providers/proxy: fix Host/:Authority not being modified

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 16:30:26 +01:00
parent 6c880e0e62
commit 7088a6b0e6
2 changed files with 88 additions and 4 deletions
--- a/internal/outpost/proxyv2/application/mode_proxy.go
+++ b/internal/outpost/proxyv2/application/mode_proxy.go
@ -76,15 +76,18 @@ func (a *Application) proxyModifyRequest(ou *url.URL) func(req *http.Request) {
 		claims, _ := a.getClaims(r)
 		r.URL.Scheme = ou.Scheme
 		r.URL.Host = ou.Host
-		if claims.Proxy != nil && claims.Proxy.BackendOverride != "" {
+		r.Host = ou.Host
+		if claims != nil && claims.Proxy != nil && claims.Proxy.BackendOverride != "" {
 			u, err := url.Parse(claims.Proxy.BackendOverride)
 			if err != nil {
 				a.log.WithField("backend_override", claims.Proxy.BackendOverride).WithError(err).Warning("failed parse user backend override")
-				return
+			} else {
+				r.URL.Scheme = u.Scheme
+				r.URL.Host = u.Host
+				r.Host = u.Host
 			}
-			r.URL.Scheme = u.Scheme
-			r.URL.Host = u.Host
 		}
+		a.log.WithField("upstream_url", r.URL.String()).Trace("final upstream url")
 	}
 }

--- a/internal/outpost/proxyv2/application/mode_proxy_test.go
+++ b/internal/outpost/proxyv2/application/mode_proxy_test.go
@ -0,0 +1,81 @@
+package application
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"goauthentik.io/internal/outpost/proxyv2/constants"
+)
+
+func TestProxy_ModifyRequest(t *testing.T) {
+	a := newTestApplication()
+	req, _ := http.NewRequest("GET", "http://frontend/foo", nil)
+	u, err := url.Parse("http://backend:8012")
+	if err != nil {
+		panic(err)
+	}
+	a.proxyModifyRequest(u)(req)
+
+	assert.Equal(t, "/foo", req.URL.Path)
+	assert.Equal(t, "backend:8012", req.URL.Host)
+	assert.Equal(t, "backend:8012", req.Host)
+}
+
+func TestProxy_ModifyRequest_Claims(t *testing.T) {
+	a := newTestApplication()
+	req, _ := http.NewRequest("GET", "http://frontend/foo", nil)
+	u, err := url.Parse("http://backend:8012")
+	if err != nil {
+		panic(err)
+	}
+	rr := httptest.NewRecorder()
+
+	s, _ := a.sessions.Get(req, constants.SeesionName)
+	s.Values[constants.SessionClaims] = Claims{
+		Sub: "foo",
+		Proxy: &ProxyClaims{
+			BackendOverride: "http://other-backend:8123",
+		},
+	}
+	err = a.sessions.Save(req, rr, s)
+	if err != nil {
+		panic(err)
+	}
+
+	a.proxyModifyRequest(u)(req)
+
+	assert.Equal(t, "/foo", req.URL.Path)
+	assert.Equal(t, "other-backend:8123", req.URL.Host)
+	assert.Equal(t, "other-backend:8123", req.Host)
+}
+
+func TestProxy_ModifyRequest_Claims_Invalid(t *testing.T) {
+	a := newTestApplication()
+	req, _ := http.NewRequest("GET", "http://frontend/foo", nil)
+	u, err := url.Parse("http://backend:8012")
+	if err != nil {
+		panic(err)
+	}
+	rr := httptest.NewRecorder()
+
+	s, _ := a.sessions.Get(req, constants.SeesionName)
+	s.Values[constants.SessionClaims] = Claims{
+		Sub: "foo",
+		Proxy: &ProxyClaims{
+			BackendOverride: ":qewr",
+		},
+	}
+	err = a.sessions.Save(req, rr, s)
+	if err != nil {
+		panic(err)
+	}
+
+	a.proxyModifyRequest(u)(req)
+
+	assert.Equal(t, "/foo", req.URL.Path)
+	assert.Equal(t, "backend:8012", req.URL.Host)
+	assert.Equal(t, "backend:8012", req.Host)
+}