From 178532741fbe19ed72a30fcbf1e2cfb44acf81b6 Mon Sep 17 00:00:00 2001 From: Richard87 Date: Tue, 2 Sep 2025 13:00:16 +0200 Subject: [PATCH 1/3] fix: dont override parameters set in redis uri Signed-off-by: Richard Hagen --- pkg/sessions/redis/redis_store.go | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/pkg/sessions/redis/redis_store.go b/pkg/sessions/redis/redis_store.go index 4e846e9b..79f8f7d1 100644 --- a/pkg/sessions/redis/redis_store.go +++ b/pkg/sessions/redis/redis_store.go @@ -109,6 +109,9 @@ func buildSentinelClient(opts options.RedisStoreOptions) (Client, error) { if opts.Username != "" { opt.Username = opts.Username } + if opts.IdleTimeout > 0 { + opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second + } if err := setupTLSConfig(opts, opt); err != nil { return nil, err @@ -118,10 +121,10 @@ func buildSentinelClient(opts options.RedisStoreOptions) (Client, error) { MasterName: opts.SentinelMasterName, SentinelAddrs: addrs, SentinelPassword: opts.SentinelPassword, - Username: opts.Username, - Password: opts.Password, + Username: opt.Username, + Password: opt.Password, TLSConfig: opt.TLSConfig, - ConnMaxIdleTime: time.Duration(opts.IdleTimeout) * time.Second, + ConnMaxIdleTime: opt.ConnMaxIdleTime, }) return newClient(client), nil } @@ -139,6 +142,9 @@ func buildClusterClient(opts options.RedisStoreOptions) (Client, error) { if opts.Username != "" { opt.Username = opts.Username } + if opts.IdleTimeout > 0 { + opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second + } if err := setupTLSConfig(opts, opt); err != nil { return nil, err @@ -146,10 +152,10 @@ func buildClusterClient(opts options.RedisStoreOptions) (Client, error) { client := redis.NewClusterClient(&redis.ClusterOptions{ Addrs: addrs, - Username: opts.Username, - Password: opts.Password, + Username: opt.Username, + Password: opt.Password, TLSConfig: opt.TLSConfig, - ConnMaxIdleTime: time.Duration(opts.IdleTimeout) * time.Second, + ConnMaxIdleTime: opt.ConnMaxIdleTime, }) return newClusterClient(client), nil } @@ -168,13 +174,14 @@ func buildStandaloneClient(opts options.RedisStoreOptions) (Client, error) { if opts.Username != "" { opt.Username = opts.Username } + if opts.IdleTimeout > 0 { + opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second + } if err := setupTLSConfig(opts, opt); err != nil { return nil, err } - opt.ConnMaxIdleTime = time.Duration(opts.IdleTimeout) * time.Second - client := redis.NewClient(opt) return newClient(client), nil } From 7747a884049fca383f7c6ec1e804a4ad39f59c65 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Thu, 19 Feb 2026 10:14:05 +0100 Subject: [PATCH 2/3] fix: add tests for configure options and URL overrides when empty Signed-off-by: Richard Hagen --- pkg/sessions/redis/redis_store_test.go | 50 ++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/pkg/sessions/redis/redis_store_test.go b/pkg/sessions/redis/redis_store_test.go index 1bff6855..18dbe934 100644 --- a/pkg/sessions/redis/redis_store_test.go +++ b/pkg/sessions/redis/redis_store_test.go @@ -1,6 +1,7 @@ package redis import ( + "fmt" "time" "github.com/Bose/minisentinel" @@ -246,6 +247,55 @@ var _ = Describe("Redis SessionStore Tests", func() { }) Describe("Redis URL Parsing", func() { + It("should prefer configured username password and timeout over URL parameters", func() { + configuredUsername := "configured-user" + configuredPassword := "configured-password" + configuredIdleTimeout := 90 + + urlUsername := "url-user" + urlPassword := "url-password" + urlIdleTimeout := 30 + + redisClient, err := buildStandaloneClient(options.RedisStoreOptions{ + ConnectionURL: fmt.Sprintf("redis://%s:%s@localhost:6379?conn_max_idle_time=%d", urlUsername, urlPassword, urlIdleTimeout), + Username: configuredUsername, + Password: configuredPassword, + IdleTimeout: configuredIdleTimeout, + }) + Expect(err).ToNot(HaveOccurred()) + + rc, ok := redisClient.(*client) + Expect(ok).To(BeTrue()) + Expect(rc.Close()).To(Succeed()) + + redisOptions := rc.Options() + Expect(redisOptions.Username).To(Equal(configuredUsername)) + Expect(redisOptions.Password).To(Equal(configuredPassword)) + Expect(redisOptions.ConnMaxIdleTime).To(Equal(time.Duration(configuredIdleTimeout) * time.Second)) + }) + It("should prefer URL username password and timeout when configured values are empty", func() { + urlUsername := "url-user" + urlPassword := "url-password" + urlIdleTimeout := 30 + + redisClient, err := buildStandaloneClient(options.RedisStoreOptions{ + ConnectionURL: fmt.Sprintf("redis://%s:%s@localhost:6379?conn_max_idle_time=%d", urlUsername, urlPassword, urlIdleTimeout), + Username: "", + Password: "", + IdleTimeout: 0, + }) + Expect(err).ToNot(HaveOccurred()) + + rc, ok := redisClient.(*client) + Expect(ok).To(BeTrue()) + Expect(rc.Close()).To(Succeed()) + + redisOptions := rc.Options() + Expect(redisOptions.Username).To(Equal(urlUsername)) + Expect(redisOptions.Password).To(Equal(urlPassword)) + Expect(redisOptions.ConnMaxIdleTime).To(Equal(time.Duration(urlIdleTimeout) * time.Second)) + }) + It("should parse valid redis URL", func() { addrs, opts, err := parseRedisURLs([]string{"redis://localhost:6379"}) Expect(err).ToNot(HaveOccurred()) From 7822698ab1788fd53226ef0e4e3772afcbcb5eb8 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Thu, 19 Feb 2026 10:20:26 +0100 Subject: [PATCH 3/3] fix: update CHANGELOG to include new fix for URL parameters configuration Signed-off-by: Richard Hagen --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed40d056..76c506ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ ## Changes since v7.14.2 +- [#3183](https://github.com/oauth2-proxy/oauth2-proxy/pull/3183) fix: allow URL parameters to configure username, password and max idle connection timeout if the matching configuration is empty. + # V7.14.2 ## Release Highlights