CBG-801: Auto-generated OIDC callback URL should include provider when non-default #4549
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bbrks
requested changes
Apr 8, 2020
…n non-default
- Added error codes returned by failures to add parameters to callback URL.
- Changes to to skip returning an error against empty provider name since it is invalid to have an empty provider name in addCallbackURLQueryParam function.
- Removed license headers from rest/oidc_api_test.go
- Removed parallel test execution since our our XML parser for Jenkins test results doesn't support parallel tests.
- Added changes in TestAddCallbackURLQueryParam to simplify the code if we change inputURL to string and run the URL parsing inside the test loop.
- Refactored requestParamProvider to oidcAuthRequestURI; this parameter was named requestParamProvider since it its being used not only in callback URL but also in /{db}/_oidc request, called by clients to initiate the OIDC Authorization Code flow.
- Added changes to check for escaped version of provider appended to the callback URL.
- Added changes to append ?name=value instead of &name=value to the redirect url when the redirect_uri itself has no query parameters set. It would be best to parse redirect_uri using url.Parse and set a query parameter using the strongly typed Query/Value methods.
sarathkumarsivan
commented
Apr 8, 2020
There was a problem hiding this comment.
- Added error codes returned by failures to add parameters to callback URL.
- Changes to to skip returning an error against empty provider name since it is invalid to have an empty provider name in addCallbackURLQueryParam function.
- Removed license headers from rest/oidc_api_test.go
- Removed parallel test execution since our our XML parser for Jenkins test results doesn't support parallel tests.
- Added changes in TestAddCallbackURLQueryParam to simplify the code if we change inputURL to string and run the URL parsing inside the test loop.
- Refactored requestParamProvider to oidcAuthRequestURI; this parameter was named requestParamProvider since it its being used not only in callback URL but also in /{db}/_oidc request, called by clients to initiate the OIDC Authorization Code flow.
- Added changes to check for escaped version of provider appended to the callback URL.
- Added changes to append ?name=value instead of &name=value to the redirect url when the redirect_uri itself has no query parameters set. It would be best to parse redirect_uri using url.Parse and set a query parameter using the strongly typed Query/Value methods.
…n non-default - oidcAuthRedirectURI refactoring
…n non-default - Reuse oidcAuthRedirectURI variables in TestAddCallbackURLQueryParam tests
bbrks
requested changes
Apr 9, 2020
There was a problem hiding this comment.
- Removed oidc_api_test.go since it became obsolete after the fix is implemented.
- Modified getOIDCCallbackURL method signature to receive provider name and a flag to determine if the current provider is default provider, when building the callbackURL check for default provider. If the current provider is default, add provider to the callback URL and skip adding provider otherwise.
- Added changes in database.go to use AddURLQueryParam directly when adding providers during initial setup. This would handle the situation better when the user explicitly specify the callbackURL with provider against a non default provider during setup.
- Added unit tests for AddURLQueryParam in oidc_test.go
- The constant OIDCAuthProvider has been exported to reuse during initial provider setup.
- Modified method signature at declaration.
sarathkumarsivan
force-pushed
the
CBG-801
branch
from
1345814 to
6cca62a
Compare
This speeds up full integration test runs significantly, by moving the
bucket setup/teardown into an async worker which gets buckets ready in
the background while tests are running using a different bucket.
## Usage:
```
export SG_TEST_BACKING_STORE=Couchbase
export SG_TEST_COUCHBASE_SERVER_URL=couchbase://localhost
go test -v -p=1 -count=1 ./...
```
### Configuration
#### Existing
- `SG_TEST_BACKING_STORE` (default `Walrus`)
- Can be set to `Couchbase` to enable integration tests
- `SG_TEST_COUCHBASE_SERVER_URL` (default `http://localhost:8091`)
- The connection string to connect with Couchbase Server
#### New
- `SG_TEST_USERNAME` (default `"Administrator"`)
- The username to use when connecting to the test server
- `SG_TEST_PASSWORD` (default `"password"`)
- The password to use when connecting to the test server
- `SG_TEST_BUCKET_POOL_SIZE` (default `3`)
- Specify how many buckets to create and use.
