authenticate: use gRPC for service endpoints (#39)

* authenticate: set cookie secure as default. * authenticate: remove single flight provider. * authenticate/providers: Rename “ProviderData” to “IdentityProvider” * authenticate/providers: Fixed an issue where scopes were not being overwritten * proxy/authenticate : http client code removed. * proxy: standardized session variable names between services. * docs: change basic docker-config to be an “all-in-one” example with no nginx load. * docs: nginx balanced docker compose example with intra-ingress settings. * license: attribution for adaptation of goji’s middleware pattern.
2025-05-09 23:27:43 +02:00 · 2019-02-08 10:10:38 -08:00 · 2019-02-08 10:10:38 -08:00 · c886b924e7
commit c886b924e7
parent 9ca3ff4fa2
54 changed files with 2184 additions and 1463 deletions
--- a/proxy/proxy_test.go
+++ b/proxy/proxy_test.go
@ -11,10 +11,9 @@ import (
 	"testing"
 )

-func init() {
-	os.Clearenv()
-}
 func TestOptionsFromEnvConfig(t *testing.T) {
+	os.Clearenv()
+
 	tests := []struct {
 		name     string
 		want     *Options
@ -23,9 +22,9 @@ func TestOptionsFromEnvConfig(t *testing.T) {
 		wantErr  bool
 	}{
 		{"good default, no env settings", defaultOptions, "", "", false},
-		{"bad url", nil, "AUTHENTICATE_SERVICE_URL", "%.rjlw", true},
-		{"good duration", defaultOptions, "SESSION_VALID_TTL", "1m", false},
-		{"bad duration", nil, "SESSION_VALID_TTL", "1sm", true},
+		{"bad url", nil, "AUTHENTICATE_SERVICE_URL", "%.ugly", true},
+		{"good duration", defaultOptions, "COOKIE_REFRESH", "1m", false},
+		{"bad duration", nil, "COOKIE_REFRESH", "1sm", true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@ -46,6 +45,8 @@ func TestOptionsFromEnvConfig(t *testing.T) {
 }

 func Test_urlParse(t *testing.T) {
+	os.Clearenv()
+
 	tests := []struct {
 		name    string
 		uri     string
@ -131,10 +132,10 @@ func TestNewReverseProxyHandler(t *testing.T) {
 func testOptions() *Options {
 	authurl, _ := url.Parse("https://sso-auth.corp.beyondperimeter.com")
 	return &Options{
-		Routes:                 map[string]string{"corp.example.com": "example.com"},
-		AuthenticateServiceURL: authurl,
-		SharedKey:              "80ldlrU2d7w+wVpKNfevk6fmb8otEx6CqOfshj2LwhQ=",
-		CookieSecret:           "OromP1gurwGWjQPYb1nNgSxtbVB5NnLzX6z5WOKr0Yw=",
+		Routes:          map[string]string{"corp.example.com": "example.com"},
+		AuthenticateURL: authurl,
+		SharedKey:       "80ldlrU2d7w+wVpKNfevk6fmb8otEx6CqOfshj2LwhQ=",
+		CookieSecret:    "OromP1gurwGWjQPYb1nNgSxtbVB5NnLzX6z5WOKr0Yw=",
 	}
 }

@ -145,10 +146,10 @@ func TestOptions_Validate(t *testing.T) {
 	badToRoute := testOptions()
 	badToRoute.Routes = map[string]string{"^": "example.com"}
 	badAuthURL := testOptions()
-	badAuthURL.AuthenticateServiceURL = nil
+	badAuthURL.AuthenticateURL = nil
 	authurl, _ := url.Parse("http://sso-auth.corp.beyondperimeter.com")
 	httpAuthURL := testOptions()
-	httpAuthURL.AuthenticateServiceURL = authurl
+	httpAuthURL.AuthenticateURL = authurl
 	emptyCookieSecret := testOptions()
 	emptyCookieSecret.CookieSecret = ""
 	invalidCookieSecret := testOptions()