53fc8ebbe0
Make the tests green
...
Fix the snippet and make it more through.
2021-02-22 13:35:30 +01:00
c729e15112
WIP: cuttlefish support for oauth2 plugin
...
No support for symmetric key key options as this would make the
implementation much more complex and shouldn't really be used anyway.
WIP becasue while the code seems to work but tests fail.
2021-02-22 10:33:35 +01:00
543e8aa3a3
Enable jwks_http to run embedded without requiring a separate OTP application
2021-02-18 17:41:54 +01:00
68dd52e577
Move jwks_http modules into the test folder
2021-02-18 17:11:21 +01:00
1a3d68be37
JWKS tests
2021-02-05 11:23:10 +01:00
52479099ec
Bump (c) year
2021-01-22 09:00:14 +03:00
f0d39cb4e2
Switch to Mozilla Public License 2.0 (MPL 2.0)
2020-07-10 20:27:35 +01:00
7dcc11cdfd
Update copyright (year 2020)
2020-03-10 16:05:48 +01:00
28080e1e2c
Log authentication rejection messages
...
Normally when auth fails, we simply log that it failed for a given
username. Since the username is ignored with the auth mechanism,
this does not provide sufficient context for debugging config
errors.
2020-03-09 12:49:48 +01:00
e4870b9c70
(c) bump
2019-12-29 05:50:24 +03:00
cb3fe65a07
Polish extra scopes source tests
...
Set up environment in init/end test functions, change some scopes in
test to make assertion more obvious.
References #41
2019-12-05 14:10:21 +01:00
d9073fba8d
Make this code less unorthodox, take 2
...
Also improves naming a bit.
2019-12-05 10:28:37 +03:00
9a230b0aeb
Resolve PR comments - rename variables.
2019-12-05 05:29:12 +01:00
3a04670a45
Implement support for gathering scopes from predefined JWT section and combine them with existing ones in post_process_payload () method. Create unit_SUITE and system_SUITE test cases.
2019-12-04 19:14:08 +01:00
f3405e46fa
Support Keycloak token format in post-processing
...
Scopes from the "authorization" field are extracted and replace the
value of the "scope" key in the parsed and processed token.
Fixes #37
2019-08-21 10:34:20 +02:00
49f1b6b043
Support simple strings in aud and scope fields
...
Simple strings are supported, strings with spaces are split into arrays.
The strings are split upfront, the Erlang representation of the token
does not change, to avoid impacts in the code downstream.
Fixes #24
2019-07-12 09:45:02 +02:00
ae8b61a8aa
Check token expiration on authentication
2019-07-02 15:27:13 +02:00
fdb4693083
Integration suite: don't attempt to close channels on a closing connection
2019-07-02 13:20:36 +02:00
16f7328986
Integration suite: correctly compute expiration
...
it should be in seconds.
2019-07-02 12:15:17 +02:00
d44e4bce59
Integration tests for JWT token/secret updates; improved error reporting
2019-07-01 21:20:57 +02:00
8a8bda0369
More OAuth 2 token refresh tests (WIP)
2019-07-01 16:48:53 +02:00
369e4158c1
Assert on operations on both new and existing channels
...
Per suggestion from @acogoluegnes.
2019-06-29 00:28:05 +02:00
4a4f81c374
Token refresh integration tests
...
Depend on recent updates in the Erlang client.
2019-06-28 18:44:33 +02:00
4f9a4f0ac2
Add protocol-specific context
...
Just an update of check_resource_access/3 to check_resource_access/4,
the OAuth has no use of protocol-specific data for now.
References rabbitmq/rabbitmq-server#1767
2019-06-04 14:50:59 +02:00
8cb7b00642
URL Cleanup
...
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).
# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.
* http://blog.listincomprehension.com/search/label/procket (200) with 1 occurrences could not be migrated:
([https](https://blog.listincomprehension.com/search/label/procket ) result ClosedChannelException).
* http://dozzie.jarowit.net/trac/wiki/TOML (200) with 1 occurrences could not be migrated:
([https](https://dozzie.jarowit.net/trac/wiki/TOML ) result SSLHandshakeException).
* http://dozzie.jarowit.net/trac/wiki/subproc (200) with 1 occurrences could not be migrated:
([https](https://dozzie.jarowit.net/trac/wiki/subproc ) result SSLHandshakeException).
* http://e2project.org (200) with 1 occurrences could not be migrated:
([https](https://e2project.org ) result AnnotatedConnectException).
