forked from mystiq/dex
Rename config header to userHeader
Signed-off-by: seuf <seuf76@gmail.com>
This commit is contained in:
parent
f19bccfc92
commit
a1c7198738
1 changed files with 9 additions and 11 deletions
|
@ -15,23 +15,18 @@ import (
|
||||||
// Config holds the configuration parameters for a connector which returns an
|
// Config holds the configuration parameters for a connector which returns an
|
||||||
// identity with the HTTP header X-Remote-User as verified email.
|
// identity with the HTTP header X-Remote-User as verified email.
|
||||||
type Config struct {
|
type Config struct {
|
||||||
HeaderName string `json:"headerName"`
|
UserHeader string `json:"userHeader"`
|
||||||
Groups []string `json:"groups"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Open returns an authentication strategy which requires no user interaction.
|
// Open returns an authentication strategy which requires no user interaction.
|
||||||
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
|
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
|
||||||
if c.HeaderName == "" {
|
return &callback{UserHeader: c.UserHeader, logger: logger, pathSuffix: "/" + id}, nil
|
||||||
c.HeaderName = "X-Remote-User"
|
|
||||||
}
|
|
||||||
return &callback{headerName: c.HeaderName, logger: logger, pathSuffix: "/" + id, groups: c.Groups}, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Callback is a connector which returns an identity with the HTTP header
|
// Callback is a connector which returns an identity with the HTTP header
|
||||||
// X-Remote-User as verified email.
|
// X-Remote-User as verified email.
|
||||||
type callback struct {
|
type callback struct {
|
||||||
headerName string
|
UserHeader string
|
||||||
groups []string
|
|
||||||
logger log.Logger
|
logger log.Logger
|
||||||
pathSuffix string
|
pathSuffix string
|
||||||
}
|
}
|
||||||
|
@ -51,9 +46,13 @@ func (m *callback) LoginURL(s connector.Scopes, callbackURL, state string) (stri
|
||||||
|
|
||||||
// HandleCallback parses the request and returns the user's identity
|
// HandleCallback parses the request and returns the user's identity
|
||||||
func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connector.Identity, error) {
|
func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connector.Identity, error) {
|
||||||
remoteUser := r.Header.Get(m.headerName)
|
userHeader := "X-Remote-User" // Default value
|
||||||
|
if m.UserHeader != "" {
|
||||||
|
userHeader = m.UserHeader
|
||||||
|
}
|
||||||
|
remoteUser := r.Header.Get(userHeader)
|
||||||
if remoteUser == "" {
|
if remoteUser == "" {
|
||||||
return connector.Identity{}, fmt.Errorf("required HTTP header %s is not set", m.headerName)
|
return connector.Identity{}, fmt.Errorf("required HTTP header %s is not set", m.UserHeader)
|
||||||
}
|
}
|
||||||
// TODO: add support for X-Remote-Group, see
|
// TODO: add support for X-Remote-Group, see
|
||||||
// https://kubernetes.io/docs/admin/authentication/#authenticating-proxy
|
// https://kubernetes.io/docs/admin/authentication/#authenticating-proxy
|
||||||
|
@ -61,6 +60,5 @@ func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connecto
|
||||||
UserID: remoteUser, // TODO: figure out if this is a bad ID value.
|
UserID: remoteUser, // TODO: figure out if this is a bad ID value.
|
||||||
Email: remoteUser,
|
Email: remoteUser,
|
||||||
EmailVerified: true,
|
EmailVerified: true,
|
||||||
Groups: m.groups,
|
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue