ae8b61a8aa
Check token expiration on authentication
2019-07-02 15:27:13 +02:00
fdb4693083
Integration suite: don't attempt to close channels on a closing connection
2019-07-02 13:20:36 +02:00
16f7328986
Integration suite: correctly compute expiration
...
it should be in seconds.
2019-07-02 12:15:17 +02:00
d44e4bce59
Integration tests for JWT token/secret updates; improved error reporting
2019-07-01 21:20:57 +02:00
8a8bda0369
More OAuth 2 token refresh tests (WIP)
2019-07-01 16:48:53 +02:00
961b8d0c55
Merge branch 'master' into oauth2-credential-expiration-support
2019-07-01 11:43:38 +02:00
907624372d
Update rabbitmq-components.mk
2019-07-01 11:36:34 +02:00
d9a0ddd6bd
Update erlang.mk
2019-07-01 11:36:17 +02:00
369e4158c1
Assert on operations on both new and existing channels
...
Per suggestion from @acogoluegnes.
2019-06-29 00:28:05 +02:00
4a4f81c374
Token refresh integration tests
...
Depend on recent updates in the Erlang client.
2019-06-28 18:44:33 +02:00
e80c125f0b
Implement secret (token) update
2019-06-27 22:08:18 +02:00
975e2bf177
Extract a constant
2019-06-27 16:04:58 +02:00
7e0ebb0fb1
Extract a constant
2019-06-27 16:04:34 +02:00
810b583015
Wording
2019-06-27 16:04:21 +02:00
1bc504d297
Token/state renewal stub
2019-06-27 11:19:33 +02:00
4b25eda38a
Mention arguments to change token validity for client
...
In demo.
2019-06-19 09:49:21 +02:00
4f9a4f0ac2
Add protocol-specific context
...
Just an update of check_resource_access/3 to check_resource_access/4,
the OAuth has no use of protocol-specific data for now.
References rabbitmq/rabbitmq-server#1767
2019-06-04 14:50:59 +02:00
0e81115336
Update environment variable to configure uaa
...
CLOUD_FOUNDRY_CONFIG_PATH became CLOUDFOUNDRY_CONFIG_PATH in uaa 4.31.
2019-06-04 11:41:47 +02:00
001752d4ec
Install cf-uaac gem, not uaac
2019-06-04 11:05:24 +02:00
8cb7b00642
URL Cleanup
...
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).
# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.
* http://blog.listincomprehension.com/search/label/procket (200) with 1 occurrences could not be migrated:
([https](https://blog.listincomprehension.com/search/label/procket ) result ClosedChannelException).
* http://dozzie.jarowit.net/trac/wiki/TOML (200) with 1 occurrences could not be migrated:
([https](https://dozzie.jarowit.net/trac/wiki/TOML ) result SSLHandshakeException).
* http://dozzie.jarowit.net/trac/wiki/subproc (200) with 1 occurrences could not be migrated:
([https](https://dozzie.jarowit.net/trac/wiki/subproc ) result SSLHandshakeException).
* http://e2project.org (200) with 1 occurrences could not be migrated:
([https](https://e2project.org ) result AnnotatedConnectException).
* http://nitrogenproject.com/ (200) with 2 occurrences could not be migrated:
([https](https://nitrogenproject.com/ ) result ConnectTimeoutException).
* http://proper.softlab.ntua.gr (200) with 1 occurrences could not be migrated:
([https](https://proper.softlab.ntua.gr ) result SSLHandshakeException).
* http://yaws.hyber.org (200) with 1 occurrences could not be migrated:
([https](https://yaws.hyber.org ) result AnnotatedConnectException).
* http://choven.ca (503) with 1 occurrences could not be migrated:
([https](https://choven.ca ) result ConnectTimeoutException).
# Fixed URLs
## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.
* http://fixprotocol.org/ (301) with 1 occurrences migrated to:
https://fixtrading.org ([https](https://fixprotocol.org/ ) result SSLHandshakeException).
* http://erldb.org (UnknownHostException) with 1 occurrences migrated to:
https://erldb.org ([https](https://erldb.org ) result UnknownHostException).
## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.
* http://cloudi.org/ with 27 occurrences migrated to:
https://cloudi.org/ ([https](https://cloudi.org/ ) result 200).
* http://erlware.org/ with 1 occurrences migrated to:
https://erlware.org/ ([https](https://erlware.org/ ) result 200).
* http://inaka.github.io/cowboy-trails/ with 1 occurrences migrated to:
https://inaka.github.io/cowboy-trails/ ([https](https://inaka.github.io/cowboy-trails/ ) result 200).
* http://ninenines.eu with 6 occurrences migrated to:
https://ninenines.eu ([https](https://ninenines.eu ) result 200).
* http://www.actordb.com/ with 2 occurrences migrated to:
https://www.actordb.com/ ([https](https://www.actordb.com/ ) result 200).
* http://www.cs.kent.ac.uk/projects/wrangler/Home.html with 1 occurrences migrated to:
https://www.cs.kent.ac.uk/projects/wrangler/Home.html ([https](https://www.cs.kent.ac.uk/projects/wrangler/Home.html ) result 200).
* http://www.rabbitmq.com/access-control.html with 2 occurrences migrated to:
https://www.rabbitmq.com/access-control.html ([https](https://www.rabbitmq.com/access-control.html ) result 200).
* http://www.rabbitmq.com/configure.html with 1 occurrences migrated to:
https://www.rabbitmq.com/configure.html ([https](https://www.rabbitmq.com/configure.html ) result 200).
* http://www.rebar3.org with 1 occurrences migrated to:
https://www.rebar3.org ([https](https://www.rebar3.org ) result 200).
* http://inaka.github.com/apns4erl with 1 occurrences migrated to:
https://inaka.github.com/apns4erl ([https](https://inaka.github.com/apns4erl ) result 301).
* http://inaka.github.com/edis/ with 1 occurrences migrated to:
https://inaka.github.com/edis/ ([https](https://inaka.github.com/edis/ ) result 301).
* http://lasp-lang.org/ with 1 occurrences migrated to:
https://lasp-lang.org/ ([https](https://lasp-lang.org/ ) result 301).
* http://saleyn.github.com/erlexec with 1 occurrences migrated to:
https://saleyn.github.com/erlexec ([https](https://saleyn.github.com/erlexec ) result 301).
* http://www.mozilla.org/MPL/ with 6 occurrences migrated to:
https://www.mozilla.org/MPL/ ([https](https://www.mozilla.org/MPL/ ) result 301).
* http://zhongwencool.github.io/observer_cli with 1 occurrences migrated to:
https://zhongwencool.github.io/observer_cli ([https](https://zhongwencool.github.io/observer_cli ) result 301).
# Ignored
These URLs were intentionally ignored.
* http://localhost:8080/uaa/oauth/token with 1 occurrences
2019-03-20 03:11:57 -05:00
7764533d05
Sync erlang.mk from rabbitmq-common
2019-02-12 07:44:11 +03:00
a4b2dd775b
Sync rabbitmq-components.mk from rabbitmq-common
2019-02-12 07:43:54 +03:00
40410e5c01
spelling: exactly
...
(cherry picked from commit f5af5a4cb42c90147849dcc2e2b3705248fdd801)
2019-02-12 07:42:14 +03:00
414cff848a
spelling: following
...
(cherry picked from commit 9e9d347f5b59a21fd4f0c1a1c64ffc2fcf7481c2)
2019-02-12 07:41:41 +03:00
f23aa08e31
Since we install Erlang, use generic language
2018-08-01 07:49:53 -07:00
58d489fc09
Ignore elixir error
2018-08-01 07:47:43 -07:00
560a8cb99a
Add Travis CI build status to README.md
2018-08-01 07:43:40 -07:00
677cf48fba
Update Travis CI configuration
2018-08-01 07:42:42 -07:00
dfc9313717
Merge pull request #19 from rabbitmq/lrb-rename-uaa_jwt
...
