripTokenNotPresent
--- PASS: TestStripTokenNotPresent (0.00s)
=== RUN   TestStripToken
--- PASS: TestStripToken (0.00s)
=== RUN   TestLinkedInProviderDefaults
--- PASS: TestLinkedInProviderDefaults (0.00s)
=== RUN   TestLinkedInProviderOverrides
--- PASS: TestLinkedInProviderOverrides (0.00s)
=== RUN   TestLinkedInProviderGetEmailAddress
[2019/08/03 11:41:22] [requests.go:22] 200 GET http://127.0.0.1:50447/v1/people/~/email-address?format=json "user@linkedin.com"
--- PASS: TestLinkedInProviderGetEmailAddress (0.00s)
=== RUN   TestLinkedInProviderGetEmailAddressFailedRequest
[2019/08/03 11:41:22] [requests.go:22] 403 GET http://127.0.0.1:50449/v1/people/~/email-address?format=json
--- PASS: TestLinkedInProviderGetEmailAddressFailedRequest (0.00s)
=== RUN   TestLinkedInProviderGetEmailAddressEmailNotPresentInPayload
[2019/08/03 11:41:22] [requests.go:22] 200 GET http://127.0.0.1:50451/v1/people/~/email-address?format=json {"foo": "bar"}
--- PASS: TestLinkedInProviderGetEmailAddressEmailNotPresentInPayload (0.00s)
=== RUN   TestLoginGovProviderDefaults
--- PASS: TestLoginGovProviderDefaults (1.23s)
=== RUN   TestLoginGovProviderOverrides
--- PASS: TestLoginGovProviderOverrides (0.00s)
=== RUN   TestLoginGovProviderSessionData
--- PASS: TestLoginGovProviderSessionData (0.89s)
=== RUN   TestLoginGovProviderBadNonce
--- PASS: TestLoginGovProviderBadNonce (1.03s)
=== RUN   TestRefresh
--- PASS: TestRefresh (0.00s)
PASS
ok  	github.com/pusher/oauth2_proxy/providers	(cached)

Tests ran against sc250024/oauth2_proxy <= My fork, same commit as master (FAIL) 

$ git remote -v

origin	git@github.com:sc250024/oauth2_proxy.git (fetch)
origin	git@github.com:sc250024/oauth2_proxy.git (push)
upstream	git@github.com:pusher/oauth2_proxy.git (fetch)
upstream	git@github.com:pusher/oauth2_proxy.git (push)

$ git branch

* master

$ git rev-parse --short HEAD
3f219bd

$ ./configure && make test

Checking for make... found
Checking for awk... found
Checking for go... found
Checking go version... 1.12.7
Checking $GOPATH... valid - /Users/scottcrooks/go
Checking for golangci-lint... found

