mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-01-24 05:26:55 +02:00
commit
1afaf46656
@ -40,7 +40,7 @@ func (cfg EnvOptions) LoadEnvForStruct(options interface{}) {
|
||||
envName := field.Tag.Get("env")
|
||||
cfgName := field.Tag.Get("cfg")
|
||||
if cfgName == "" && flagName != "" {
|
||||
cfgName = strings.Replace(flagName, "-", "_", -1)
|
||||
cfgName = strings.ReplaceAll(flagName, "-", "_")
|
||||
}
|
||||
if envName == "" || cfgName == "" {
|
||||
// resolvable fields must have the `env` and `cfg` struct tag
|
||||
|
@ -119,7 +119,7 @@ func (u *UpstreamProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
r.Header.Set("GAP-Auth", w.Header().Get("GAP-Auth"))
|
||||
u.auth.SignRequest(r)
|
||||
}
|
||||
if u.wsHandler != nil && strings.ToLower(r.Header.Get("Connection")) == "upgrade" && r.Header.Get("Upgrade") == "websocket" {
|
||||
if u.wsHandler != nil && strings.EqualFold(r.Header.Get("Connection"), "upgrade") && r.Header.Get("Upgrade") == "websocket" {
|
||||
u.wsHandler.ServeHTTP(w, r)
|
||||
} else {
|
||||
u.handler.ServeHTTP(w, r)
|
||||
|
@ -136,18 +136,18 @@ func splitCookie(c *http.Cookie) []*http.Cookie {
|
||||
valueBytes := []byte(c.Value)
|
||||
count := 0
|
||||
for len(valueBytes) > 0 {
|
||||
new := copyCookie(c)
|
||||
new.Name = fmt.Sprintf("%s_%d", c.Name, count)
|
||||
newCookie := copyCookie(c)
|
||||
newCookie.Name = fmt.Sprintf("%s_%d", c.Name, count)
|
||||
count++
|
||||
if len(valueBytes) < maxCookieLength {
|
||||
new.Value = string(valueBytes)
|
||||
newCookie.Value = string(valueBytes)
|
||||
valueBytes = []byte{}
|
||||
} else {
|
||||
newValue := valueBytes[:maxCookieLength]
|
||||
valueBytes = valueBytes[maxCookieLength:]
|
||||
new.Value = string(newValue)
|
||||
newCookie.Value = string(newValue)
|
||||
}
|
||||
cookies = append(cookies, new)
|
||||
cookies = append(cookies, newCookie)
|
||||
}
|
||||
return cookies
|
||||
}
|
||||
|
@ -195,9 +195,10 @@ func userInGroup(service *admin.Service, groups []string, email string) bool {
|
||||
r, err := req.Do()
|
||||
if err != nil {
|
||||
err, ok := err.(*googleapi.Error)
|
||||
if ok && err.Code == 404 {
|
||||
switch {
|
||||
case ok && err.Code == 404:
|
||||
logger.Printf("error checking membership in group %s: group does not exist", group)
|
||||
} else if ok && err.Code == 400 {
|
||||
case ok && err.Code == 400:
|
||||
// It is possible for Members.HasMember to return false even if the email is a group member.
|
||||
// One case that can cause this is if the user email is from a different domain than the group,
|
||||
// e.g. "member@otherdomain.com" in the group "group@mydomain.com" will result in a 400 error
|
||||
@ -215,7 +216,7 @@ func userInGroup(service *admin.Service, groups []string, email string) bool {
|
||||
if r.Status == "ACTIVE" {
|
||||
return true
|
||||
}
|
||||
} else {
|
||||
default:
|
||||
logger.Printf("error checking group membership: %v", err)
|
||||
}
|
||||
continue
|
||||
|
Loading…
x
Reference in New Issue
Block a user