Implement the “authproxy” connector (for Apache2 mod_auth etc.)
This commit is contained in:
Michael Stapelberg
@@ -346,6 +346,12 @@ func (s *Server) handleConnectorCallback(w http.ResponseWriter, r *http.Request)
|
||||
return
|
||||
}
|
||||
|
||||
if connID := mux.Vars(r)["connector"]; connID != "" && connID != authReq.ConnectorID {
|
||||
s.logger.Errorf("Connector mismatch: authentication started with id %q, but callback for id %q was triggered", authReq.ConnectorID, connID)
|
||||
s.renderError(w, http.StatusInternalServerError, "Requested resource does not exist.")
|
||||
return
|
||||
}
|
||||
|
||||
conn, err := s.getConnector(authReq.ConnectorID)
|
||||
if err != nil {
|
||||
s.logger.Errorf("Failed to get connector with id %q : %v", authReq.ConnectorID, err)
|
||||
|
||||
@@ -19,6 +19,7 @@ import (
|
||||
"github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/coreos/dex/connector"
|
||||
"github.com/coreos/dex/connector/authproxy"
|
||||
"github.com/coreos/dex/connector/github"
|
||||
"github.com/coreos/dex/connector/gitlab"
|
||||
"github.com/coreos/dex/connector/ldap"
|
||||
@@ -240,6 +241,9 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
|
||||
handleFunc("/auth", s.handleAuthorization)
|
||||
handleFunc("/auth/{connector}", s.handleConnectorLogin)
|
||||
handleFunc("/callback", s.handleConnectorCallback)
|
||||
// For easier connector-specific web server configuration, e.g. for the
|
||||
// "authproxy" connector.
|
||||
handleFunc("/callback/{connector}", s.handleConnectorCallback)
|
||||
handleFunc("/approval", s.handleApproval)
|
||||
handleFunc("/healthz", s.handleHealth)
|
||||
handlePrefix("/static", static)
|
||||
@@ -381,7 +385,7 @@ func (s *Server) startGarbageCollection(ctx context.Context, frequency time.Dura
|
||||
|
||||
// ConnectorConfig is a configuration that can open a connector.
|
||||
type ConnectorConfig interface {
|
||||
Open(logrus.FieldLogger) (connector.Connector, error)
|
||||
Open(id string, logger logrus.FieldLogger) (connector.Connector, error)
|
||||
}
|
||||
|
||||
// ConnectorsConfig variable provides an easy way to return a config struct
|
||||
@@ -394,6 +398,7 @@ var ConnectorsConfig = map[string]func() ConnectorConfig{
|
||||
"gitlab": func() ConnectorConfig { return new(gitlab.Config) },
|
||||
"oidc": func() ConnectorConfig { return new(oidc.Config) },
|
||||
"saml": func() ConnectorConfig { return new(saml.Config) },
|
||||
"authproxy": func() ConnectorConfig { return new(authproxy.Config) },
|
||||
// Keep around for backwards compatibility.
|
||||
"samlExperimental": func() ConnectorConfig { return new(saml.Config) },
|
||||
}
|
||||
@@ -415,7 +420,7 @@ func openConnector(logger logrus.FieldLogger, conn storage.Connector) (connector
|
||||
}
|
||||
}
|
||||
|
||||
c, err := connConfig.Open(logger)
|
||||
c, err := connConfig.Open(conn.ID, logger)
|
||||
if err != nil {
|
||||
return c, fmt.Errorf("failed to create connector %s: %v", conn.ID, err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user