Environment configuration written to .env
GO111MODULE=on "/Users/scottcrooks/go/bin/golangci-lint" run
GO111MODULE=on "/usr/local/bin/go" test -v -race ./...
=== RUN   TestSHA
--- PASS: TestSHA (0.00s)
=== RUN   TestBcrypt
--- PASS: TestBcrypt (2.84s)
=== RUN   TestGCPHealthcheckLiveness
--- PASS: TestGCPHealthcheckLiveness (0.00s)
=== RUN   TestGCPHealthcheckReadiness
--- PASS: TestGCPHealthcheckReadiness (0.00s)
=== RUN   TestGCPHealthcheckNotHealthcheck
--- PASS: TestGCPHealthcheckNotHealthcheck (0.00s)
=== RUN   TestGCPHealthcheckIngress
--- PASS: TestGCPHealthcheckIngress (0.00s)
=== RUN   TestGCPHealthcheckNotIngress
--- PASS: TestGCPHealthcheckNotIngress (0.00s)
=== RUN   TestGCPHealthcheckNotIngressPut
--- PASS: TestGCPHealthcheckNotIngressPut (0.00s)
=== RUN   TestLoggingHandler_ServeHTTP
--- PASS: TestLoggingHandler_ServeHTTP (0.00s)
=== RUN   TestWebSocketProxy
--- PASS: TestWebSocketProxy (0.00s)
=== RUN   TestNewReverseProxy
--- PASS: TestNewReverseProxy (0.00s)
=== RUN   TestEncodedSlashes
--- PASS: TestEncodedSlashes (0.00s)
=== RUN   TestRobotsTxt
--- PASS: TestRobotsTxt (0.00s)
=== RUN   TestIsValidRedirect
--- PASS: TestIsValidRedirect (0.00s)
=== RUN   TestBasicAuthPassword
--- PASS: TestBasicAuthPassword (0.00s)
=== RUN   TestForwardAccessTokenUpstream
--- PASS: TestForwardAccessTokenUpstream (0.00s)
=== RUN   TestDoNotForwardAccessTokenUpstream
--- PASS: TestDoNotForwardAccessTokenUpstream (0.01s)
=== RUN   TestSignInPageIncludesTargetRedirect
--- PASS: TestSignInPageIncludesTargetRedirect (0.00s)
=== RUN   TestSignInPageDirectAccessRedirectsToRoot
--- PASS: TestSignInPageDirectAccessRedirectsToRoot (0.00s)
=== RUN   TestSignInPageSkipProvider
--- PASS: TestSignInPageSkipProvider (0.00s)
=== RUN   TestSignInPageSkipProviderDirect
--- PASS: TestSignInPageSkipProviderDirect (0.00s)
=== RUN   TestLoadCookiedSession
--- PASS: TestLoadCookiedSession (0.00s)
=== RUN   TestProcessCookieNoCookieError
--- PASS: TestProcessCookieNoCookieError (0.00s)
=== RUN   TestProcessCookieRefreshNotSet
--- PASS: TestProcessCookieRefreshNotSet (0.00s)
=== RUN   TestProcessCookieFailIfCookieExpired
--- PASS: TestProcessCookieFailIfCookieExpired (0.00s)
=== RUN   TestProcessCookieFailIfRefreshSetAndCookieExpired
--- PASS: TestProcessCookieFailIfRefreshSetAndCookieExpired (0.00s)
=== RUN   TestAuthOnlyEndpointAccepted
--- PASS: TestAuthOnlyEndpointAccepted (0.00s)
=== RUN   TestAuthOnlyEndpointUnauthorizedOnNoCookieSetError
--- PASS: TestAuthOnlyEndpointUnauthorizedOnNoCookieSetError (0.00s)
=== RUN   TestAuthOnlyEndpointUnauthorizedOnExpiration
--- PASS: TestAuthOnlyEndpointUnauthorizedOnExpiration (0.00s)
=== RUN   TestAuthOnlyEndpointUnauthorizedOnEmailValidationFailure
--- PASS: TestAuthOnlyEndpointUnauthorizedOnEmailValidationFailure (0.00s)
=== RUN   TestAuthOnlyEndpointUnauthorizedOnProviderGroupValidationFailure
--- PASS: TestAuthOnlyEndpointUnauthorizedOnProviderGroupValidationFailure (0.00s)
=== RUN   TestAuthOnlyEndpointSetXAuthRequestHeaders
--- PASS: TestAuthOnlyEndpointSetXAuthRequestHeaders (0.00s)
=== RUN   TestAuthSkippedForPreflightRequests
--- PASS: TestAuthSkippedForPreflightRequests (0.00s)
=== RUN   TestNoRequestSignature
--- PASS: TestNoRequestSignature (0.00s)
=== RUN   TestRequestSignatureGetRequest
--- PASS: TestRequestSignatureGetRequest (0.00s)
=== RUN   TestRequestSignaturePostRequest
--- PASS: TestRequestSignaturePostRequest (0.00s)
=== RUN   TestGetRedirect
=== RUN   TestGetRedirect/request_outside_of_ProxyPrefix_redirects_to_original_URL
=== RUN   TestGetRedirect/request_under_ProxyPrefix_redirects_to_root
--- PASS: TestGetRedirect (0.00s)
    --- PASS: TestGetRedirect/request_outside_of_ProxyPrefix_redirects_to_original_URL (0.00s)
    --- PASS: TestGetRedirect/request_under_ProxyPrefix_redirects_to_root (0.00s)
=== RUN   TestAjaxUnauthorizedRequest1