* http://nitrogenproject.com/ (200) with 2 occurrences could not be migrated:
([https](https://nitrogenproject.com/ ) result ConnectTimeoutException).
* http://proper.softlab.ntua.gr (200) with 1 occurrences could not be migrated:
([https](https://proper.softlab.ntua.gr ) result SSLHandshakeException).
* http://yaws.hyber.org (200) with 1 occurrences could not be migrated:
([https](https://yaws.hyber.org ) result AnnotatedConnectException).
* http://choven.ca (503) with 1 occurrences could not be migrated:
([https](https://choven.ca ) result ConnectTimeoutException).
# Fixed URLs
## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.
* http://fixprotocol.org/ (301) with 1 occurrences migrated to:
https://fixtrading.org ([https](https://fixprotocol.org/ ) result SSLHandshakeException).
* http://erldb.org (UnknownHostException) with 1 occurrences migrated to:
https://erldb.org ([https](https://erldb.org ) result UnknownHostException).
## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.
* http://cloudi.org/ with 27 occurrences migrated to:
https://cloudi.org/ ([https](https://cloudi.org/ ) result 200).
* http://erlware.org/ with 1 occurrences migrated to:
https://erlware.org/ ([https](https://erlware.org/ ) result 200).
* http://inaka.github.io/cowboy-trails/ with 1 occurrences migrated to:
https://inaka.github.io/cowboy-trails/ ([https](https://inaka.github.io/cowboy-trails/ ) result 200).
* http://ninenines.eu with 6 occurrences migrated to:
https://ninenines.eu ([https](https://ninenines.eu ) result 200).
* http://www.actordb.com/ with 2 occurrences migrated to:
https://www.actordb.com/ ([https](https://www.actordb.com/ ) result 200).
* http://www.cs.kent.ac.uk/projects/wrangler/Home.html with 1 occurrences migrated to:
https://www.cs.kent.ac.uk/projects/wrangler/Home.html ([https](https://www.cs.kent.ac.uk/projects/wrangler/Home.html ) result 200).
* http://www.rabbitmq.com/access-control.html with 2 occurrences migrated to:
https://www.rabbitmq.com/access-control.html ([https](https://www.rabbitmq.com/access-control.html ) result 200).
* http://www.rabbitmq.com/configure.html with 1 occurrences migrated to:
https://www.rabbitmq.com/configure.html ([https](https://www.rabbitmq.com/configure.html ) result 200).
* http://www.rebar3.org with 1 occurrences migrated to:
https://www.rebar3.org ([https](https://www.rebar3.org ) result 200).
* http://inaka.github.com/apns4erl with 1 occurrences migrated to:
https://inaka.github.com/apns4erl ([https](https://inaka.github.com/apns4erl ) result 301).
* http://inaka.github.com/edis/ with 1 occurrences migrated to:
https://inaka.github.com/edis/ ([https](https://inaka.github.com/edis/ ) result 301).
* http://lasp-lang.org/ with 1 occurrences migrated to:
https://lasp-lang.org/ ([https](https://lasp-lang.org/ ) result 301).
* http://saleyn.github.com/erlexec with 1 occurrences migrated to:
https://saleyn.github.com/erlexec ([https](https://saleyn.github.com/erlexec ) result 301).
* http://www.mozilla.org/MPL/ with 6 occurrences migrated to:
https://www.mozilla.org/MPL/ ([https](https://www.mozilla.org/MPL/ ) result 301).
* http://zhongwencool.github.io/observer_cli with 1 occurrences migrated to:
https://zhongwencool.github.io/observer_cli ([https](https://zhongwencool.github.io/observer_cli ) result 301).
# Ignored
These URLs were intentionally ignored.
* http://localhost:8080/uaa/oauth/token with 1 occurrences
2019-03-20 03:11:57 -05:00
40410e5c01
spelling: exactly
...
(cherry picked from commit f5af5a4cb42c90147849dcc2e2b3705248fdd801)
2019-02-12 07:42:14 +03:00
0e19df0ce4
Rename uaa_jwt app env setting to key_config
...
See this comment for context:
https://github.com/rabbitmq/rabbitmq-auth-backend-oauth2/pull/18#issuecomment-409016622
2018-07-31 15:51:20 -07:00
4bd726b5d4
uaa_jwt is no longer a separate application
...
