Skip to content

Commit c3beea4

Browse files
MarcialRosalesMarcialRosales
committed
Use proxy for all operations
get_token get_openid_configuration Download jwks
1 parent 182296e commit c3beea4

File tree

7 files changed

+97
-43
lines changed

7 files changed

+97
-43
lines changed

deps/oauth2_client/src/oauth2_client.erl

Lines changed: 54 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,10 @@
1313
merge_openid_configuration/2,
1414
merge_oauth_provider/2,
1515
extract_ssl_options_as_list/1,
16+
get_httpc_option_proxy_auth_if_any/1,
17+
get_httpc_option_proxy_if_any/1,
18+
get_httpc_option_ssl_options_if_any/1,
19+
get_httpc_option_timeout_of_default/1,
1620
format_ssl_options/1, format_oauth_provider/1, format_oauth_provider_id/1,
1721
extract_proxy_options_from_url/1
1822
]).
@@ -29,11 +33,10 @@ get_access_token(OAuthProvider, Request) ->
2933
Header = [],
3034
Type = ?CONTENT_URLENCODED,
3135
Body = build_access_token_request_body(Request),
32-
HTTPOptions = get_ssl_options_if_any(OAuthProvider) ++
33-
get_timeout_of_default(Request#access_token_request.timeout) ++
34-
get_proxy_auth_if_any(OAuthProvider#oauth_provider.proxy_options),
35-
Options = get_proxy_if_any(OAuthProvider#oauth_provider.proxy_options),
36-
Response = httpc:request(post, {URL, Header, Type, Body}, HTTPOptions, Options),
36+
HTTPOptions = get_httpc_option_ssl_options_if_any(OAuthProvider) ++
37+
get_httpc_option_timeout_of_default(Request#access_token_request.timeout),
38+
Response = http_post(URL, Header, Type, Body, HTTPOptions,
39+
OAuthProvider#oauth_provider.proxy_options),
3740
parse_access_token_response(Response).
3841

3942
-spec refresh_access_token(oauth_provider(), refresh_token_request()) ->
@@ -44,13 +47,35 @@ refresh_access_token(OAuthProvider, Request) ->
4447
Header = [],
4548
Type = ?CONTENT_URLENCODED,
4649
Body = build_refresh_token_request_body(Request),
47-
HTTPOptions = get_ssl_options_if_any(OAuthProvider) ++
48-
get_timeout_of_default(Request#refresh_token_request.timeout) ++
49-
get_proxy_auth_if_any(OAuthProvider#oauth_provider.proxy_options),
50-
Options = get_proxy_if_any(OAuthProvider#oauth_provider.proxy_options),
51-
Response = httpc:request(post, {URL, Header, Type, Body}, HTTPOptions, Options),
50+
HTTPOptions = get_httpc_option_ssl_options_if_any(OAuthProvider) ++
51+
get_httpc_option_timeout_of_default(Request#refresh_token_request.timeout),
52+
Response = http_post(URL, Header, Type, Body, HTTPOptions,
53+
OAuthProvider#oauth_provider.proxy_options),
5254
parse_access_token_response(Response).
5355

56+
http_post(URL, Header, Type, Body, HTTPOptions, ProxyOptions) ->
57+
case ProxyOptions of
58+
undefined -> httpc:request(post, {URL, Header, Type, Body}, HTTPOptions, []);
59+
_ ->
60+
case httpc:set_options(get_httpc_option_proxy_if_any(ProxyOptions)) of
61+
ok ->
62+
httpc:request(post, {URL, Header, Type, Body},
63+
HTTPOptions ++ get_httpc_option_proxy_auth_if_any(ProxyOptions), []);
64+
{error, _} = Error -> Error
65+
end
66+
end.
67+
http_get(URL, HTTPOptions, ProxyOptions) ->
68+
case ProxyOptions of
69+
undefined -> httpc:request(get, {URL, []}, HTTPOptions, []);
70+
_ ->
71+
case httpc:set_options(get_httpc_option_proxy_if_any(ProxyOptions)) of
72+
ok ->
73+
httpc:request(get, {URL, []},
74+
HTTPOptions ++ get_httpc_option_proxy_auth_if_any(ProxyOptions), []);
75+
{error, _} = Error -> Error
76+
end
77+
end.
78+
5479
append_paths(Path1, Path2) ->
5580
erlang:iolist_to_binary([Path1, Path2]).
5681