--- PASS: TestAjaxUnauthorizedRequest1 (0.00s)
=== RUN   TestAjaxUnauthorizedRequest2
--- PASS: TestAjaxUnauthorizedRequest2 (0.00s)
=== RUN   TestAjaxForbiddendRequest
--- PASS: TestAjaxForbiddendRequest (0.00s)
=== RUN   TestClearSplitCookie
--- PASS: TestClearSplitCookie (0.00s)
=== RUN   TestClearSingleCookie
--- PASS: TestClearSingleCookie (0.00s)
=== RUN   TestGetJwtSession
--- PASS: TestGetJwtSession (0.00s)
=== RUN   TestJwtUnauthorizedOnGroupValidationFailure
--- PASS: TestJwtUnauthorizedOnGroupValidationFailure (0.00s)
=== RUN   TestFindJwtBearerToken
eyJfoobar.eyJfoobar.12345asdf--- PASS: TestFindJwtBearerToken (0.00s)
=== RUN   TestNewOptions
--- PASS: TestNewOptions (0.00s)
=== RUN   TestGoogleGroupOptions
--- PASS: TestGoogleGroupOptions (0.00s)
=== RUN   TestGoogleGroupInvalidFile
--- PASS: TestGoogleGroupInvalidFile (0.00s)
=== RUN   TestInitializedOptions
--- PASS: TestInitializedOptions (0.00s)
=== RUN   TestRedirectURL
--- PASS: TestRedirectURL (0.00s)
=== RUN   TestProxyURLs
--- PASS: TestProxyURLs (0.00s)
=== RUN   TestProxyURLsError
--- PASS: TestProxyURLsError (0.00s)
=== RUN   TestCompiledRegex
--- PASS: TestCompiledRegex (0.00s)
=== RUN   TestCompiledRegexError
--- PASS: TestCompiledRegexError (0.00s)
=== RUN   TestDefaultProviderApiSettings
--- PASS: TestDefaultProviderApiSettings (0.00s)
=== RUN   TestPassAccessTokenRequiresSpecificCookieSecretLengths
--- PASS: TestPassAccessTokenRequiresSpecificCookieSecretLengths (0.00s)
=== RUN   TestCookieRefreshMustBeLessThanCookieExpire
--- PASS: TestCookieRefreshMustBeLessThanCookieExpire (0.00s)
=== RUN   TestBase64CookieSecret
--- PASS: TestBase64CookieSecret (0.00s)
=== RUN   TestValidateSignatureKey
--- PASS: TestValidateSignatureKey (0.00s)
=== RUN   TestValidateSignatureKeyInvalidSpec
--- PASS: TestValidateSignatureKeyInvalidSpec (0.00s)
=== RUN   TestValidateSignatureKeyUnsupportedAlgorithm
--- PASS: TestValidateSignatureKeyUnsupportedAlgorithm (0.00s)
=== RUN   TestValidateCookie
--- PASS: TestValidateCookie (0.00s)
=== RUN   TestValidateCookieBadName
--- PASS: TestValidateCookieBadName (0.00s)
=== RUN   TestSkipOIDCDiscovery
--- PASS: TestSkipOIDCDiscovery (0.00s)
=== RUN   TestGCPHealthcheck
--- PASS: TestGCPHealthcheck (0.00s)
=== RUN   TestTemplatesCompile
--- PASS: TestTemplatesCompile (0.00s)
=== RUN   TestValidatorEmpty
--- PASS: TestValidatorEmpty (0.00s)
=== RUN   TestValidatorSingleEmail
--- PASS: TestValidatorSingleEmail (0.00s)
=== RUN   TestValidatorSingleDomain
--- PASS: TestValidatorSingleDomain (0.00s)
=== RUN   TestValidatorMultipleEmailsMultipleDomains
--- PASS: TestValidatorMultipleEmailsMultipleDomains (0.00s)
=== RUN   TestValidatorComparisonsAreCaseInsensitive
--- PASS: TestValidatorComparisonsAreCaseInsensitive (0.00s)
=== RUN   TestValidatorIgnoreSpacesInAuthEmails
--- PASS: TestValidatorIgnoreSpacesInAuthEmails (0.00s)
=== RUN   TestValidatorOverwriteEmailListViaCopyingOver
--- PASS: TestValidatorOverwriteEmailListViaCopyingOver (0.00s)
=== RUN   TestValidatorOverwriteEmailListDirectly
FAIL	github.com/pusher/oauth2_proxy	2.981s
?   	github.com/pusher/oauth2_proxy/pkg/apis/options	[no test files]
=== RUN   TestSessionStateSerialization
--- PASS: TestSessionStateSerialization (0.00s)
    session_state_test.go:33: &sessions.SessionState{AccessToken:"token1234", IDToken:"rawtoken1234", CreatedAt:time.Time{wall:0x383f23b0, ext:63700422536, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0x383f23b0, ext:63700426136, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"user@domain.com"}
    session_state_test.go:45: &sessions.SessionState{AccessToken:"\xae\xc9\x10\x94eh\x1d5'", IDToken:"\x93\x93[\x9f\xb9\x15pA!\xf8\xc9\xd3", CreatedAt:time.Time{wall:0x383f23b0, ext:63700422536, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0x383f23b0, ext:63700426136, loc:(*time.Location)(0x17e2320)}, RefreshToken:"%\x13\xe7\xbaM\x8f\xcd\xf3\xeaB\xcb", Email:"{\xc8\v-\x17\xa5!\xf4\xa7\xbe\xf0\xf7Z\x18%", User:"{\xc8\v-\x17\xa5!\xf4\xa7\xbe\xf0\xf7Z\x18%"}
