diff --git a/.gitignore b/.gitignore index 96c99b3c..b59fc222 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ # emacs *~ \#*\# -.\#* \ No newline at end of file +.\#* +lua_install +luacov.stats.out \ No newline at end of file diff --git a/.luacov b/.luacov new file mode 100644 index 00000000..567e2a4d --- /dev/null +++ b/.luacov @@ -0,0 +1,5 @@ +return { + ["include"] = { + 'kong/plugins/oidc' + }, +} diff --git a/.travis.yml b/.travis.yml index 0d523c2b..da3b0534 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,30 +5,13 @@ language: python sudo: false env: - - LUA="lua=5.1" -# - LUA="lua=5.2" -# - LUA="lua=5.3" -# - LUA="luajit=2.0" -# - LUA="luajit=2.1" - -before_install: - - pip install hererocks - - hererocks lua_install -r^ --$LUA - - export PATH=$PATH:$PWD/lua_install/bin - -install: - - luarocks install kong 0.11.2-0 - - luarocks install lua-resty-openidc 1.4.0-1 - - luarocks install luaunit - - luarocks install luacov-coveralls + - LUA_VERSION="5.1" KONG_VERSION="0.13.0-0" LUA_RESTY_OPENIDC_VERSION="1.5.3" + - LUA_VERSION="5.1" KONG_VERSION="0.12.3-0" LUA_RESTY_OPENIDC_VERSION="1.5.3" + - LUA_VERSION="5.1" KONG_VERSION="0.11.2-0" LUA_RESTY_OPENIDC_VERSION="1.5.3" script: - - lua -lluacov test/unit/test_filter.lua -o TAP --failure - - lua -lluacov test/unit/test_filters_advanced.lua -o TAP --failure - - lua -lluacov test/unit/test_utils.lua -o TAP --failure - - lua -lluacov test/unit/test_handler_mocking_openidc.lua --failure - - lua -lluacov test/unit/test_introspect.lua -o TAP --failure - - lua -lluacov test/unit/test_utils_bearer_access_token.lua -o TAP --failure + - source ci/run.sh after_success: + - luarocks install luacov-coveralls - luacov-coveralls diff --git a/README.md b/README.md index e4936692..d75c9d9c 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ You also need to set the `KONG_CUSTOM_PLUGINS` environment variable | `config.introspection_endpoint` | | false | Token introspection endpoint | | `config.bearer_only` | no | false | Only introspect tokens without redirecting | | `config.realm` | kong | false | Realm used in WWW-Authenticate response header | - +| `config.logout_path` | /logout | false | Absolute path used to logout from the OIDC RP | ### Enabling @@ -154,3 +154,14 @@ Accept-Language: pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4 Cookie: session=KOn1am4mhQLKazlCA..... X-Userinfo: {"preferred_username":"alice","id":"60f65308-3510-40ca-83f0-e9c0151cc680","sub":"60f65308-3510-40ca-83f0-e9c0151cc680"} ``` + + +## Development + +### Run CI locally + +To run the CI locally you can use the following command: + +``` +docker run --rm -it -v `pwd`:/app --workdir=/app python bash ci/run.sh +``` diff --git a/ci/run.sh b/ci/run.sh new file mode 100644 index 00000000..22826740 --- /dev/null +++ b/ci/run.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +export LUA_VERSION=${LUA_VERSION:-5.1} +export KONG_VERSION=${KONG_VERSION:-0.11.2-0} +export LUA_RESTY_OPENIDC_VERSION=${LUA_RESTY_OPENIDC_VERSION:-1.5.3} + +apt-get update +apt-get install -y unzip + +pip install hererocks +hererocks lua_install -r^ --lua=${LUA_VERSION} +export PATH=${PATH}:${PWD}/lua_install/bin + +luarocks install kong ${KONG_VERSION} +luarocks install lua-resty-openidc ${LUA_RESTY_OPENIDC_VERSION} +luarocks install lua-cjson +luarocks install luaunit +luarocks install luacov + +lua -lluacov test/unit/test_filter.lua -o TAP --failure +lua -lluacov test/unit/test_filters_advanced.lua -o TAP --failure +lua -lluacov test/unit/test_utils.lua -o TAP --failure +lua -lluacov test/unit/test_handler_mocking_openidc.lua --failure +lua -lluacov test/unit/test_introspect.lua -o TAP --failure +lua -lluacov test/unit/test_utils_bearer_access_token.lua -o TAP --failure diff --git a/kong-oidc-1.0.4-0.rockspec b/kong-oidc-1.0.5-0.rockspec similarity index 97% rename from kong-oidc-1.0.4-0.rockspec rename to kong-oidc-1.0.5-0.rockspec index c21880dd..8262be64 100644 --- a/kong-oidc-1.0.4-0.rockspec +++ b/kong-oidc-1.0.5-0.rockspec @@ -1,8 +1,8 @@ package = "kong-oidc" -version = "1.0.4-0" +version = "1.0.5-0" source = { url = "git://github.com/nokia/kong-oidc", - tag = "v1.0.4", + tag = "v1.0.5", dir = "kong-oidc" } description = { diff --git a/kong/plugins/oidc/schema.lua b/kong/plugins/oidc/schema.lua index 1aa71237..34e93cf1 100644 --- a/kong/plugins/oidc/schema.lua +++ b/kong/plugins/oidc/schema.lua @@ -14,6 +14,8 @@ return { token_endpoint_auth_method = { type = "string", required = true, default = "client_secret_post" }, session_secret = { type = "string", required = false }, recovery_page_path = { type = "string" }, + logout_path = { type = "string", required = false, default = '/logout' }, + redirect_after_logout_uri = { type = "string", required = false, default = '/' }, filters = { type = "string" } } } diff --git a/kong/plugins/oidc/utils.lua b/kong/plugins/oidc/utils.lua index 54afc00a..5cc31c79 100644 --- a/kong/plugins/oidc/utils.lua +++ b/kong/plugins/oidc/utils.lua @@ -51,7 +51,9 @@ function M.get_options(config, ngx) ssl_verify = config.ssl_verify, token_endpoint_auth_method = config.token_endpoint_auth_method, recovery_page_path = config.recovery_page_path, - filters = parseFilters(config.filters) + filters = parseFilters(config.filters), + logout_path = config.logout_path, + redirect_after_logout_uri = config.redirect_after_logout_uri, } end diff --git a/test/unit/test_filters_advanced.lua b/test/unit/test_filters_advanced.lua index 846bce42..28ff2a4e 100644 --- a/test/unit/test_filters_advanced.lua +++ b/test/unit/test_filters_advanced.lua @@ -123,31 +123,4 @@ function TestFilter:testTildeAfterPrefix() lu.assertTrue(filter.shouldProcessRequest(config) ) end ---zeppelin tests -function TestFilter:testZeppelin() - ngx.var.uri = "/projects/10/zeppelin" - lu.assertFalse(filter.shouldProcessRequest(config)) -end - -function TestFilter:testSlashAfterZeppelin() - ngx.var.uri = "/projects/10/zeppelin/" - lu.assertFalse(filter.shouldProcessRequest(config)) -end - -function TestFilter:testQuestionMarkAfterZeppelin() - ngx.var.uri = "/projects/10/zeppelin?" - lu.assertFalse(filter.shouldProcessRequest(config)) -end - -function TestFilter:testExtraCharactersAfterZeppelin() - ngx.var.uri = "/projects/10/zeppelinextras" - lu.assertTrue(filter.shouldProcessRequest(config)) -end - -function TestFilter:testZeppelinNotAtStart() - ngx.var.uri = "/this/projects/10/zeppelin" - lu.assertTrue(filter.shouldProcessRequest(config)) -end - - lu.run() diff --git a/test/unit/test_utils.lua b/test/unit/test_utils.lua index 1b441e07..27c1c48f 100644 --- a/test/unit/test_utils.lua +++ b/test/unit/test_utils.lua @@ -34,8 +34,9 @@ function TestUtils:testOptions() response_type = "code", ssl_verify = "no", token_endpoint_auth_method = "client_secret_post", - filters = "pattern1,pattern2,pattern3" - + filters = "pattern1,pattern2,pattern3", + logout_path = "/logout", + redirect_after_logout_uri = "/login" }, {var = {request_uri = "/path"}, req = {get_uri_args = function() return nil end}}) @@ -47,6 +48,8 @@ function TestUtils:testOptions() lu.assertEquals(opts.ssl_verify, "no") lu.assertEquals(opts.token_endpoint_auth_method, "client_secret_post") lu.assertEquals(opts.redirect_uri_path, "/path/") + lu.assertEquals(opts.logout_path, "/logout") + lu.assertEquals(opts.redirect_after_logout_uri, "/login") local expectedFilters = { "pattern1",