Rename uaa_jwt app env setting to key_config
2018-08-01 03:12:18 +03:00
0e19df0ce4
Rename uaa_jwt app env setting to key_config
...
See this comment for context:
https://github.com/rabbitmq/rabbitmq-auth-backend-oauth2/pull/18#issuecomment-409016622
2018-07-31 15:51:20 -07:00
499d20a421
Fix typos in readme
2018-07-26 15:57:09 +02:00
3b61d8de4f
Fix typo
2018-07-25 16:33:09 +02:00
4a27ed2fdd
Add internal backend to symmetric_keys rmq config
2018-07-20 16:46:42 -07:00
30490995d9
Add missing rabbitmq_ct_client_helpers dependency needed by system_SUITE.erl
2018-07-20 15:29:15 -07:00
4bd726b5d4
uaa_jwt is no longer a separate application
...
In order for uaa_jwt settings to be populated by config files, they have to be part of a defined and running application. This PR adds support for a uaa_jwt sub-key of the main rabbitmq_auth_backend_oauth2 env key.
2018-07-20 15:25:09 -07:00
94238369b6
Auth backend module rename
2018-07-20 13:23:05 -07:00
613e35be64
Miscellaneous build and doc fixes
...
* Update erlang.mk to resolve S3 bucket issue
* Update README to indicate that tokens need to be in the password field when clients log in
2018-07-19 15:44:37 -07:00
9846147cfc
README edits and line ending conversion
2018-07-20 00:10:41 +03:00
f0178d7729
rabbitmq_auth_backend_uaa => rabbitmq_auth_backend_oauth2
...
"OAuth 2" is many things but it's still more descriptive, open-ended and easier
to find than "uaa" (too tool-specific) or "jwt" (too narrow, not known widely enough).
Per discussion with @hairyhum @kjnilsson.
2018-07-19 22:20:57 +03:00
5b002c5eab
Fold uaa_jwt into this plugin
...
Per discussion with @hairyhum.
2018-07-19 19:22:47 +03:00
f582760664
Add a missing \ to the seed script
2018-07-19 17:57:14 +03:00
6618c21b1f
More integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-19 14:40:18 +03:00
2d52dda042
More integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-18 18:25:10 +03:00
821f54c92a
More integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-18 18:15:50 +03:00
8cc9e4f628
Initial integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-18 02:34:23 +03:00
e3856ffa91
Include tag tests in more cases
...
[#158782152 ]
[#158782156 ]
2018-07-11 02:58:51 +03:00
37366191f2
Extract tags from the provided JWT token
...
Pair: @acogoluegnes.
[#158782152 ]
[#158782156 ]
2018-07-09 18:26:53 +03:00
3ed9d7eeb0
[Re]add tag authorities to the seed script
...
This is the same change as in b183a88cb6#158782152 ]
[#158782156 ]
2018-07-09 09:07:33 +03:00
fcb7a0f9b7
Set access token validity to 24 hours
2018-07-09 08:59:18 +03:00
ae15545881
Revert "Add tag authorities to the seed script"
...
This reverts commit b183a88cb6
2018-07-09 08:51:34 +03:00
ff5fdc0829
Logging, naming
...
[#158782152 ]
[#158782156 ]
2018-07-09 08:51:08 +03:00
915c45390c
Adopt uaa_jwt:client/2 and uaa_jwt:sub/2
...
[#158782152 ]
[#158782156 ]
2018-07-09 07:20:57 +03:00
b183a88cb6
Add tag authorities to the seed script
...
N.B. that commas are treated as separators on the client authority list,
so our original convention for tags, e.g. "rabbitmq.tags:management,policymaker",
won't work with UAA.
[#158782152 ]
[#158782156 ]
2018-07-09 05:46:05 +03:00
e5c84c31fa
Pass decoded token so that effective username is computed from it
...
[#158782152 ]
[#158782156 ]
2018-07-06 17:35:34 +03:00
cb4dfba58a
Expect access token in the password field
...
We cannot pass access tokens in the username since
those are logged and displayed by operator tools.
Per discussion with @acogoluegnes.