=== RUN   TestSessionStateSerializationWithUser
--- PASS: TestSessionStateSerializationWithUser (0.00s)
    session_state_test.go:73: &sessions.SessionState{AccessToken:"token1234", IDToken:"", CreatedAt:time.Time{wall:0x3854ce90, ext:63700422536, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0x3854ce90, ext:63700426136, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"just-user"}
    session_state_test.go:84: &sessions.SessionState{AccessToken:"\xe1\xb3\xd9{\xaaޤ\xc2\xeb", IDToken:"", CreatedAt:time.Time{wall:0x3854ce90, ext:63700422536, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0x3854ce90, ext:63700426136, loc:(*time.Location)(0x17e2320)}, RefreshToken:"x\xab3$\x0exS\xfetU\x94", Email:"\x15\x16m\u007f\t\x15\xb3QŶ\xb6\x87$\x13o", User:"\xddL)\x03R\xe8\xa4b\xba"}
=== RUN   TestSessionStateSerializationNoCipher
--- PASS: TestSessionStateSerializationNoCipher (0.00s)
=== RUN   TestSessionStateSerializationNoCipherWithUser
--- PASS: TestSessionStateSerializationNoCipherWithUser (0.00s)
=== RUN   TestExpired
--- PASS: TestExpired (0.00s)
=== RUN   TestEncodeSessionState
--- PASS: TestEncodeSessionState (0.00s)
    session_state_test.go:185: i:0 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\"}"sessions.SessionState:sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:185: i:1 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\"}"sessions.SessionState:sessions.SessionState{AccessToken:"token1234", IDToken:"rawtoken1234", CreatedAt:time.Time{wall:0xbf49740238690a40, ext:5337620, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0xbf49778638690a40, ext:3600005337742, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"just-user"} Error:<nil>
=== RUN   TestDecodeSessionState
--- PASS: TestDecodeSessionState (0.00s)
    session_state_test.go:316: i:0 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:1 Encoded:"{\"Email\":\"user@domain.com\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"user@domain.com"} Error:<nil>
    session_state_test.go:316: i:2 Encoded:"{\"User\":\"just-user\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:3 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\",\"AccessToken\":\"I6s+ml+/MldBMgHIiC35BTKTh57skGX24w==\",\"IDToken\":\"xojNdyyjB1HgYWh6XMtXY/Ph5eCVxa1cNsklJw==\",\"RefreshToken\":\"qEX0x6RmASxo4dhlBG6YuRs9Syn/e9sHu/+K\",\"CreatedAt\":\"2019-08-03T11:48:56.946988+02:00\",\"ExpiresOn\":\"2019-08-03T12:48:56.946996+02:00\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:4 Encoded:"{\"Email\":\"FsKKYrTWZWrxSOAqA/fTNAUZS5QWCqOBjuAbBlbVOw==\",\"User\":\"rT6JP3dxQhxUhkWrrd7yt6c1mDVyQCVVxw==\",\"AccessToken\":\"I6s+ml+/MldBMgHIiC35BTKTh57skGX24w==\",\"IDToken\":\"xojNdyyjB1HgYWh6XMtXY/Ph5eCVxa1cNsklJw==\",\"RefreshToken\":\"qEX0x6RmASxo4dhlBG6YuRs9Syn/e9sHu/+K\",\"CreatedAt\":\"2019-08-03T11:48:56.946988+02:00\",\"ExpiresOn\":\"2019-08-03T12:48:56.946996+02:00\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"token1234", IDToken:"rawtoken1234", CreatedAt:time.Time{wall:0x3871e3e0, ext:63700422536, loc:(*time.Location)(0x17e2320)}, ExpiresOn:time.Time{wall:0x38720320, ext:63700426136, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:5 Encoded:"{\"Email\":\"EGTllJcOFC16b7LBYzLekaHAC5SMMSPdyUrg8hd25g==\",\"User\":\"rT6JP3dxQhxUhkWrrd7yt6c1mDVyQCVVxw==\"}"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:6 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\",\"AccessToken\":\"X\"}"sessions.SessionState:(*sessions.SessionState)(nil) Error:&errors.errorString{s:"failed to decrypt cookie value illegal base64 data at input byte 0"}
