habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

proxy: cleanup addHeadersForProxying

Browse Source
This commit is contained in:
Jens Langhammer
2020-10-07 18:02:57 +02:00
parent ef24b1cde2
commit b10912d8ba
2 changed files with 18 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
proxy/pkg/proxy/oauthproxy.go
View File

@ -890,28 +890,19 @@ func (p *OAuthProxy) getAuthenticatedSession(rw http.ResponseWriter, req *http.R
// addHeadersForProxying adds the appropriate headers the request / response for proxying // addHeadersForProxying adds the appropriate headers the request / response for proxying
func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Request, session *sessionsapi.SessionState) { func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Request, session *sessionsapi.SessionState) {
if p.PassUserHeaders {
if p.PreferEmailToUser && session.Email != "" {
req.Header["X-Forwarded-User"] = []string{session.Email}
req.Header.Del("X-Forwarded-Email")
} else {
req.Header["X-Forwarded-User"] = []string{session.User} req.Header["X-Forwarded-User"] = []string{session.User}
if session.Email != "" { if session.Email != "" {
req.Header["X-Forwarded-Email"] = []string{session.Email} req.Header["X-Forwarded-Email"] = []string{session.Email}
} else {
req.Header.Del("X-Forwarded-Email")
}
} }
if session.PreferredUsername != "" { if session.PreferredUsername != "" {
req.Header["X-Forwarded-Preferred-Username"] = []string{session.PreferredUsername} req.Header["X-Forwarded-Preferred-Username"] = []string{session.PreferredUsername}
req.Header["X-Auth-Username"] = []string{session.PreferredUsername}
} else { } else {
req.Header.Del("X-Forwarded-Preferred-Username") req.Header.Del("X-Forwarded-Preferred-Username")
} req.Header.Del("X-Auth-Username")
} }
if p.SetXAuthRequest {
rw.Header().Set("X-Auth-Request-User", session.User)
if session.Email != "" { if session.Email != "" {
rw.Header().Set("X-Auth-Request-Email", session.Email) rw.Header().Set("X-Auth-Request-Email", session.Email)
} else { } else {
@ -923,30 +914,6 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
rw.Header().Del("X-Auth-Request-Preferred-Username") rw.Header().Del("X-Auth-Request-Preferred-Username")
} }
if p.PassAccessToken {
if session.AccessToken != "" {
rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)
} else {
rw.Header().Del("X-Auth-Request-Access-Token")
}
}
}
if p.PassAccessToken {
if session.AccessToken != "" {
req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}
} else {
req.Header.Del("X-Forwarded-Access-Token")
}
}
if p.PassAuthorization {
if session.IDToken != "" {
req.Header["Authorization"] = []string{fmt.Sprintf("Bearer %s", session.IDToken)}
} else {
req.Header.Del("Authorization")
}
}
if p.SetBasicAuth { if p.SetBasicAuth {
claims := Claims{} claims := Claims{}
err := claims.FromIDToken(session.IDToken) err := claims.FromIDToken(session.IDToken)
@ -968,13 +935,6 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password)) authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password))
req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)} req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)}
} }
if p.SetAuthorization {
if session.IDToken != "" {
rw.Header().Set("Authorization", fmt.Sprintf("Bearer %s", session.IDToken))
} else {
rw.Header().Del("Authorization")
}
}
if session.Email == "" { if session.Email == "" {
rw.Header().Set("GAP-Auth", session.User) rw.Header().Set("GAP-Auth", session.User)

1
proxy/pkg/server/api.go
View File

@ -49,7 +49,6 @@ func getCommonOptions() *options.Options {
commonOpts.ProxyPrefix = "/pbprox" commonOpts.ProxyPrefix = "/pbprox"
commonOpts.SkipProviderButton = true commonOpts.SkipProviderButton = true
commonOpts.Logging.SilencePing = true commonOpts.Logging.SilencePing = true
commonOpts.SetXAuthRequest = true
commonOpts.SetAuthorization = false commonOpts.SetAuthorization = false
commonOpts.Scope = "openid email profile pb_proxy" commonOpts.Scope = "openid email profile pb_proxy"
return commonOpts return commonOpts