go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-07-13 01:40:48 +02:00
Code Issues Releases Activity

Align tests to SkipAuthStripHeaders default

Browse Source
This commit is contained in:
Nick Meves
2020-11-07 12:33:37 -08:00
parent 14fd934b32
commit 1c26539ef0
2 changed files with 119 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/apis/options/legacy_options.go
View File

@ -31,8 +31,9 @@ func NewLegacyOptions() *LegacyOptions {
}, },
LegacyHeaders: LegacyHeaders{ LegacyHeaders: LegacyHeaders{
PassBasicAuth: true, PassBasicAuth: true,
PassUserHeaders: true, PassUserHeaders: true,
SkipAuthStripHeaders: true,
}, },
Options: *NewOptions(), Options: *NewOptions(),

155
pkg/apis/options/legacy_options_test.go
View File

@ -61,7 +61,7 @@ var _ = Describe("Legacy Options", func() {
opts.InjectRequestHeaders = []Header{ opts.InjectRequestHeaders = []Header{
{ {
Name: "X-Forwarded-Groups", Name: "X-Forwarded-Groups",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -72,7 +72,7 @@ var _ = Describe("Legacy Options", func() {
}, },
{ {
Name: "X-Forwarded-User", Name: "X-Forwarded-User",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -83,7 +83,7 @@ var _ = Describe("Legacy Options", func() {
}, },
{ {
Name: "X-Forwarded-Email", Name: "X-Forwarded-Email",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -94,7 +94,7 @@ var _ = Describe("Legacy Options", func() {
}, },
{ {
Name: "X-Forwarded-Preferred-Username", Name: "X-Forwarded-Preferred-Username",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -277,7 +277,7 @@ var _ = Describe("Legacy Options", func() {
xForwardedUser := Header{ xForwardedUser := Header{
Name: "X-Forwarded-User", Name: "X-Forwarded-User",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -289,7 +289,7 @@ var _ = Describe("Legacy Options", func() {
xForwardedEmail := Header{ xForwardedEmail := Header{
Name: "X-Forwarded-Email", Name: "X-Forwarded-Email",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -301,7 +301,7 @@ var _ = Describe("Legacy Options", func() {
xForwardedGroups := Header{ xForwardedGroups := Header{
Name: "X-Forwarded-Groups", Name: "X-Forwarded-Groups",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -313,7 +313,7 @@ var _ = Describe("Legacy Options", func() {
xForwardedPreferredUsername := Header{ xForwardedPreferredUsername := Header{
Name: "X-Forwarded-Preferred-Username", Name: "X-Forwarded-Preferred-Username",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -325,7 +325,7 @@ var _ = Describe("Legacy Options", func() {
basicAuthHeader := Header{ basicAuthHeader := Header{
Name: "Authorization", Name: "Authorization",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -340,7 +340,7 @@ var _ = Describe("Legacy Options", func() {
xForwardedUserWithEmail := Header{ xForwardedUserWithEmail := Header{
Name: "X-Forwarded-User", Name: "X-Forwarded-User",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -350,9 +350,21 @@ var _ = Describe("Legacy Options", func() {
}, },
} }
xForwardedAccessToken := Header{
Name: "X-Forwarded-Access-Token",
PreserveRequestValue: false,
Values: []HeaderValue{
{
ClaimSource: &ClaimSource{
Claim: "access_token",
},
},
},
}
basicAuthHeaderWithEmail := Header{ basicAuthHeaderWithEmail := Header{
Name: "Authorization", Name: "Authorization",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -401,13 +413,13 @@ var _ = Describe("Legacy Options", func() {
}, },
} }
xForwardedAccessToken := Header{ xAuthRequestPreferredUsername := Header{
Name: "X-Forwarded-Access-Token", Name: "X-Auth-Request-Preferred-Username",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
Claim: "access_token", Claim: "preferred_username",