@@ -102,15 +127,9 @@ drop_trailing_path_separator(Path) when is_list(Path) ->
102127
get_openid_configuration(DiscoverEndpoint, TLSOptions, ProxyOptions) ->
103128
rabbit_log:debug("get_openid_configuration from ~p (~p) [~p]", [DiscoverEndpoint,
104129
format_ssl_options(TLSOptions), format_proxy_options(ProxyOptions)]),
105-
Options = get_proxy_if_any(ProxyOptions),
106-
case httpc:set_options(Options) of
107-
ok ->
108-
Response = httpc:request(get, {DiscoverEndpoint, []},
109-
TLSOptions ++ get_proxy_auth_if_any(ProxyOptions), []),
110-
parse_openid_configuration_response(Response);
111-
{error, _} = Error -> Error
112-
end.
113-
130+
Response = http_get(DiscoverEndpoint, TLSOptions, ProxyOptions),
131+
parse_openid_configuration_response(Response).
132+
114133
-spec merge_openid_configuration(openid_configuration(), oauth_provider()) ->
115134
oauth_provider().
116135
merge_openid_configuration(OpenId, OAuthProvider0) ->
@@ -292,7 +311,7 @@ download_oauth_provider(OAuthProvider) ->
292311
undefined -> {error, {missing_oauth_provider_attributes, [issuer]}};
293312
URL ->
294313
rabbit_log:debug("Downloading oauth_provider using ~p ", [URL]),
295-
case get_openid_configuration(URL, get_ssl_options_if_any(OAuthProvider),
314+
case get_openid_configuration(URL, get_httpc_option_ssl_options_if_any(OAuthProvider),
296315
OAuthProvider#oauth_provider.proxy_options) of
297316
{ok, OpenIdConfiguration} ->
298317
{ok, update_oauth_provider_endpoints_configuration(
@@ -570,31 +589,36 @@ append_extra_parameters(Request, QueryList) ->
570589
Params -> Params ++ QueryList
571590
end.
572591

573-
get_ssl_options_if_any(OAuthProvider) ->
592+
get_httpc_option_ssl_options_if_any(OAuthProvider) ->
574593
case OAuthProvider#oauth_provider.ssl_options of
575594
undefined -> [];
576595
Options -> [{ssl, Options}]
577596
end.
578597

579-
get_timeout_of_default(Timeout) ->
598+
get_httpc_option_timeout_of_default(Timeout) ->
580599
case Timeout of
581600
undefined -> [{timeout, ?DEFAULT_HTTP_TIMEOUT}];
582601
Timeout -> [{timeout, Timeout}]
583602
end.
584603

585-
get_proxy_if_any(ProxyOptions) ->
604+
get_httpc_option_proxy_if_any(ProxyOptions) ->
586605
case ProxyOptions of
587606
undefined ->
588607
[];
589-
Proxy ->
590-
P = {{Proxy#proxy_options.host, Proxy#proxy_options.port},[]},
591-
case Proxy#proxy_options.https of
592-
true -> [{https_proxy, P}];
593-
false -> [{proxy, P}]
608+
Proxy -> case {Proxy#proxy_options.host, Proxy#proxy_options.port} of
609+
{undefined, 0} -> [];
610+
{_, 0} -> [];
611+
{undefined, _} -> [];
612+
{Host, Port} ->
613+
P = {{Host, Port},[]},
614+
case Proxy#proxy_options.https of
615+
true -> [{https_proxy, P}];
616+
false -> [{proxy, P}]
617+
end
594618
end
595619
end.
596620

597-
get_proxy_auth_if_any(ProxyOptions) ->
621+
get_httpc_option_proxy_auth_if_any(ProxyOptions) ->
598622
case ProxyOptions of
599623
undefined ->
600624
[];
@@ -706,7 +730,7 @@ format_proxy_options(undefined) ->
706730
lists:flatten(io_lib:format("{no proxy}", []));
707731

708732
format_proxy_options(ProxyOptions) ->
709-
lists:flatten(io_lib:format("{https: ~p, hostname: ~p, port: ~p, username: ~p, " ++
733+
lists:flatten(io_lib:format("{https: ~p, host: ~p, port: ~p, username: ~p, " ++
710734
"password: ~p }", [
711735
ProxyOptions#proxy_options.https,
712736
ProxyOptions#proxy_options.host,

deps/rabbitmq_auth_backend_oauth2/src/uaa_jwks.erl

Lines changed: 35 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,43 @@
11
-module(uaa_jwks).
22
-export([get/2, get/3]).
33

4+
-import(oauth2_client, [
5+
get_httpc_option_ssl_options_if_any/1,
6+
get_httpc_option_timeout_of_default/1,
7+
get_httpc_option_proxy_auth_if_any/1,
8+
get_httpc_option_proxy_if_any/1]).
9+
410
-spec get(uri_string:uri_string(), list()) -> {ok, term()} | {error, term()}.
511
get(JwksUrl, SslOptions) ->
6-
Options = [{timeout, 60000}] ++ [{ssl, SslOptions}],
7-
httpc:request(get, {JwksUrl, []}, Options, []).
12+
http_get(JwksUrl, SslOptions, undefined).
813

