Skip to content
This repository has been archived by the owner on Dec 7, 2020. It is now read-only.

Commit

Permalink
FIXES:
Browse files Browse the repository at this point in the history
 * Fixes a bug in authentication, which permitted double slashed url entry [#PR200](#200)

FEATURES:
 * Grabbing the revocation-url from the idp config if user override is not specified [#PR193](#193)
  • Loading branch information
gambol99 committed Mar 17, 2017
1 parent 0baa898 commit 73eb2c2
Show file tree
Hide file tree
Showing 5 changed files with 72 additions and 1 deletion.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@

#### **2.0.4**

FIXES:
* Fixes a bug in authentication, which permitted double slashed url entry [#PR200](https://github.com/gambol99/keycloak-proxy/pull/200)

FEATURES:
* Grabbing the revocation-url from the idp config if user override is not specified [#PR193](https://github.com/gambol99/keycloak-proxy/pull/193)

Expand Down
2 changes: 1 addition & 1 deletion doc.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import (
)

var (
release = "v2.0.3"
release = "v2.0.4"
gitsha = "no gitsha provided"
version = release + " (git+sha: " + gitsha + ")"
)
Expand Down
17 changes: 17 additions & 0 deletions middleware.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ limitations under the License.
package main

import (
"bytes"
"fmt"
"regexp"
"strings"
Expand All @@ -33,6 +34,22 @@ const (
cxEnforce = "Enforcing"
)

// filterMiddleware is custom filtering for incoming requests
func (r *oauthProxy) filterMiddleware() gin.HandlerFunc {
return func(cx *gin.Context) {
var p rune
var b bytes.Buffer
for _, c := range cx.Request.URL.Path {
if c == '/' && p == '/' {
continue
}
p = c
b.WriteRune(c)
}
cx.Request.URL.Path = b.String()
}
}

// loggingMiddleware is a custom http logger
func (r *oauthProxy) loggingMiddleware() gin.HandlerFunc {
return func(cx *gin.Context) {
Expand Down
48 changes: 48 additions & 0 deletions middleware_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,54 @@ func TestRolePermissionsMiddleware(t *testing.T) {
Redirects: true,
Expects: http.StatusOK,
},
{ // check for escaping
URI: "//admin%2Ftest",
Redirects: true,
Expects: http.StatusTemporaryRedirect,
},
{ // check for escaping
URI: "/admin%2Ftest",
Redirects: true,
Expects: http.StatusTemporaryRedirect,
},
{ // check for prefix slashs
URI: "//admin/test",
Redirects: true,
Expects: http.StatusTemporaryRedirect,
},
{ // check for prefix slashs
URI: "/admin//test",
Redirects: true,
Expects: http.StatusTemporaryRedirect,
},
{ // check for prefix slashs
URI: "/admin//test",
Redirects: false,
HasToken: true,
Expects: http.StatusForbidden,
},
{ // check for dodgy url
URI: "//admin/../admin/test",
Redirects: true,
Expects: http.StatusTemporaryRedirect,
},
{ // check for dodgy url
URI: "/help/../admin/test",
Redirects: true,
Expects: http.StatusTemporaryRedirect,
},
{ // check for it works
URI: "//admin/test",
HasToken: true,
Roles: []string{fakeAdminRole},
Expects: http.StatusOK,
},
{ // check for it works
URI: "//admin//test",
HasToken: true,
Roles: []string{fakeAdminRole},
Expects: http.StatusOK,
},
{ // check with a token
URI: "/",
Redirects: false,
Expand Down
3 changes: 3 additions & 0 deletions server.go
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,9 @@ func (r *oauthProxy) createReverseProxy() error {
// step: create the gin router
engine := gin.New()
engine.Use(gin.Recovery())
// step: remove the slashs
engine.Use(r.filterMiddleware())

// step: is profiling enabled?
if r.config.EnableProfiling {
log.Warn("Enabling the debug profiling on /debug/pprof")
Expand Down

0 comments on commit 73eb2c2

Please sign in to comment.