    session_state_test.go:316: i:7 Encoded:"{\"Email\":\"user@domain.com\",\"User\":\"just-user\",\"IDToken\":\"XXXX\"}"sessions.SessionState:(*sessions.SessionState)(nil) Error:&errors.errorString{s:"encrypted cookie value should be at least 16 bytes, but is only 3 bytes"}
    session_state_test.go:316: i:8 Encoded:"email:user@domain.com user:just-user"sessions.SessionState:&sessions.SessionState{AccessToken:"", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, RefreshToken:"", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:9 Encoded:"email:user@domain.com user:just-user||||"sessions.SessionState:(*sessions.SessionState)(nil) Error:&errors.errorString{s:"invalid session state (legacy: expected 1 chunk for plain got 5)"}
    session_state_test.go:316: i:10 Encoded:"email:user@domain.com user:just-user"sessions.SessionState:(*sessions.SessionState)(nil) Error:&errors.errorString{s:"invalid session state (legacy: expected 4 or 5 chunks for full got 1)"}
    session_state_test.go:316: i:11 Encoded:"email:user@domain.com user:just-user|||99999999999999999999|"sessions.SessionState:(*sessions.SessionState)(nil) Error:&errors.errorString{s:"invalid session state (legacy: wrong expiration time: strconv.Atoi: parsing \"99999999999999999999\": value out of range)"}
    session_state_test.go:316: i:12 Encoded:"email:user@domain.com user:just-user|I6s+ml+/MldBMgHIiC35BTKTh57skGX24w==|1564829336|qEX0x6RmASxo4dhlBG6YuRs9Syn/e9sHu/+K"sessions.SessionState:&sessions.SessionState{AccessToken:"token1234", IDToken:"", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:63700426136, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"just-user"} Error:<nil>
    session_state_test.go:316: i:13 Encoded:"email:user@domain.com user:just-user|I6s+ml+/MldBMgHIiC35BTKTh57skGX24w==|xojNdyyjB1HgYWh6XMtXY/Ph5eCVxa1cNsklJw==|1564829336|qEX0x6RmASxo4dhlBG6YuRs9Syn/e9sHu/+K"sessions.SessionState:&sessions.SessionState{AccessToken:"token1234", IDToken:"rawtoken1234", CreatedAt:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}, ExpiresOn:time.Time{wall:0x0, ext:63700426136, loc:(*time.Location)(0x17e2320)}, RefreshToken:"refresh4321", Email:"user@domain.com", User:"just-user"} Error:<nil>
=== RUN   TestSessionStateAge
--- PASS: TestSessionStateAge (0.00s)
PASS
ok  	github.com/pusher/oauth2_proxy/pkg/apis/sessions	1.026s
?   	github.com/pusher/oauth2_proxy/pkg/cookies	[no test files]
=== RUN   TestEncodeAndDecodeAccessToken
--- PASS: TestEncodeAndDecodeAccessToken (0.00s)
=== RUN   TestEncodeAndDecodeAccessTokenB64
--- PASS: TestEncodeAndDecodeAccessTokenB64 (0.00s)
PASS
ok  	github.com/pusher/oauth2_proxy/pkg/encryption	1.024s
?   	github.com/pusher/oauth2_proxy/pkg/logger	[no test files]
=== RUN   TestRequest
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50603 {"foo": "bar"}
--- PASS: TestRequest (0.00s)
=== RUN   TestRequestFailure
[2019/08/03 11:48:57] [requests.go:17] GET http://127.0.0.1:50605 Get http://127.0.0.1:50605: dial tcp 127.0.0.1:50605: connect: connection refused
--- PASS: TestRequestFailure (0.00s)
=== RUN   TestHttpErrorCode
[2019/08/03 11:48:57] [requests.go:22] 404 GET http://127.0.0.1:50607 {"foo": "bar"}
--- PASS: TestHttpErrorCode (0.00s)
=== RUN   TestJsonParsingError
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50609 not well-formed JSON
--- PASS: TestJsonParsingError (0.00s)
=== RUN   TestRequestUnparsedResponseUsingAccessTokenParameter
--- PASS: TestRequestUnparsedResponseUsingAccessTokenParameter (0.00s)
=== RUN   TestRequestUnparsedResponseUsingAccessTokenParameterFailedResponse
--- PASS: TestRequestUnparsedResponseUsingAccessTokenParameterFailedResponse (0.00s)
=== RUN   TestRequestUnparsedResponseUsingHeaders
--- PASS: TestRequestUnparsedResponseUsingHeaders (0.00s)
PASS
ok  	github.com/pusher/oauth2_proxy/pkg/requests	1.030s
=== RUN   TestSessionStore
Running Suite: SessionStore
===========================
Random Seed: 1564825737
Will run 150 of 150 specs