In order for uaa_jwt settings to be populated by config files, they have to be part of a defined and running application. This PR adds support for a uaa_jwt sub-key of the main rabbitmq_auth_backend_oauth2 env key.
2018-07-20 15:25:09 -07:00
f0178d7729
rabbitmq_auth_backend_uaa => rabbitmq_auth_backend_oauth2
...
"OAuth 2" is many things but it's still more descriptive, open-ended and easier
to find than "uaa" (too tool-specific) or "jwt" (too narrow, not known widely enough).
Per discussion with @hairyhum @kjnilsson.
2018-07-19 22:20:57 +03:00
6618c21b1f
More integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-19 14:40:18 +03:00
2d52dda042
More integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-18 18:25:10 +03:00
821f54c92a
More integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-18 18:15:50 +03:00
8cc9e4f628
Initial integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-18 02:34:23 +03:00
e3856ffa91
Include tag tests in more cases
...
[#158782152 ]
[#158782156 ]
2018-07-11 02:58:51 +03:00
37366191f2
Extract tags from the provided JWT token
...
Pair: @acogoluegnes.
[#158782152 ]
[#158782156 ]
2018-07-09 18:26:53 +03:00
cb4dfba58a
Expect access token in the password field
...
We cannot pass access tokens in the username since
those are logged and displayed by operator tools.
Per discussion with @acogoluegnes.
[#158782152 ]
[#158782156 ]
2018-07-05 19:50:12 +03:00
435d5c7690
Split the unsuccessful authorization test into 3
...
[#158782152 ]
[#158782156 ]
2018-07-03 20:02:33 +03:00
c4269275db
Convert all suites to use EUnit matchers
...
[#158782152 ]
[#158782156 ]
2018-07-03 17:55:40 +03:00
7a758a2ece
More test massaging, remove debug logging
...
[#158782152 ]
[#158782156 ]
2018-07-03 16:27:58 +03:00
4cc2cfef89
Split and simplify unit tests; naming
2018-07-03 02:15:51 +03:00
973ef5ccef
Add support for pem public key
2017-09-20 16:40:56 +01:00
5fdfda0846
Improve tests
2017-02-17 11:33:08 +00:00
7b421e6ae1
Return error instead of error_message to comply with authz_backend API
2017-02-08 16:32:59 +00:00
c71c3eb292
Test token expiration
2017-02-03 13:01:24 +00:00
24551ef095
Test default key support
2017-02-02 13:09:53 +00:00
a07b4485e6
Test key validation when adding via cli command
2017-02-02 12:25:38 +00:00
78bb2044fb
Test command validation
2017-02-02 11:29:25 +00:00
df197ad5b9
Command to add UAA signing keys
2017-02-01 17:15:10 +00:00
afb59ddc20
Fix test to represent Jwt decoded extended scope permissions
2017-01-27 11:48:35 +00:00
759d66263b
Decode and verify UAA JWT tokens without connecting to UAA server
...
Fixes #3
Uses rabbitmq/uaa_jwt library to decode a token and verify signature.
Signing keys should be predefined in the uaa_jwt application environment
2017-01-27 11:32:14 +00:00
42e401e900
invalid_resource_authorization => resource_server_authentication_failed
...
HTTP 401 response can indicate an authorization failure as well
but let's assume authentication failures will be more common in this
specific case.
2017-01-27 01:51:48 +03:00
88ac9518e2
Wording
2017-01-27 01:47:05 +03:00
0e595fe48f
Wording
2017-01-27 01:39:25 +03:00
269a2729e0
This example doesn't actually seem to be case insensitive
2017-01-27 01:34:53 +03:00
a53e4d3cb9
Support topic authorization
2017-01-24 17:26:59 +00:00
dfc61ec18f
Change scope to permission mapping
2016-12-20 13:13:18 +00:00
ff84dfae52
Support for custom resource kinds
2016-02-16 12:36:38 +00:00
b5c47a75f6
Resource ID filtering
2016-02-16 12:22:49 +00:00
4835e0b3af
Indent
2016-01-20 14:24:06 +00:00
99279bd10f
Tests
2016-01-20 14:04:14 +00:00
Michal Kuratczyk
Teo Klestrup Röijezon
Michael Klishin
dcorbacho
Jean-Sébastien Pédron
Philip Kuryloski
Arnaud Cogoluègnes
Michal Papuga
Spring Operator
Josh Soref
Luke Bakken
Michael Klishin
Daniil Fedotov