rabbitmq-server

Commit Graph

Author	SHA1	Message	Date
Marcial Rosales	1d942027a9	Add system test for variable expansion	2025-05-29 09:02:29 +02:00
Michael Klishin	968eefa1bb	Bump (c) line year There are no functional changes to this massive diff.	2025-01-01 17:54:10 -05:00
Diana Parra Corbacho	bdaa31e7ea	Tests: catch exception on connection closed The tests force closing the connection with an error	2024-12-16 11:58:05 +01:00
Marcial Rosales	3718fe3289	Prevent change of username on token refresh	2024-11-27 10:41:28 +01:00
David Ansari	1778bc22aa	Support AMQP 1.0 token renewal Closes #9259. ## What? Allow an AMQP 1.0 client to renew an OAuth 2.0 token before it expires. ## Why? This allows clients to keep the AMQP connection open instead of having to create a new connection whenever the token expires. ## How? As explained in https://github.com/rabbitmq/rabbitmq-server/issues/9259#issuecomment-2437602040 the client can `PUT` a new token on HTTP API v2 path `/auth/tokens`. RabbitMQ will then: 1. Store the new token on the given connection. 2. Recheck access to the connection's vhost. 3. Clear all permission caches in the AMQP sessions. 4. Recheck write permissions to exchanges for links publishing to RabbitMQ, and recheck read permissions from queues for links consuming from RabbitMQ. The latter complies with the user expectation in #11364.	2024-10-30 10:42:40 +01:00
David Ansari	0397035669	Add test for AMQP 1.0 clients using OAuth token	2024-07-31 12:05:22 +02:00
David Ansari	7fb78338c6	Disconnect MQTT client when its credential expires Fixes https://github.com/rabbitmq/rabbitmq-server/discussions/11854 Fixes https://github.com/rabbitmq/rabbitmq-server/issues/11862 This commit uses the same approach as implemented for AMQP 1.0 and Streams: When a token expires, RabbitMQ will close the connection.	2024-07-30 19:55:46 +02:00
Marcial Rosales	f292114256	Fix formatting issues	2024-02-10 20:12:14 +01:00
Marcial Rosales	d827b72ce1	Create Oauth2 client	2024-02-10 20:12:04 +01:00
Michael Klishin	01092ff31f	(c) year bumps	2024-01-01 22:02:20 -05:00
Michael Klishin	1b642353ca	Update (c) according to [1] 1. https://investors.broadcom.com/news-releases/news-release-details/broadcom-and-vmware-intend-close-transaction-november-22-2023	2023-11-21 23:18:22 -05:00
David Ansari	2d0826c335	Add OAuth 2.0 MQTT system test Add a test that rabbitmq_auth_backend_oauth2 works with MQTT. See https://github.com/rabbitmq/rabbitmq-oauth2-tutorial#mqtt-protocol	2023-02-03 14:08:51 +00:00
Michael Klishin	ec4f1dba7d	(c) year bump: 2022 => 2023	2023-01-01 23:17:36 -05:00
Michael Klishin	877f03082a	OAuth 2: use a separate system suite group for RAR	2022-08-23 12:59:59 +04:00
Marcial Rosales	d69781a7ef	Support rich authorization request spec	2022-08-22 16:16:11 +04:00
Michael Klishin	38c5683377	OAuth 2: more tests in follow-up to #4588	2022-04-27 21:51:16 +04:00
Michael Klishin	e3aade2a93	OAuth 2: one more test case	2022-04-22 12:09:50 +04:00
Michael Klishin	85c8c3e10f	OAuth 2: integration tests for missing/incorrect scope aliases	2022-04-22 11:45:20 +04:00
Michael Klishin	ba3d2a4b11	OAuth 2: one more integration test for scope aliases	2022-04-22 11:26:47 +04:00
Michael Klishin	54710ed3d0	OAuth 2: system suite refactoring	2022-04-22 11:01:44 +04:00
Michael Klishin	878b1e0bad	OAuth 2: extract token refresh tests into a separate group	2022-04-22 10:39:57 +04:00
Michael Klishin	0a5f103bc5	OAuth 2: integration suite cosmetics	2022-04-22 10:17:33 +04:00
Michael Klishin	ebbba4c992	OAuth 2: extract complex claim integration tests in a separate group	2022-04-22 09:50:14 +04:00
Michael Klishin	efe78133c9	OAuth 2: add an integration test for scope aliases	2022-04-22 01:31:22 +04:00
Michael Klishin	c38a3d697d	Bump (c) year	2022-03-21 01:21:56 +04:00
Michael Klishin	ab795c1232	OAuth 2 system_SUITE: squash some erlc warnings	2021-06-10 15:48:33 +03:00
Michael Klishin	52479099ec	Bump (c) year	2021-01-22 09:00:14 +03:00