••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
Ran 150 of 150 Specs in 0.096 seconds
SUCCESS! -- 150 Passed | 0 Failed | 0 Pending | 0 Skipped
--- PASS: TestSessionStore (0.10s)
PASS
ok  	github.com/pusher/oauth2_proxy/pkg/sessions	1.342s
?   	github.com/pusher/oauth2_proxy/pkg/sessions/cookie	[no test files]
?   	github.com/pusher/oauth2_proxy/pkg/sessions/redis	[no test files]
?   	github.com/pusher/oauth2_proxy/pkg/sessions/utils	[no test files]
=== RUN   TestAzureProviderDefaults
--- PASS: TestAzureProviderDefaults (0.00s)
=== RUN   TestAzureProviderOverrides
--- PASS: TestAzureProviderOverrides (0.00s)
=== RUN   TestAzureSetTenant
--- PASS: TestAzureSetTenant (0.00s)
=== RUN   TestAzureProviderGetEmailAddress
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50619/me?api-version=1.6 { "mail": "user@windows.net" }
--- PASS: TestAzureProviderGetEmailAddress (0.00s)
=== RUN   TestAzureProviderGetEmailAddressMailNull
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50621/me?api-version=1.6 { "mail": null, "otherMails": ["user@windows.net", "altuser@windows.net"] }
--- PASS: TestAzureProviderGetEmailAddressMailNull (0.00s)
=== RUN   TestAzureProviderGetEmailAddressGetUserPrincipalName
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50623/me?api-version=1.6 { "mail": null, "otherMails": [], "userPrincipalName": "user@windows.net" }
--- PASS: TestAzureProviderGetEmailAddressGetUserPrincipalName (0.00s)
=== RUN   TestAzureProviderGetEmailAddressFailToGetEmailAddress
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50625/me?api-version=1.6 { "mail": null, "otherMails": [], "userPrincipalName": null }
[2019/08/03 11:48:57] [azure.go:120] failed making request type assertion to string failed
--- PASS: TestAzureProviderGetEmailAddressFailToGetEmailAddress (0.00s)
=== RUN   TestAzureProviderGetEmailAddressEmptyUserPrincipalName
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50627/me?api-version=1.6 { "mail": null, "otherMails": [], "userPrincipalName": "" }
[2019/08/03 11:48:57] [azure.go:125] failed to get email address
--- PASS: TestAzureProviderGetEmailAddressEmptyUserPrincipalName (0.00s)
=== RUN   TestAzureProviderGetEmailAddressIncorrectOtherMails
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50629/me?api-version=1.6 { "mail": null, "otherMails": "", "userPrincipalName": null }
[2019/08/03 11:48:57] [azure.go:120] failed making request type assertion to string failed
--- PASS: TestAzureProviderGetEmailAddressIncorrectOtherMails (0.00s)
=== RUN   TestGitHubProviderDefaults
--- PASS: TestGitHubProviderDefaults (0.00s)
=== RUN   TestGitHubProviderOverrides
--- PASS: TestGitHubProviderOverrides (0.00s)
=== RUN   TestGitHubProviderGetEmailAddress
[2019/08/03 11:48:57] [github.go:247] got 200 from "http://127.0.0.1:50631/user/emails" [ {"email": "michael.bland@gsa.gov", "verified": true, "primary": true} ]
--- PASS: TestGitHubProviderGetEmailAddress (0.00s)
=== RUN   TestGitHubProviderGetEmailAddressNotVerified
[2019/08/03 11:48:57] [github.go:247] got 200 from "http://127.0.0.1:50633/user/emails" [ {"email": "michael.bland@gsa.gov", "verified": false, "primary": true} ]
--- PASS: TestGitHubProviderGetEmailAddressNotVerified (0.00s)
=== RUN   TestGitHubProviderGetEmailAddressWithOrg
[2019/08/03 11:48:57] [github.go:121] Found Github Organization: "testorg1"
[2019/08/03 11:48:57] [github.go:247] got 200 from "http://127.0.0.1:50635/user/emails" [ {"email": "michael.bland@gsa.gov", "primary": true, "verified": true, "login":"testorg"} ]
--- PASS: TestGitHubProviderGetEmailAddressWithOrg (0.00s)
=== RUN   TestGitHubProviderGetEmailAddressFailedRequest
[2019/08/03 11:48:57] [github.go:247] got 200 from "http://127.0.0.1:50637/user/emails" unused payload
--- PASS: TestGitHubProviderGetEmailAddressFailedRequest (0.00s)
=== RUN   TestGitHubProviderGetEmailAddressEmailNotPresentInPayload
[2019/08/03 11:48:57] [github.go:247] got 200 from "http://127.0.0.1:50639/user/emails" {"foo": "bar"}
--- PASS: TestGitHubProviderGetEmailAddressEmailNotPresentInPayload (0.00s)
=== RUN   TestGitHubProviderGetUserName
[2019/08/03 11:48:57] [github.go:297] got 200 from "http://127.0.0.1:50641/user" {"email": "michael.bland@gsa.gov", "login": "mbland"}
--- PASS: TestGitHubProviderGetUserName (0.00s)
=== RUN   TestGitLabProviderDefaults
--- PASS: TestGitLabProviderDefaults (0.00s)
=== RUN   TestGitLabProviderOverrides
--- PASS: TestGitLabProviderOverrides (0.00s)
=== RUN   TestGitLabProviderGetEmailAddress
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50643/api/v4/user?access_token=imaginary_access_token {"email": "michael.bland@gsa.gov"}