}, },
}, },
}, },
@ -427,7 +439,7 @@ var _ = Describe("Legacy Options", func() {
authorizationHeader := Header{ authorizationHeader := Header{
Name: "Authorization", Name: "Authorization",
PreserveRequestValue: true, PreserveRequestValue: false,
Values: []HeaderValue{ Values: []HeaderValue{
{ {
ClaimSource: &ClaimSource{ ClaimSource: &ClaimSource{
@ -457,7 +469,7 @@ var _ = Describe("Legacy Options", func() {
PreferEmailToUser: false, PreferEmailToUser: false,
BasicAuthPassword: "", BasicAuthPassword: "",
SkipAuthStripHeaders: false, SkipAuthStripHeaders: true,
}, },
expectedRequestHeaders: []Header{}, expectedRequestHeaders: []Header{},
expectedResponseHeaders: []Header{}, expectedResponseHeaders: []Header{},
@ -475,7 +487,7 @@ var _ = Describe("Legacy Options", func() {
PreferEmailToUser: false, PreferEmailToUser: false,
BasicAuthPassword: basicAuthSecret, BasicAuthPassword: basicAuthSecret,
SkipAuthStripHeaders: false, SkipAuthStripHeaders: true,
}, },
expectedRequestHeaders: []Header{ expectedRequestHeaders: []Header{
xForwardedUser, xForwardedUser,
@ -485,10 +497,10 @@ var _ = Describe("Legacy Options", func() {
basicAuthHeader, basicAuthHeader,
}, },
expectedResponseHeaders: []Header{ expectedResponseHeaders: []Header{
withPreserveRequestValue(basicAuthHeader, false), basicAuthHeader,
}, },
}), }),
Entry("with basic auth enabled and skipAuthStripHeaders", legacyHeadersTableInput{ Entry("with basic auth enabled and skipAuthStripHeaders disabled", legacyHeadersTableInput{
legacyHeaders: &LegacyHeaders{ legacyHeaders: &LegacyHeaders{
PassBasicAuth: true, PassBasicAuth: true,
PassAccessToken: false, PassAccessToken: false,
@ -501,17 +513,17 @@ var _ = Describe("Legacy Options", func() {
PreferEmailToUser: false, PreferEmailToUser: false,
BasicAuthPassword: basicAuthSecret, BasicAuthPassword: basicAuthSecret,
SkipAuthStripHeaders: true, SkipAuthStripHeaders: false,
}, },
expectedRequestHeaders: []Header{ expectedRequestHeaders: []Header{
withPreserveRequestValue(xForwardedUser, false), withPreserveRequestValue(xForwardedUser, true),
withPreserveRequestValue(xForwardedEmail, false), withPreserveRequestValue(xForwardedEmail, true),
withPreserveRequestValue(xForwardedGroups, false), withPreserveRequestValue(xForwardedGroups, true),
withPreserveRequestValue(xForwardedPreferredUsername, false), withPreserveRequestValue(xForwardedPreferredUsername, true),
withPreserveRequestValue(basicAuthHeader, false), withPreserveRequestValue(basicAuthHeader, true),
}, },
expectedResponseHeaders: []Header{ expectedResponseHeaders: []Header{
withPreserveRequestValue(basicAuthHeader, false), basicAuthHeader,
}, },
}), }),
Entry("with basic auth enabled and preferEmailToUser", legacyHeadersTableInput{ Entry("with basic auth enabled and preferEmailToUser", legacyHeadersTableInput{
@ -527,7 +539,7 @@ var _ = Describe("Legacy Options", func() {
PreferEmailToUser: true, PreferEmailToUser: true,
BasicAuthPassword: basicAuthSecret, BasicAuthPassword: basicAuthSecret,
SkipAuthStripHeaders: false, SkipAuthStripHeaders: true,
}, },
expectedRequestHeaders: []Header{ expectedRequestHeaders: []Header{
xForwardedUserWithEmail, xForwardedUserWithEmail,
@ -536,7 +548,7 @@ var _ = Describe("Legacy Options", func() {
basicAuthHeaderWithEmail, basicAuthHeaderWithEmail,
}, },
expectedResponseHeaders: []Header{ expectedResponseHeaders: []Header{
withPreserveRequestValue(basicAuthHeaderWithEmail, false), basicAuthHeaderWithEmail,
}, },
}), }),
Entry("with basic auth enabled and passUserHeaders", legacyHeadersTableInput{ Entry("with basic auth enabled and passUserHeaders", legacyHeadersTableInput{
@ -552,7 +564,7 @@ var _ = Describe("Legacy Options", func() {
