k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

Rename config header to userHeader

Browse Source 
Signed-off-by: seuf <seuf76@gmail.com>
This commit is contained in:
seuf
2020-11-24 10:39:12 +01:00
parent f19bccfc92
commit a1c7198738
1 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
connector/authproxy/authproxy.go
View File

@@ -15,23 +15,18 @@ import (
// Config holds the configuration parameters for a connector which returns an // Config holds the configuration parameters for a connector which returns an
// identity with the HTTP header X-Remote-User as verified email. // identity with the HTTP header X-Remote-User as verified email.
type Config struct { type Config struct {
HeaderName string `json:"headerName"` UserHeader string `json:"userHeader"`
Groups []string `json:"groups"`
} }
// Open returns an authentication strategy which requires no user interaction. // Open returns an authentication strategy which requires no user interaction.
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) { func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
if c.HeaderName == "" { return &callback{UserHeader: c.UserHeader, logger: logger, pathSuffix: "/" + id}, nil
c.HeaderName = "X-Remote-User"
}
return &callback{headerName: c.HeaderName, logger: logger, pathSuffix: "/" + id, groups: c.Groups}, nil
} }
// Callback is a connector which returns an identity with the HTTP header // Callback is a connector which returns an identity with the HTTP header
// X-Remote-User as verified email. // X-Remote-User as verified email.
type callback struct { type callback struct {
headerName string UserHeader string
groups []string
logger log.Logger logger log.Logger
pathSuffix string pathSuffix string
} }
@@ -51,9 +46,13 @@ func (m *callback) LoginURL(s connector.Scopes, callbackURL, state string) (stri
// HandleCallback parses the request and returns the user's identity // HandleCallback parses the request and returns the user's identity
func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connector.Identity, error) { func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connector.Identity, error) {
remoteUser := r.Header.Get(m.headerName) userHeader := "X-Remote-User" // Default value
if m.UserHeader != "" {
userHeader = m.UserHeader
}
remoteUser := r.Header.Get(userHeader)
if remoteUser == "" { if remoteUser == "" {
return connector.Identity{}, fmt.Errorf("required HTTP header %s is not set", m.headerName) return connector.Identity{}, fmt.Errorf("required HTTP header %s is not set", m.UserHeader)
} }
// TODO: add support for X-Remote-Group, see // TODO: add support for X-Remote-Group, see
// https://kubernetes.io/docs/admin/authentication/#authenticating-proxy // https://kubernetes.io/docs/admin/authentication/#authenticating-proxy
@@ -61,6 +60,5 @@ func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connecto
UserID: remoteUser, // TODO: figure out if this is a bad ID value. UserID: remoteUser, // TODO: figure out if this is a bad ID value.
Email: remoteUser, Email: remoteUser,
EmailVerified: true, EmailVerified: true,
Groups: m.groups,
}, nil }, nil
} }