[#158782152 ]
[#158782156 ]
2018-07-05 19:50:12 +03:00
54bf34d9c7
Wording
...
[#158782152 ]
[#158782156 ]
2018-07-03 20:02:48 +03:00
435d5c7690
Split the unsuccessful authorization test into 3
...
[#158782152 ]
[#158782156 ]
2018-07-03 20:02:33 +03:00
c4269275db
Convert all suites to use EUnit matchers
...
[#158782152 ]
[#158782156 ]
2018-07-03 17:55:40 +03:00
7a758a2ece
More test massaging, remove debug logging
...
[#158782152 ]
[#158782156 ]
2018-07-03 16:27:58 +03:00
4cc2cfef89
Split and simplify unit tests; naming
2018-07-03 02:15:51 +03:00
085c7e6c71
Sync rabbitmq-components.mk, drop Elixir build system bits
2018-07-03 02:15:43 +03:00
2466897b3c
Add a seed script for development
...
[#157964874 ]
2018-07-02 22:01:12 +03:00
7cf71b01a6
Better errors when validating the decoded token
2018-06-25 15:51:29 +01:00
e69d894462
Fix demo script. Add rabbit_client client to request token.
2018-06-25 15:29:12 +01:00
dbdf2c0e13
Use master branch of uaa_jwt
2018-06-25 10:35:35 +01:00
032be9763b
Use erlang version of uaa_jwt and jose
2018-06-21 17:07:35 +01:00
d8e8819a06
Cosmetics
2017-09-29 17:27:32 +03:00
f9d0f202df
Ditto
2017-09-29 16:18:00 +03:00
43eccbbac9
Use a standard algo name here
2017-09-29 16:17:16 +03:00
346caf6c8a
Make sure "superuser" information is output last
...
It is more likely that the user won't read any of the output and
will copy the last token printed.
2017-09-29 15:53:26 +03:00
445d35860b
Make sure demo/setup.sh doesn't stop on subsequent runs
2017-09-29 15:44:33 +03:00
a45c1126bd
README edits
2017-09-29 14:49:33 +03:00
3c2f056306
Use HTTP to talk to the local UAA
...
It's sufficient for the purposes of this demo script.
2017-09-28 15:16:28 +03:00
298cc94c0d
Make demo/setup.sh executable
2017-09-28 14:58:12 +03:00
cdb142e68a
UAA configuration demo
2017-09-21 09:42:40 +01:00
3ee9e3f218
Correct pem_file key type
2017-09-20 16:44:01 +01:00
973ef5ccef
Add support for pem public key
2017-09-20 16:40:56 +01:00
e645ac65e3
Update rabbitmq-components.mk
2017-09-15 12:13:50 -06:00
b56089f24b
Update readme to mention RabbitMQ version requirement.
2017-09-15 17:44:50 +01:00
b21d8c63c6
Update erlang.mk
2017-08-30 19:35:00 +01:00
df624ffcfa
Update README.md
2017-07-17 20:19:31 +03:00
10ffe94340
Merge branch 'stable'
2017-06-29 23:34:11 +03:00
2dac3f3a5b
Sync rabbitmq-components.mk with common
2017-06-29 23:29:23 +03:00
a3be807c50
Makefile: Use GNU Make functions to set `$(MIX_ERL_LIBS)`
...
This gives a consistent result, as opposed to the shell-based variant
which produces a value which depends on the existing dependencies.
This change plus the new Makefile in `uaa_jwt` make sure that `uaa_jwt`
is found by Erlang, in particular in the testsuite.
2017-02-21 18:02:06 +01:00
560dde1bb2
Scope examples in README
2017-02-17 11:34:57 +00:00
5fdfda0846
Improve tests
2017-02-17 11:33:08 +00:00
b0eaa66f9d
README clarifications
2017-02-17 10:05:54 +00:00
b90da412e9
Add cowlib to DEPS
2017-02-17 09:33:30 +00:00
540f3452c9
Handle json parsing error
2017-02-16 15:58:39 +00:00
7b421e6ae1
Return error instead of error_message to comply with authz_backend API
2017-02-08 16:32:59 +00:00
c71c3eb292
Test token expiration
2017-02-03 13:01:24 +00:00
612c9eeacf
Do not decode token every time permission is checked.