--- PASS: TestGitLabProviderGetEmailAddress (0.00s)
=== RUN   TestGitLabProviderGetEmailAddressFailedRequest
[2019/08/03 11:48:57] [requests.go:22] 404 GET http://127.0.0.1:50645/api/v4/user?access_token=unexpected_access_token
[2019/08/03 11:48:57] [gitlab.go:58] failed making request got 404
--- PASS: TestGitLabProviderGetEmailAddressFailedRequest (0.00s)
=== RUN   TestGitLabProviderGetEmailAddressEmailNotPresentInPayload
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50647/api/v4/user?access_token=imaginary_access_token {"foo": "bar"}
--- PASS: TestGitLabProviderGetEmailAddressEmailNotPresentInPayload (0.00s)
=== RUN   TestGoogleProviderDefaults
--- PASS: TestGoogleProviderDefaults (0.00s)
=== RUN   TestGoogleProviderOverrides
--- PASS: TestGoogleProviderOverrides (0.00s)
=== RUN   TestGoogleProviderGetEmailAddress
--- PASS: TestGoogleProviderGetEmailAddress (0.00s)
=== RUN   TestGoogleProviderValidateGroup
--- PASS: TestGoogleProviderValidateGroup (0.00s)
=== RUN   TestGoogleProviderWithoutValidateGroup
--- PASS: TestGoogleProviderWithoutValidateGroup (0.00s)
=== RUN   TestGoogleProviderGetEmailAddressInvalidEncoding
--- PASS: TestGoogleProviderGetEmailAddressInvalidEncoding (0.00s)
=== RUN   TestGoogleProviderGetEmailAddressInvalidJson
--- PASS: TestGoogleProviderGetEmailAddressInvalidJson (0.00s)
=== RUN   TestGoogleProviderGetEmailAddressEmailMissing
--- PASS: TestGoogleProviderGetEmailAddressEmailMissing (0.00s)
=== RUN   TestGoogleProviderUserInGroup
--- PASS: TestGoogleProviderUserInGroup (0.01s)
=== RUN   TestValidateSessionStateValidToken
[2019/08/03 11:48:57] [internal_util.go:67] 200 GET http://127.0.0.1:50659/oauth/tokeninfo?access_token=foo... only code matters; contents disregarded
--- PASS: TestValidateSessionStateValidToken (0.00s)
=== RUN   TestValidateSessionStateValidTokenWithHeaders
[2019/08/03 11:48:57] [internal_util.go:67] 200 GET http://127.0.0.1:50661/oauth/tokeninfo only code matters; contents disregarded
--- PASS: TestValidateSessionStateValidTokenWithHeaders (0.00s)
=== RUN   TestValidateSessionStateEmptyToken
--- PASS: TestValidateSessionStateEmptyToken (0.00s)
=== RUN   TestValidateSessionStateEmptyValidateURL
--- PASS: TestValidateSessionStateEmptyValidateURL (0.00s)
=== RUN   TestValidateSessionStateRequestNetworkFailure
[2019/08/03 11:48:57] [internal_util.go:60] GET http://127.0.0.1:50665/oauth/tokeninfo?access_token=foo...
[2019/08/03 11:48:57] [internal_util.go:61] token validation request failed: Get http://127.0.0.1:50665/oauth/tokeninfo?access_token=foobar: dial tcp 127.0.0.1:50665: connect: connection refused
--- PASS: TestValidateSessionStateRequestNetworkFailure (0.00s)
=== RUN   TestValidateSessionStateExpiredToken
[2019/08/03 11:48:57] [internal_util.go:67] 401 GET http://127.0.0.1:50667/oauth/tokeninfo?access_token=foo... only code matters; contents disregarded
[2019/08/03 11:48:57] [internal_util.go:72] token validation request failed: status 401 - only code matters; contents disregarded
--- PASS: TestValidateSessionStateExpiredToken (0.00s)
=== RUN   TestStripTokenNotPresent
--- PASS: TestStripTokenNotPresent (0.00s)
=== RUN   TestStripToken
--- PASS: TestStripToken (0.00s)
=== RUN   TestLinkedInProviderDefaults
--- PASS: TestLinkedInProviderDefaults (0.00s)
=== RUN   TestLinkedInProviderOverrides
--- PASS: TestLinkedInProviderOverrides (0.00s)
=== RUN   TestLinkedInProviderGetEmailAddress
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50669/v1/people/~/email-address?format=json "user@linkedin.com"
--- PASS: TestLinkedInProviderGetEmailAddress (0.00s)
=== RUN   TestLinkedInProviderGetEmailAddressFailedRequest
[2019/08/03 11:48:57] [requests.go:22] 403 GET http://127.0.0.1:50671/v1/people/~/email-address?format=json
--- PASS: TestLinkedInProviderGetEmailAddressFailedRequest (0.00s)
=== RUN   TestLinkedInProviderGetEmailAddressEmailNotPresentInPayload
[2019/08/03 11:48:57] [requests.go:22] 200 GET http://127.0.0.1:50673/v1/people/~/email-address?format=json {"foo": "bar"}
--- PASS: TestLinkedInProviderGetEmailAddressEmailNotPresentInPayload (0.00s)
=== RUN   TestLoginGovProviderDefaults
--- PASS: TestLoginGovProviderDefaults (0.58s)
=== RUN   TestLoginGovProviderOverrides
--- PASS: TestLoginGovProviderOverrides (0.00s)
=== RUN   TestLoginGovProviderSessionData
--- PASS: TestLoginGovProviderSessionData (0.87s)
=== RUN   TestLoginGovProviderBadNonce
--- PASS: TestLoginGovProviderBadNonce (0.67s)
=== RUN   TestRefresh
--- PASS: TestRefresh (0.00s)
PASS
ok  	github.com/pusher/oauth2_proxy/providers	3.203s
make: *** [test] Error 1