dcorbacho	f0d39cb4e2	Switch to Mozilla Public License 2.0 (MPL 2.0)	2020-07-10 20:27:35 +01:00
Jean-Sébastien Pédron	7dcc11cdfd	Update copyright (year 2020)	2020-03-10 16:05:48 +01:00
Michael Klishin	e4870b9c70	(c) bump	2019-12-29 05:50:24 +03:00
Arnaud Cogoluègnes	cb3fe65a07	Polish extra scopes source tests Set up environment in init/end test functions, change some scopes in test to make assertion more obvious. References #41	2019-12-05 14:10:21 +01:00
Michael Klishin	d9073fba8d	Make this code less unorthodox, take 2 Also improves naming a bit.	2019-12-05 10:28:37 +03:00
Michal Papuga	9a230b0aeb	Resolve PR comments - rename variables.	2019-12-05 05:29:12 +01:00
Michal Papuga	3a04670a45	Implement support for gathering scopes from predefined JWT section and combine them with existing ones in post_process_payload () method. Create unit_SUITE and system_SUITE test cases.	2019-12-04 19:14:08 +01:00
Arnaud Cogoluègnes	f3405e46fa	Support Keycloak token format in post-processing Scopes from the "authorization" field are extracted and replace the value of the "scope" key in the parsed and processed token. Fixes #37	2019-08-21 10:34:20 +02:00
Arnaud Cogoluègnes	49f1b6b043	Support simple strings in aud and scope fields Simple strings are supported, strings with spaces are split into arrays. The strings are split upfront, the Erlang representation of the token does not change, to avoid impacts in the code downstream. Fixes #24	2019-07-12 09:45:02 +02:00
Arnaud Cogoluègnes	ae8b61a8aa	Check token expiration on authentication	2019-07-02 15:27:13 +02:00
Michael Klishin	fdb4693083	Integration suite: don't attempt to close channels on a closing connection	2019-07-02 13:20:36 +02:00
Michael Klishin	16f7328986	Integration suite: correctly compute expiration it should be in seconds.	2019-07-02 12:15:17 +02:00
Michael Klishin	d44e4bce59	Integration tests for JWT token/secret updates; improved error reporting	2019-07-01 21:20:57 +02:00
Michael Klishin	8a8bda0369	More OAuth 2 token refresh tests (WIP)	2019-07-01 16:48:53 +02:00
Michael Klishin	369e4158c1	Assert on operations on both new and existing channels Per suggestion from @acogoluegnes.	2019-06-29 00:28:05 +02:00
Michael Klishin	4a4f81c374	Token refresh integration tests Depend on recent updates in the Erlang client.	2019-06-28 18:44:33 +02:00
Spring Operator	8cb7b00642	URL Cleanup This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener). # HTTP URLs that Could Not Be Fixed These URLs were unable to be fixed. Please review them to see if they can be manually resolved. * http://blog.listincomprehension.com/search/label/procket (200) with 1 occurrences could not be migrated: ([https](https://blog.listincomprehension.com/search/label/procket) result ClosedChannelException). * http://dozzie.jarowit.net/trac/wiki/TOML (200) with 1 occurrences could not be migrated: ([https](https://dozzie.jarowit.net/trac/wiki/TOML) result SSLHandshakeException). * http://dozzie.jarowit.net/trac/wiki/subproc (200) with 1 occurrences could not be migrated: ([https](https://dozzie.jarowit.net/trac/wiki/subproc) result SSLHandshakeException). * http://e2project.org (200) with 1 occurrences could not be migrated: ([https](https://e2project.org) result AnnotatedConnectException). * http://nitrogenproject.com/ (200) with 2 occurrences could not be migrated: ([https](https://nitrogenproject.com/) result ConnectTimeoutException). * http://proper.softlab.ntua.gr (200) with 1 occurrences could not be migrated: ([https](https://proper.softlab.ntua.gr) result SSLHandshakeException). * http://yaws.hyber.org (200) with 1 occurrences could not be migrated: ([https](https://yaws.hyber.org) result AnnotatedConnectException). * http://choven.ca (503) with 1 occurrences could not be migrated: ([https](https://choven.ca) result ConnectTimeoutException). # Fixed URLs ## Fixed But Review Recommended These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended. * http://fixprotocol.org/ (301) with 1 occurrences migrated to: https://fixtrading.org ([https](https://fixprotocol.org/) result SSLHandshakeException). * http://erldb.org (UnknownHostException) with 1 occurrences migrated to: https://erldb.org ([https](https://erldb.org) result UnknownHostException). ## Fixed Success These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended. * http://cloudi.org/ with 27 occurrences migrated to: https://cloudi.org/ ([https](https://cloudi.org/) result 200). * http://erlware.org/ with 1 occurrences migrated to: https://erlware.org/ ([https](https://erlware.org/) result 200). * http://inaka.github.io/cowboy-trails/ with 1 occurrences migrated to: https://inaka.github.io/cowboy-trails/ ([https](https://inaka.github.io/cowboy-trails/) result 200). * http://ninenines.eu with 6 occurrences migrated to: https://ninenines.eu ([https](https://ninenines.eu) result 200). * http://www.actordb.com/ with 2 occurrences migrated to: https://www.actordb.com/ ([https](https://www.actordb.com/) result 200). * http://www.cs.kent.ac.uk/projects/wrangler/Home.html with 1 occurrences migrated to: https://www.cs.kent.ac.uk/projects/wrangler/Home.html ([https](https://www.cs.kent.ac.uk/projects/wrangler/Home.html) result 200). * http://www.rabbitmq.com/access-control.html with 2 occurrences migrated to: https://www.rabbitmq.com/access-control.html ([https](https://www.rabbitmq.com/access-control.html) result 200). * http://www.rabbitmq.com/configure.html with 1 occurrences migrated to: https://www.rabbitmq.com/configure.html ([https](https://www.rabbitmq.com/configure.html) result 200). * http://www.rebar3.org with 1 occurrences migrated to: https://www.rebar3.org ([https](https://www.rebar3.org) result 200). * http://inaka.github.com/apns4erl with 1 occurrences migrated to: https://inaka.github.com/apns4erl ([https](https://inaka.github.com/apns4erl) result 301). * http://inaka.github.com/edis/ with 1 occurrences migrated to: https://inaka.github.com/edis/ ([https](https://inaka.github.com/edis/) result 301). * http://lasp-lang.org/ with 1 occurrences migrated to: https://lasp-lang.org/ ([https](https://lasp-lang.org/) result 301). * http://saleyn.github.com/erlexec with 1 occurrences migrated to: https://saleyn.github.com/erlexec ([https](https://saleyn.github.com/erlexec) result 301). * http://www.mozilla.org/MPL/ with 6 occurrences migrated to: https://www.mozilla.org/MPL/ ([https](https://www.mozilla.org/MPL/) result 301). * http://zhongwencool.github.io/observer_cli with 1 occurrences migrated to: https://zhongwencool.github.io/observer_cli ([https](https://zhongwencool.github.io/observer_cli) result 301). # Ignored These URLs were intentionally ignored. * http://localhost:8080/uaa/oauth/token with 1 occurrences	2019-03-20 03:11:57 -05:00
Luke Bakken	0e19df0ce4	Rename uaa_jwt app env setting to key_config See this comment for context: https://github.com/rabbitmq/rabbitmq-auth-backend-oauth2/pull/18#issuecomment-409016622	2018-07-31 15:51:20 -07:00
Luke Bakken	4bd726b5d4	uaa_jwt is no longer a separate application In order for uaa_jwt settings to be populated by config files, they have to be part of a defined and running application. This PR adds support for a uaa_jwt sub-key of the main rabbitmq_auth_backend_oauth2 env key.	2018-07-20 15:25:09 -07:00
Michael Klishin	f0178d7729	rabbitmq_auth_backend_uaa => rabbitmq_auth_backend_oauth2 "OAuth 2" is many things but it's still more descriptive, open-ended and easier to find than "uaa" (too tool-specific) or "jwt" (too narrow, not known widely enough). Per discussion with @hairyhum @kjnilsson.	2018-07-19 22:20:57 +03:00
Michael Klishin	6618c21b1f	More integration tests [#158782152] [#158782156]	2018-07-19 14:40:18 +03:00
Michael Klishin	2d52dda042	More integration tests [#158782152] [#158782156]	2018-07-18 18:25:10 +03:00
Michael Klishin	821f54c92a	More integration tests [#158782152] [#158782156]	2018-07-18 18:15:50 +03:00

1 2

51 Commits