Allow configuration of groups for authproxy

Signed-off-by: seuf <seuf76@gmail.com>
This commit is contained in:
seuf 2020-10-20 11:19:48 +02:00
parent a12a919d3e
commit f19bccfc92

View file

@ -16,6 +16,7 @@ import (
// identity with the HTTP header X-Remote-User as verified email. // identity with the HTTP header X-Remote-User as verified email.
type Config struct { type Config struct {
HeaderName string `json:"headerName"` HeaderName string `json:"headerName"`
Groups []string `json:"groups"`
} }
// Open returns an authentication strategy which requires no user interaction. // Open returns an authentication strategy which requires no user interaction.
@ -23,13 +24,14 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
if c.HeaderName == "" { if c.HeaderName == "" {
c.HeaderName = "X-Remote-User" c.HeaderName = "X-Remote-User"
} }
return &callback{headerName: c.HeaderName, logger: logger, pathSuffix: "/" + id}, nil return &callback{headerName: c.HeaderName, logger: logger, pathSuffix: "/" + id, groups: c.Groups}, nil
} }
// Callback is a connector which returns an identity with the HTTP header // Callback is a connector which returns an identity with the HTTP header
// X-Remote-User as verified email. // X-Remote-User as verified email.
type callback struct { type callback struct {
headerName string headerName string
groups []string
logger log.Logger logger log.Logger
pathSuffix string pathSuffix string
} }
@ -59,5 +61,6 @@ func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connecto
UserID: remoteUser, // TODO: figure out if this is a bad ID value. UserID: remoteUser, // TODO: figure out if this is a bad ID value.
Email: remoteUser, Email: remoteUser,
EmailVerified: true, EmailVerified: true,
Groups: m.groups,
}, nil }, nil
} }