$ echo $?
2

Tests ran against Overv/oauth2_proxy <= His fork with new commits (FAIL) 

$ git remote -v

origin	git@github.com:Overv/oauth2_proxy.git (fetch)
origin	git@github.com:Overv/oauth2_proxy.git (push)

$ git branch
* feature/gitlab-oidc
  master
$ git rev-parse --short HEAD
b530f18

$ go version
go version go1.12.7 darwin/amd64

$ ./configure && make test

.env
Checking for make... found
Checking for awk... found
Checking for go... found
Checking go version... 1.12.7
Checking $GOPATH... valid - /Users/scottcrooks/go
Checking for golangci-lint... found

Environment configuration written to .env
GO111MODULE=on "/Users/scottcrooks/go/bin/golangci-lint" run
providers/azure_test.go:116:47: string `Bearer imaginary_access_token` has 3 occurrences, make it a constant (goconst)
			} else if r.Header.Get("Authorization") != "Bearer imaginary_access_token" {
			                                           ^
make: *** [lint] Error 1

Not sure if this is a Go thing or not? Is that supposed to happen?

@steakunderscore
Copy link
Contributor

steakunderscore commented Aug 3, 2019
edited
Loading

Tests ran against Overv/oauth2_proxy <= His fork with new commits (FAIL)

Although the linter has a valid point, instead I would change the test by replacing imaginary_access_token with a_gitlab_access_token or some thing like that.

@sc250024
Copy link

sc250024 commented Aug 5, 2019

@Overv Do you have time to update the tests?

@Overv
Copy link
Contributor Author

Overv commented Aug 5, 2019

@sc250024 Yeah, looking into it right now.

@Overv
Copy link
Contributor Author

Overv commented Aug 5, 2019

I don't think Mr Travis likes me very much.

@sc250024
Copy link

sc250024 commented Aug 5, 2019

@Overv Maybe this? golangci/golangci-lint#395

@Overv
Copy link
Contributor Author

Overv commented Aug 5, 2019

@sc250024 Nah, it looks like the linter just times out after the default runtime of 1 minute due to the long dependency installation. Someone will have to fix the CI configuration to either install the dependencies in advance (which is possible since the change to Go modules) or increase the linting deadline.

@sc250024
Copy link

sc250024 commented Aug 5, 2019

@Overv Gotcha.

@steakunderscore I saw you spun up this PR => #233. Can @Overv 's suggestion be included?

@steakunderscore
Copy link
Contributor

Just updated my PR #233. Once that's merged I'll kick off a rebuild of this branch.

@steakunderscore
Copy link
Contributor

Actually you'll need to rebase/merge master, which will cause this branch to rebuild

@sc250024
Copy link

sc250024 commented Aug 5, 2019
edited
Loading

Thanks guys for being quick on this! Appreciate your work.

loshz
loshz previously approved these changes Aug 5, 2019
View reviewed changes
Copy link
Contributor

@loshz loshz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

JoelSpeed
JoelSpeed previously approved these changes Aug 5, 2019
View reviewed changes
Copy link
Member

@JoelSpeed JoelSpeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Though at some point we should try and refactor the providers. We have a lot of providers that use OIDC and they all look very very similar

@JoelSpeed JoelSpeed dismissed stale reviews from loshz and themself via 02cd9e4 August 5, 2019 10:47
steakunderscore
steakunderscore previously approved these changes Aug 5, 2019
View reviewed changes
Copy link
Contributor

@steakunderscore steakunderscore left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍 Thanks for this!

loshz
loshz previously approved these changes Aug 6, 2019
View reviewed changes
Copy link
Contributor

@loshz loshz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@loshz
Copy link
Contributor

loshz commented Aug 6, 2019

@Overv if you have time to fix the changelog conflicts I'm happy to merge.

@Overv Overv dismissed stale reviews from loshz and steakunderscore via f1ea98f August 6, 2019 10:51
@Overv
Copy link
Contributor Author

Overv commented Aug 6, 2019

@syscll I've rebased and fixed the conflict.

loshz
loshz approved these changes Aug 6, 2019
View reviewed changes
Copy link
Contributor

@loshz loshz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's get one more review from @steakunderscore or @JoelSpeed and we're good to go 👍

steakunderscore
steakunderscore approved these changes Aug 6, 2019
View reviewed changes
Copy link
Contributor

@steakunderscore steakunderscore left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks 👍

@loshz loshz merged commit 4de4998 into oauth2-proxy:master Aug 6, 2019
@sc250024
Copy link

sc250024 commented Aug 8, 2019

Is there a planned release for this by the way?

@steakunderscore
Copy link
Contributor

@sc250024 We are hoping to make a v4.0.0 release soon. I just created a project to track anything that's left to be merged before we release. Note I'm not sure we have everything on that project yet.

@sc250024 sc250024 mentioned this pull request Aug 9, 2019
Closed
@sc250024
Copy link

sc250024 commented Aug 9, 2019

@steakunderscore Got it, thank you!

@ccauet ccauet mentioned this pull request Oct 30, 2019
Closed
@conet conet mentioned this pull request Jan 30, 2020
Closed
@conet conet mentioned this pull request Feb 22, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@steakunderscore steakunderscore steakunderscore approved these changes

@loshz loshz loshz approved these changes

@JoelSpeed JoelSpeed JoelSpeed left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Overv @sc250024 @steakunderscore @loshz @JoelSpeed