...
Decoded token is saved to `impl`.
When permission is checked, the `exp` field of the token
is compared to system_time and if the token is expired
`{error_message, "Token expired"}` is returned.
2017-02-02 18:31:01 +00:00
24551ef095
Test default key support
2017-02-02 13:09:53 +00:00
a07b4485e6
Test key validation when adding via cli command
2017-02-02 12:25:38 +00:00
78bb2044fb
Test command validation
2017-02-02 11:29:25 +00:00
df197ad5b9
Command to add UAA signing keys
2017-02-01 17:15:10 +00:00
e7222ed218
Makefile: amqp_client is not needed, remove it from DEPS
2017-01-31 17:15:35 +01:00
2758f3f01a
Remove build.config; we use a vanilla erlang.mk
2017-01-31 17:15:01 +01:00
b7a4e4daec
Makefile: Add rabbit_common to BUILD_DEPS
...
It's required for the Erlang.mk plugins.
2017-01-31 12:23:33 +01:00
16c3866d7a
Makefile: Do not depend twice on `rabbit`
...
[#136341089 ]
2017-01-31 11:21:59 +01:00
afb59ddc20
Fix test to represent Jwt decoded extended scope permissions
2017-01-27 11:48:35 +00:00
759d66263b
Decode and verify UAA JWT tokens without connecting to UAA server
...
Fixes #3
Uses rabbitmq/uaa_jwt library to decode a token and verify signature.
Signing keys should be predefined in the uaa_jwt application environment
2017-01-27 11:32:14 +00:00
d696050da3
Wording, grammar
2017-01-27 01:57:30 +03:00
42e401e900
invalid_resource_authorization => resource_server_authentication_failed
...
HTTP 401 response can indicate an authorization failure as well
but let's assume authentication failures will be more common in this
specific case.
2017-01-27 01:51:48 +03:00
88ac9518e2
Wording
2017-01-27 01:47:05 +03:00
0e595fe48f
Wording
2017-01-27 01:39:25 +03:00
269a2729e0
This example doesn't actually seem to be case insensitive
2017-01-27 01:34:53 +03:00
ff88614186
Wording
2017-01-27 01:34:47 +03:00
a53e4d3cb9
Support topic authorization
2017-01-24 17:26:59 +00:00
11cf835d80
Readme for new scopes format
2016-12-20 14:55:53 +00:00
dfc61ec18f
Change scope to permission mapping
2016-12-20 13:13:18 +00:00
a08e081b03
Use erlang 18.3 only in travis
2016-05-17 09:55:50 +01:00
ff84dfae52
Support for custom resource kinds
2016-02-16 12:36:38 +00:00
b5c47a75f6
Resource ID filtering
2016-02-16 12:22:49 +00:00
1aafd86229
Update README.md
2016-01-21 14:30:15 +03:00
ae77becec7
Update README.md
2016-01-21 14:29:02 +03:00
4835e0b3af
Indent
2016-01-20 14:24:06 +00:00
e1a404b005
Workflow info
2016-01-20 14:16:24 +00:00
99279bd10f
Tests
2016-01-20 14:04:14 +00:00
db72e7d9e3
Tesing on working UAA
2016-01-18 18:05:45 +00:00
0109fab275
Resource id. Scopes README
2016-01-15 17:03:31 +00:00
d6888dafb0
wrong arity
2016-01-15 16:51:16 +00:00
f0a5693939
rabbitmq_oauth2_scope from oauth backend
2016-01-15 16:50:25 +00:00
ab2d141885
Update README.md
2016-01-15 15:00:16 +00:00
47da90b652
Init. Make request to /check_token
2016-01-15 14:50:21 +00:00
Arnaud Cogoluègnes
Michael Klishin
Spring Operator
Michael Klishin
Josh Soref
Luke Bakken
Michael Klishin
Daniil Fedotov
Daniil Fedotov
Jean-Sébastien Pédron
kjnilsson