Merge pull request #1839 from seuf/authproxy-header-configuration

Allow configuration of returned auth proxy header
This commit is contained in:
Márk Sági-Kazár 2021-01-07 10:40:57 +01:00 committed by GitHub
commit 4f326390aa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -14,16 +14,24 @@ import (
// Config holds the configuration parameters for a connector which returns an // Config holds the configuration parameters for a connector which returns an
// identity with the HTTP header X-Remote-User as verified email. // identity with the HTTP header X-Remote-User as verified email.
type Config struct{} type Config struct {
UserHeader string `json:"userHeader"`
}
// Open returns an authentication strategy which requires no user interaction. // Open returns an authentication strategy which requires no user interaction.
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) { func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
return &callback{logger: logger, pathSuffix: "/" + id}, nil userHeader := c.UserHeader
if userHeader == "" {
userHeader = "X-Remote-User"
}
return &callback{userHeader: userHeader, logger: logger, pathSuffix: "/" + id}, nil
} }
// Callback is a connector which returns an identity with the HTTP header // Callback is a connector which returns an identity with the HTTP header
// X-Remote-User as verified email. // X-Remote-User as verified email.
type callback struct { type callback struct {
userHeader string
logger log.Logger logger log.Logger
pathSuffix string pathSuffix string
} }
@ -43,9 +51,9 @@ func (m *callback) LoginURL(s connector.Scopes, callbackURL, state string) (stri
// HandleCallback parses the request and returns the user's identity // HandleCallback parses the request and returns the user's identity
func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connector.Identity, error) { func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connector.Identity, error) {
remoteUser := r.Header.Get("X-Remote-User") remoteUser := r.Header.Get(m.userHeader)
if remoteUser == "" { if remoteUser == "" {
return connector.Identity{}, fmt.Errorf("required HTTP header X-Remote-User is not set") return connector.Identity{}, fmt.Errorf("required HTTP header %s is not set", m.userHeader)
} }
// TODO: add support for X-Remote-Group, see // TODO: add support for X-Remote-Group, see
// https://kubernetes.io/docs/admin/authentication/#authenticating-proxy // https://kubernetes.io/docs/admin/authentication/#authenticating-proxy