Skip to content

Commit

Permalink
runtime: removing oauth_use_standard_max_age_value (envoyproxy#34687)
Browse files Browse the repository at this point in the history
Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Neal Soni <[email protected]>
  • Loading branch information
alyssawilk authored and Nealsoni00 committed Jun 18, 2024
1 parent a33a26a commit cf3188c
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 47 deletions.
3 changes: 3 additions & 0 deletions changelogs/current.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,9 @@ removed_config_or_runtime:
- area: tls
change: |
Removed ``envoy.reloadable_features.enable_intermediate_ca`` runtime flag and lagacy code paths.
- area: oauth
change: |
Removed ``envoy.reloadable_features.oauth_use_standard_max_age_value`` runtime flag and lagacy code paths.
- area: http
change: |
Removed ``envoy.reloadable_features.use_cluster_cache_for_alt_protocols_filter`` runtime flag and lagacy code paths.
Expand Down
1 change: 0 additions & 1 deletion source/common/runtime/runtime_features.cc
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,6 @@ RUNTIME_GUARD(envoy_reloadable_features_immediate_response_use_filter_mutation_r
RUNTIME_GUARD(envoy_reloadable_features_no_downgrade_to_canonical_name);
RUNTIME_GUARD(envoy_reloadable_features_no_extension_lookup_by_name);
RUNTIME_GUARD(envoy_reloadable_features_normalize_host_for_preresolve_dfp_dns);
RUNTIME_GUARD(envoy_reloadable_features_oauth_use_standard_max_age_value);
RUNTIME_GUARD(envoy_reloadable_features_oauth_use_url_encoding);
RUNTIME_GUARD(envoy_reloadable_features_original_dst_rely_on_idle_timeout);
RUNTIME_GUARD(envoy_reloadable_features_proxy_status_mapping_more_core_response_flags);
Expand Down
7 changes: 1 addition & 6 deletions source/extensions/filters/http/oauth2/filter.cc
Original file line number Diff line number Diff line change
Expand Up @@ -670,12 +670,7 @@ void OAuth2Filter::onRefreshAccessTokenFailure() {
void OAuth2Filter::addResponseCookies(Http::ResponseHeaderMap& headers,
const std::string& encoded_token) const {
std::string max_age;
if (Runtime::runtimeFeatureEnabled(
"envoy.reloadable_features.oauth_use_standard_max_age_value")) {
max_age = expires_in_;
} else {
max_age = new_expires_;
}
max_age = expires_in_;

// We use HTTP Only cookies.
const std::string cookie_tail_http_only = fmt::format(CookieTailHttpOnlyFormatString, max_age);
Expand Down
40 changes: 0 additions & 40 deletions test/extensions/filters/http/oauth2/filter_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1793,46 +1793,6 @@ TEST_F(OAuth2Test, OAuthAccessTokenSucessWithTokensUseRefreshTokenAndNoExpClaimI
std::chrono::seconds(600));
}

TEST_F(OAuth2Test, OAuthAccessTokenSucessWithTokens_oauth_use_standard_max_age_value) {
TestScopedRuntime scoped_runtime;
scoped_runtime.mergeValues({
{"envoy.reloadable_features.oauth_use_standard_max_age_value", "false"},
});

oauthHMAC = "/Dcdntz/d3PMuU4EQ4qdmxFRa3SSDds1OIoLN4TfnoM=;";

// Set SystemTime to a fixed point so we get consistent HMAC encodings between test runs.
test_time_.setSystemTime(SystemTime(std::chrono::seconds(0)));

// host_ must be set, which is guaranteed (ASAN).
Http::TestRequestHeaderMapImpl request_headers{
{Http::Headers::get().Host.get(), "traffic.example.com"},
{Http::Headers::get().Path.get(), "/_signout"},
{Http::Headers::get().Method.get(), Http::Headers::get().MethodValues.Get},
};
filter_->decodeHeaders(request_headers, false);

// Expected response after the callback is complete.
Http::TestRequestHeaderMapImpl expected_headers{
{Http::Headers::get().Status.get(), "302"},
{Http::Headers::get().SetCookie.get(),
"OauthHMAC=" + oauthHMAC + "path=/;Max-Age=600;secure;HttpOnly"},
{Http::Headers::get().SetCookie.get(), "OauthExpires=600;path=/;Max-Age=600;secure;HttpOnly"},
{Http::Headers::get().SetCookie.get(),
"BearerToken=access_code;path=/;Max-Age=600;secure;HttpOnly"},
{Http::Headers::get().SetCookie.get(),
"IdToken=some-id-token;path=/;Max-Age=600;secure;HttpOnly"},
{Http::Headers::get().SetCookie.get(),
"RefreshToken=some-refresh-token;path=/;Max-Age=600;secure;HttpOnly"},
{Http::Headers::get().Location.get(), ""},
};

EXPECT_CALL(decoder_callbacks_, encodeHeaders_(HeaderMapEqualRef(&expected_headers), true));

filter_->onGetAccessTokenSuccess("access_code", "some-id-token", "some-refresh-token",
std::chrono::seconds(600));
}

TEST_F(OAuth2Test, OAuthBearerTokenFlowFromHeader) {
Http::TestRequestHeaderMapImpl request_headers{
{Http::Headers::get().Path.get(), "/test?role=bearer"},
Expand Down

0 comments on commit cf3188c

Please sign in to comment.