9-
-spec get(uri_string:uri_string(), list(), list()) -> {ok, term()} | {error, term()}.
14+
-spec get(uri_string:uri_string(), list(), oauth2_client:proxy_options() | undefined | 'none') ->
15+
{ok, term()} | {error, term()}.
1016
get(JwksUrl, SslOptions, undefined) ->
1117
get(JwksUrl, SslOptions);
12-
get(JwksUrl, SslOptions, Options) ->
13-
HttpOptions = [{timeout, 60000}] ++ [{ssl, SslOptions}],
14-
httpc:set_options(Options),
15-
httpc:request(get, {JwksUrl, []}, HttpOptions, []).
18+
get(JwksUrl, SslOptions, ProxyOptions) ->
19+
http_get(JwksUrl, SslOptions, ProxyOptions).
20+
21+
get_ssl_options_if_any(SslOptions) ->
22+
case SslOptions of
23+
undefined -> [];
24+
Options -> [{ssl, Options}]
25+
end.
26+
27+
http_get(URL, SslOptions, ProxyOptions) ->
28+
HttpOptions = get_httpc_option_timeout_of_default(60000)
29+
++ get_ssl_options_if_any(SslOptions),
30+
{HttpProxyOptions, SetOptions} =
31+
case ProxyOptions of
32+
undefined -> {[], ok};
33+
_ ->
34+
case httpc:set_options(get_httpc_option_proxy_if_any(ProxyOptions)) of
35+
ok -> {get_httpc_option_proxy_auth_if_any(ProxyOptions), ok};
36+
{error, _} = Error -> {undefined, Error}
37+
end
38+
end,
39+
case SetOptions of
40+
ok -> httpc:request(get, {URL, []}, HttpOptions ++ HttpProxyOptions, []);
41+
{error, _} -> SetOptions
42+
end.
43+

deps/rabbitmq_auth_backend_oauth2/src/uaa_jwt.erl

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,10 +43,10 @@ add_signing_key(KeyId, Type, Value) ->
4343

4444
-spec update_jwks_signing_keys(oauth_provider()) -> ok | {error, term()}.
4545
update_jwks_signing_keys(#oauth_provider{id = Id, jwks_uri = JwksUrl,
46-
ssl_options = SslOptions}) ->
46+
ssl_options = SslOptions, proxy_options = ProxyOptions}) ->
4747
rabbit_log:debug("Downloading signing keys from ~tp (TLS options: ~p)",
4848
[JwksUrl, format_ssl_options(SslOptions)]),
49-
case uaa_jwks:get(JwksUrl, SslOptions) of
49+
case uaa_jwks:get(JwksUrl, SslOptions, ProxyOptions) of
5050
{ok, {_, _, JwksBody}} ->
5151
KeyList = maps:get(<<"keys">>,
5252
jose:decode(erlang:iolist_to_binary(JwksBody)), []),

selenium/test/oauth/env.docker.forward-proxy

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
export FORWARD_PROXY_URL=forward-proxy:9092
1+
export FORWARD_PROXY_URL=http://forward-proxy:9092
22
export OAUTH_PROVIDER_URL=${KEYCLOAK_URL}
33
export OAUTH_PROVIDER_CA_CERT=${KEYCLOAK_CA_CERT}

selenium/test/oauth/env.local.forward-proxy

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
export FORWARD_PROXY_URL=forward-proxy:9092
1+
export FORWARD_PROXY_URL=http://forward-proxy:9092
22
export OAUTH_PROVIDER_URL=${KEYCLOAK_URL}
33
export OAUTH_PROVIDER_CA_CERT=${KEYCLOAK_CA_CERT}

selenium/test/oauth/forward-proxy/httpd.conf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -146,8 +146,10 @@ LogLevel warn
146146
LogLevel debug
147147
ErrorLog /dev/stderr
148148
CustomLog /dev/stdout combined
149+
# SetEnv auth-proxy-chain on
149150

150151
<Proxy "*">
151152
Allow from all
153+
152154
</Proxy>
153155
</VirtualHost>

selenium/test/utils.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,11 @@ const UAALoginPage = require('./pageobjects/UAALoginPage')
99
const KeycloakLoginPage = require('./pageobjects/KeycloakLoginPage')
1010
const assert = require('assert')
1111

12+
const runLocal = String(process.env.RUN_LOCAL).toLowerCase() != 'false'
1213
const uaaUrl = process.env.UAA_URL || 'http://localhost:8080'
1314
const baseUrl = randomly_pick_baseurl(process.env.RABBITMQ_URL) || 'http://localhost:15672/'
14-
const proxyUrl = process.env.FORWARD_PROXY_URL
15+
const proxyUrl = runLocal ? undefined : process.env.FORWARD_PROXY_URL
1516
const hostname = process.env.RABBITMQ_HOSTNAME || 'localhost'
16-
const runLocal = String(process.env.RUN_LOCAL).toLowerCase() != 'false'
1717
const seleniumUrl = process.env.SELENIUM_URL || 'http://selenium:4444'
1818
const screenshotsDir = process.env.SCREENSHOTS_DIR || '/screens'
1919
const profiles = process.env.PROFILES || ''

0 commit comments

Comments
 (0)