- `SG_TEST_BUCKET_QUOTA_MB` (default `150`)
- Specify how many MB each bucket's RAM quota should be
- `SG_TEST_BACKING_STORE_RECREATE` (default `false`)
- Drops any existing test buckets, and creates new ones
before continuing to add them to the pool. If this is
not set, previous buckets are just readied as normal.
- `SG_TEST_BUCKET_POOL_PRESERVE` (default `false`)
- In the event of a failing test, the bucket used is not emptied
and put back into the pool. This may result in exhaustion of
buckets if more tests fail than the pool size.
- `SG_TEST_BUCKET_POOL_DEBUG` (default `false`)
- If "true", verbose bucket pool logging is turned on,
to see what is happening to each bucket whilst running.
- `SG_TEST_DISABLE_GSI`
- Always set to true until CBG-818
---
* CBG-625 - Add bucket pooling test framework.
* Simplify LoggingBucket log code, and include bucket name in log context
* Prevent test failures when using walrus buckets
* Check for TestBucket pointer in AsGoCBBucket
* Fix WaitGroup data race by incrementing counter before sending bucket over bucketReadierQueue
* Prevent data race with multiple concurrent cluster.Authenticate() calls by using a pre-authed cluster reference
* Fix data race around initialisation of bucketReadierWaitGroup
* Add getTestKeyNamespace to force unique doc IDs for xattr tests (avoids KV tombstone issues)
* Increase timeout on retry loop for WaitForNumDocsViaChanges
* Bump gocb/gocbcore for cluster ops pre-bucket open
* Add SG_TEST_USE_VIEWS flag, but force it to be true all the time until 6.5.1
* Fix TestQuerySequencesStatsN1ql bucket type/view check
* Use TestsUseViews in RestTester setup
* Avoid vet catching unreachable code
* Use TestsUseViews for ServerContext test
* rename TestsUseViews to TestsDisableGSI and use in PostUpgrade
* Handle View and Query stats in TestTombstoneCompaction
* Bump bucket pool size from 100MB to 150MB
* Parameterise bucket quota
* Improve comments, rename things to be TBP scoped, rearrange to tidy
* More cleanup
* Tweak values in TestAddRawTimeoutRetry to avoid exceeding 150MB bucket quota, whilst still reproducing issue
* Add retry loop around UpsertDesignDocument to handle sporadic Erlang 500 errors
* Bump sg-bucket/walrus revisions
* Handle non-nil empty error from gocb's GetBuckets for 401 status code
* Add SG_TEST_USERNAME/SG_TEST_PASSWORD env vars
* Add benchmark for GetCallersName
* Skip printStats if no buckets opened (e.g. benchmarks)
* Remove unused GetTestBucketSpec
* Remove alignment chars from test logging
* Add comments for unused functions
* Drop default test pool size to 3
* Use t.Name() from getTestKeyNamespace
* Simplify document keys in single-doc tests
* Remove unnesesary query result Close
* Clean up TestBucketPool naming/API
* Move primary index creation out into test-only code
* Make mockClaims expire far into the future
* Fix missed InitializeIndex paramter removal
* Refer to global TestBucketPool from db TestMain
* Unskip TestPostUpgradeIndexesSimple
Switch to compareAndSwap when toggling compactRunning on channelCacheImpl
…n non-default Removed oidc_api_test.go since it became obsolete after the fix is implemented. Modified getOIDCCallbackURL method signature to receive provider name and a flag to determine if the current provider is default provider, when building the callbackURL check for default provider. If the current provider is default, add provider to the callback URL and skip adding provider otherwise. Added changes in database.go to use AddURLQueryParam directly when adding providers during initial setup. This would handle the situation better when the user explicitly specify the callbackURL with provider against a non default provider during setup. Added unit tests for AddURLQueryParam in oidc_test.go The constant OIDCAuthProvider has been exported to reuse during initial provider setup. Modified method signature at declaration.
|
Closing this PR due to other commits merged to this while rebasing. Will open a clean PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.