From 4416574175c9534ec420cbf27277291332d6bea3 Mon Sep 17 00:00:00 2001 From: Branden Cash <203336+ammmze@users.noreply.github.com> Date: Sat, 12 Mar 2022 11:10:58 -0700 Subject: [PATCH] feat: allow multiple cookie domains via env var --- internal/configuration/config.go | 4 ++-- internal/configuration/config_test.go | 25 +++++++++++++++++++++++++ internal/handlers/server.go | 8 ++++---- 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/internal/configuration/config.go b/internal/configuration/config.go index d4332bb..a5e05e2 100644 --- a/internal/configuration/config.go +++ b/internal/configuration/config.go @@ -36,10 +36,10 @@ type Config struct { ProviderURI string `long:"provider-uri" env:"PROVIDER_URI" description:"OIDC Provider URI"` ClientID string `long:"client-id" env:"CLIENT_ID" description:"Client ID"` ClientSecret string `long:"client-secret" env:"CLIENT_SECRET" description:"Client Secret" json:"-"` - Scope string `long:"scope" env:"SCOPE" description:"Define scope"` + Scope []string `long:"scope" env:"SCOPE" env-delim:" " description:"Define scope"` AuthHost string `long:"auth-host" env:"AUTH_HOST" description:"Single host to use when returning from 3rd party auth"` Config func(s string) error `long:"config" env:"CONFIG" description:"Path to config file" json:"-"` - CookieDomains []util.CookieDomain `long:"cookie-domain" env:"COOKIE_DOMAIN" description:"Domain to set auth cookie on, can be set multiple times"` + CookieDomains []util.CookieDomain `long:"cookie-domain" env:"COOKIE_DOMAIN" env-delim:"," description:"Domain to set auth cookie on, can be set multiple times"` InsecureCookie bool `long:"insecure-cookie" env:"INSECURE_COOKIE" description:"Use insecure cookies"` CookieName string `long:"cookie-name" env:"COOKIE_NAME" default:"_forward_auth" description:"ID Cookie Name"` EmailHeaderNames CommaSeparatedList `long:"email-header-names" env:"EMAIL_HEADER_NAMES" default:"X-Forwarded-User" description:"Response headers containing the authenticated user's username"` diff --git a/internal/configuration/config_test.go b/internal/configuration/config_test.go index ace68e5..572ca18 100644 --- a/internal/configuration/config_test.go +++ b/internal/configuration/config_test.go @@ -129,6 +129,31 @@ func TestConfigParseEnvironment(t *testing.T) { os.Unsetenv("COOKIE_NAME") } +func TestConfigParseCookieDomainFromEnvironment(t *testing.T) { + assert := assert.New(t) + os.Setenv("COOKIE_DOMAIN", "example.com,example2.com") + c, err := NewConfig([]string{}) + assert.Nil(err) + + if assert.Len(c.CookieDomains, 2, "there must be 2 cookie domains") { + assert.Equal("example.com", c.CookieDomains[0].Domain, "first cookie domain should be read from environment") + assert.Equal("example2.com", c.CookieDomains[1].Domain, "second cookie domain should be read from environment") + } + + os.Unsetenv("COOKIE_DOMAIN") +} + +func TestConfigParseScopeFromEnvironment(t *testing.T) { + assert := assert.New(t) + os.Setenv("SCOPE", "openid email") + c, err := NewConfig([]string{}) + assert.Nil(err) + + assert.Equal([]string{"openid", "email"}, c.Scope, "scope array should be populated") + + os.Unsetenv("SCOPE") +} + func TestConfigTransformation(t *testing.T) { assert := assert.New(t) c, err := NewConfig([]string{ diff --git a/internal/handlers/server.go b/internal/handlers/server.go index d3f4cc1..3dac805 100644 --- a/internal/handlers/server.go +++ b/internal/handlers/server.go @@ -284,8 +284,8 @@ func (s *Server) AuthCallbackHandler() http.HandlerFunc { // Mapping scope var scope []string - if s.config.Scope != "" { - scope = []string{s.config.Scope} + if len(s.config.Scope) > 0 { + scope = s.config.Scope } else { scope = []string{oidc.ScopeOpenID, "profile", "email", "groups"} } @@ -442,8 +442,8 @@ func (s *Server) authRedirect(logger *logrus.Entry, w http.ResponseWriter, r *ht // Mapping scope var scope []string - if s.config.Scope != "" { - scope = []string{s.config.Scope} + if len(s.config.Scope) > 0 { + scope = s.config.Scope } else { scope = []string{oidc.ScopeOpenID, "profile", "email", "groups"} }