From e164bb381e92a39cf3b6a8252bc30e7483a8d99e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thierry=20Sall=C3=A9?= Date: Thu, 17 Dec 2020 16:25:11 +0100 Subject: [PATCH] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Márk Sági-Kazár Signed-off-by: seuf --- connector/authproxy/authproxy.go | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/connector/authproxy/authproxy.go b/connector/authproxy/authproxy.go index da8c0e98..853e5ee2 100644 --- a/connector/authproxy/authproxy.go +++ b/connector/authproxy/authproxy.go @@ -20,13 +20,18 @@ type Config struct { // Open returns an authentication strategy which requires no user interaction. func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) { - return &callback{UserHeader: c.UserHeader, logger: logger, pathSuffix: "/" + id}, nil + userHeader := c.UserHeader + if userHeader == "" { + userHeader = "X-Remote-User" + } + + return &callback{userHeader: userHeader, logger: logger, pathSuffix: "/" + id}, nil } // Callback is a connector which returns an identity with the HTTP header // X-Remote-User as verified email. type callback struct { - UserHeader string + userHeader string logger log.Logger pathSuffix string } @@ -46,13 +51,9 @@ func (m *callback) LoginURL(s connector.Scopes, callbackURL, state string) (stri // HandleCallback parses the request and returns the user's identity func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connector.Identity, error) { - userHeader := "X-Remote-User" // Default value - if m.UserHeader != "" { - userHeader = m.UserHeader - } - remoteUser := r.Header.Get(userHeader) + remoteUser := r.Header.Get(m.userHeader) if remoteUser == "" { - return connector.Identity{}, fmt.Errorf("required HTTP header %s is not set", m.UserHeader) + return connector.Identity{}, fmt.Errorf("required HTTP header %s is not set", m.userHeader) } // TODO: add support for X-Remote-Group, see // https://kubernetes.io/docs/admin/authentication/#authenticating-proxy