Skip to content

Commit

Permalink
Merge branch 'feature/authproxy-extra-headers' into stackhpc-release
Browse files Browse the repository at this point in the history
  • Loading branch information
mkjpryor committed Jun 20, 2023
2 parents b767cbd + 497483d commit a354226
Showing 1 changed file with 42 additions and 13 deletions.
55 changes: 42 additions & 13 deletions connector/authproxy/authproxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,33 +19,53 @@ import (
// Headers retrieved to fetch user's email and group can be configured
// with userHeader and groupHeader.
type Config struct {
UserHeader string `json:"userHeader"`
GroupHeader string `json:"groupHeader"`
Groups []string `json:"staticGroups"`
UserIdHeader string `json:"userIdHeader"`
UserHeader string `json:"userHeader"`
EmailHeader string `json:"emailHeader"`
GroupHeader string `json:"groupHeader"`
Groups []string `json:"staticGroups"`
}

// Open returns an authentication strategy which requires no user interaction.
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
userIdHeader := c.UserIdHeader
if userIdHeader == "" {
userIdHeader = "X-Remote-User-Id"
}
userHeader := c.UserHeader
if userHeader == "" {
userHeader = "X-Remote-User"
}
emailHeader := c.EmailHeader
if emailHeader == "" {
emailHeader = "X-Remote-User-Email"
}
groupHeader := c.GroupHeader
if groupHeader == "" {
groupHeader = "X-Remote-Group"
}

return &callback{userHeader: userHeader, groupHeader: groupHeader, logger: logger, pathSuffix: "/" + id, groups: c.Groups}, nil
return &callback{
userIdHeader: userIdHeader,
userHeader: userHeader,
emailHeader: emailHeader,
groupHeader: groupHeader,
groups: c.Groups,
logger: logger,
pathSuffix: "/" + id,
}, nil
}

// Callback is a connector which returns an identity with the HTTP header
// X-Remote-User as verified email.
type callback struct {
userHeader string
groupHeader string
groups []string
logger log.Logger
pathSuffix string
userIdHeader string
userHeader string
emailHeader string
groupHeader string
groups []string
logger log.Logger
pathSuffix string
}

// LoginURL returns the URL to redirect the user to login with.
Expand All @@ -67,6 +87,14 @@ func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connecto
if remoteUser == "" {
return connector.Identity{}, fmt.Errorf("required HTTP header %s is not set", m.userHeader)
}
remoteUserId := r.Header.Get(m.userIdHeader)
if remoteUserId == "" {
remoteUserId = remoteUser
}
remoteUserEmail := r.Header.Get(m.emailHeader)
if remoteUserEmail == "" {
remoteUserEmail = remoteUser
}
groups := m.groups
headerGroup := r.Header.Get(m.groupHeader)
if headerGroup != "" {
Expand All @@ -77,9 +105,10 @@ func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connecto
groups = append(splitheaderGroup, groups...)
}
return connector.Identity{
UserID: remoteUser, // TODO: figure out if this is a bad ID value.
Email: remoteUser,
EmailVerified: true,
Groups: groups,
UserID: remoteUserId,
PreferredUsername: remoteUser,
Email: remoteUserEmail,
EmailVerified: true,
Groups: groups,
}, nil
}

0 comments on commit a354226

Please sign in to comment.