Merge branch 'master' into feat/2978-configfile-val

2026-02-22 21:16:14 +00:00 · 2026-02-22 21:16:14 +00:00 · 09f61ac2bb
parent b3b29ed433 a279fece02
commit 09f61ac2bb
3 changed files with 67 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,6 +8,8 @@

 ## Changes since v7.14.2

+- [#3183](https://github.com/oauth2-proxy/oauth2-proxy/pull/3183) fix: allow URL parameters to configure username, password and max idle connection timeout if the matching configuration is empty.
+
 # V7.14.2

 ## Release Highlights
--- a/pkg/sessions/redis/redis_store.go
+++ b/pkg/sessions/redis/redis_store.go
@ -109,6 +109,9 @@ func buildSentinelClient(opts options.RedisStoreOptions) (Client, error) {
 	if opts.Username != "" {
 		opt.Username = opts.Username
 	}
+	if opts.IdleTimeout > 0 {
+		opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second
+	}

 	if err := setupTLSConfig(opts, opt); err != nil {
 		return nil, err
@ -118,10 +121,10 @@ func buildSentinelClient(opts options.RedisStoreOptions) (Client, error) {
 		MasterName:       opts.SentinelMasterName,
 		SentinelAddrs:    addrs,
 		SentinelPassword: opts.SentinelPassword,
-		Username:         opts.Username,
-		Password:         opts.Password,
+		Username:         opt.Username,
+		Password:         opt.Password,
 		TLSConfig:        opt.TLSConfig,
-		ConnMaxIdleTime:  time.Duration(opts.IdleTimeout) * time.Second,
+		ConnMaxIdleTime:  opt.ConnMaxIdleTime,
 	})
 	return newClient(client), nil
 }
@ -139,6 +142,9 @@ func buildClusterClient(opts options.RedisStoreOptions) (Client, error) {
 	if opts.Username != "" {
 		opt.Username = opts.Username
 	}
+	if opts.IdleTimeout > 0 {
+		opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second
+	}

 	if err := setupTLSConfig(opts, opt); err != nil {
 		return nil, err
@ -146,10 +152,10 @@ func buildClusterClient(opts options.RedisStoreOptions) (Client, error) {

 	client := redis.NewClusterClient(&redis.ClusterOptions{
 		Addrs:           addrs,
-		Username:        opts.Username,
-		Password:        opts.Password,
+		Username:        opt.Username,
+		Password:        opt.Password,
 		TLSConfig:       opt.TLSConfig,
-		ConnMaxIdleTime: time.Duration(opts.IdleTimeout) * time.Second,
+		ConnMaxIdleTime: opt.ConnMaxIdleTime,
 	})
 	return newClusterClient(client), nil
 }
@ -168,13 +174,14 @@ func buildStandaloneClient(opts options.RedisStoreOptions) (Client, error) {
 	if opts.Username != "" {
 		opt.Username = opts.Username
 	}
+	if opts.IdleTimeout > 0 {
+		opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second
+	}

 	if err := setupTLSConfig(opts, opt); err != nil {
 		return nil, err
 	}

-	opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second
-
 	client := redis.NewClient(opt)
 	return newClient(client), nil
 }
--- a/pkg/sessions/redis/redis_store_test.go
+++ b/pkg/sessions/redis/redis_store_test.go
@ -1,6 +1,7 @@
 package redis

 import (
+	"fmt"
 	"time"

 	"github.com/Bose/minisentinel"
@ -246,6 +247,55 @@ var _ = Describe("Redis SessionStore Tests", func() {
 	})

 	Describe("Redis URL Parsing", func() {
+		It("should prefer configured username password and timeout over URL parameters", func() {
+			configuredUsername := "configured-user"
+			configuredPassword := "configured-password"
+			configuredIdleTimeout := 90
+
+			urlUsername := "url-user"
+			urlPassword := "url-password"
+			urlIdleTimeout := 30
+
+			redisClient, err := buildStandaloneClient(options.RedisStoreOptions{
+				ConnectionURL: fmt.Sprintf("redis://%s:%s@localhost:6379?conn_max_idle_time=%d", urlUsername, urlPassword, urlIdleTimeout),
+				Username:      configuredUsername,
+				Password:      configuredPassword,
+				IdleTimeout:   configuredIdleTimeout,
+			})
+			Expect(err).ToNot(HaveOccurred())
+
+			rc, ok := redisClient.(*client)
+			Expect(ok).To(BeTrue())
+			Expect(rc.Close()).To(Succeed())
+
+			redisOptions := rc.Options()
+			Expect(redisOptions.Username).To(Equal(configuredUsername))
+			Expect(redisOptions.Password).To(Equal(configuredPassword))
+			Expect(redisOptions.ConnMaxIdleTime).To(Equal(time.Duration(configuredIdleTimeout) * time.Second))
+		})
+		It("should prefer URL username password and timeout when configured values are empty", func() {
+			urlUsername := "url-user"
+			urlPassword := "url-password"
+			urlIdleTimeout := 30
+
+			redisClient, err := buildStandaloneClient(options.RedisStoreOptions{
+				ConnectionURL: fmt.Sprintf("redis://%s:%s@localhost:6379?conn_max_idle_time=%d", urlUsername, urlPassword, urlIdleTimeout),
+				Username:      "",
+				Password:      "",
+				IdleTimeout:   0,
+			})
+			Expect(err).ToNot(HaveOccurred())
+
+			rc, ok := redisClient.(*client)
+			Expect(ok).To(BeTrue())
+			Expect(rc.Close()).To(Succeed())
+
+			redisOptions := rc.Options()
+			Expect(redisOptions.Username).To(Equal(urlUsername))
+			Expect(redisOptions.Password).To(Equal(urlPassword))
+			Expect(redisOptions.ConnMaxIdleTime).To(Equal(time.Duration(urlIdleTimeout) * time.Second))
+		})
+
 		It("should parse valid redis URL", func() {
 			addrs, opts, err := parseRedisURLs([]string{"redis://localhost:6379"})
 			Expect(err).ToNot(HaveOccurred())