PreferEmailToUser: false, PreferEmailToUser: false,
BasicAuthPassword: basicAuthSecret, BasicAuthPassword: basicAuthSecret,
SkipAuthStripHeaders: false, SkipAuthStripHeaders: true,
}, },
expectedRequestHeaders: []Header{ expectedRequestHeaders: []Header{
xForwardedUser, xForwardedUser,
@ -562,7 +574,7 @@ var _ = Describe("Legacy Options", func() {
basicAuthHeader, basicAuthHeader,
}, },
expectedResponseHeaders: []Header{ expectedResponseHeaders: []Header{
withPreserveRequestValue(basicAuthHeader, false), basicAuthHeader,
}, },
}), }),
Entry("with passUserHeaders", legacyHeadersTableInput{ Entry("with passUserHeaders", legacyHeadersTableInput{
@ -578,7 +590,7 @@ var _ = Describe("Legacy Options", func() {
PreferEmailToUser: false, PreferEmailToUser: false,
BasicAuthPassword: "", BasicAuthPassword: "",
SkipAuthStripHeaders: false, SkipAuthStripHeaders: true,
}, },
expectedRequestHeaders: []Header{ expectedRequestHeaders: []Header{
xForwardedUser, xForwardedUser,
@ -588,6 +600,29 @@ var _ = Describe("Legacy Options", func() {
}, },
expectedResponseHeaders: []Header{}, expectedResponseHeaders: []Header{},
}), }),
Entry("with passUserHeaders and SkipAuthStripHeaders disabled", legacyHeadersTableInput{
legacyHeaders: &LegacyHeaders{
PassBasicAuth: false,
PassAccessToken: false,
PassUserHeaders: true,
PassAuthorization: false,
SetBasicAuth: false,
SetXAuthRequest: false,
SetAuthorization: false,
PreferEmailToUser: false,
BasicAuthPassword: "",
SkipAuthStripHeaders: false,
},
expectedRequestHeaders: []Header{
withPreserveRequestValue(xForwardedUser, true),
withPreserveRequestValue(xForwardedEmail, true),
withPreserveRequestValue(xForwardedGroups, true),
withPreserveRequestValue(xForwardedPreferredUsername, true),
},
expectedResponseHeaders: []Header{},
}),
Entry("with setXAuthRequest", legacyHeadersTableInput{ Entry("with setXAuthRequest", legacyHeadersTableInput{
legacyHeaders: &LegacyHeaders{ legacyHeaders: &LegacyHeaders{
PassBasicAuth: false, PassBasicAuth: false,
@ -601,14 +636,14 @@ var _ = Describe("Legacy Options", func() {
PreferEmailToUser: false, PreferEmailToUser: false,
BasicAuthPassword: "", BasicAuthPassword: "",
SkipAuthStripHeaders: false, SkipAuthStripHeaders: true,
}, },
expectedRequestHeaders: []Header{}, expectedRequestHeaders: []Header{},
expectedResponseHeaders: []Header{ expectedResponseHeaders: []Header{
xAuthRequestUser, xAuthRequestUser,
xAuthRequestEmail, xAuthRequestEmail,
xAuthRequestGroups, xAuthRequestGroups,
withPreserveRequestValue(xForwardedPreferredUsername, false), xAuthRequestPreferredUsername,
}, },
}), }),
Entry("with passAccessToken", legacyHeadersTableInput{ Entry("with passAccessToken", legacyHeadersTableInput{
@ -624,7 +659,7 @@ var _ = Describe("Legacy Options", func() {
PreferEmailToUser: false, PreferEmailToUser: false,
BasicAuthPassword: "", BasicAuthPassword: "",
SkipAuthStripHeaders: false, SkipAuthStripHeaders: true,
}, },
expectedRequestHeaders: []Header{ expectedRequestHeaders: []Header{
xForwardedAccessToken, xForwardedAccessToken,
@ -644,7 +679,7 @@ var _ = Describe("Legacy Options", func() {
PreferEmailToUser: false, PreferEmailToUser: false,
BasicAuthPassword: "", BasicAuthPassword: "",
SkipAuthStripHeaders: false, SkipAuthStripHeaders: true,
}, },
expectedRequestHeaders: []Header{ expectedRequestHeaders: []Header{
xForwardedAccessToken, xForwardedAccessToken,
@ -653,11 +688,53 @@ var _ = Describe("Legacy Options", func() {
xAuthRequestUser, xAuthRequestUser,
xAuthRequestEmail, xAuthRequestEmail,
xAuthRequestGroups, xAuthRequestGroups,
withPreserveRequestValue(xForwardedPreferredUsername, false), xAuthRequestPreferredUsername,
xAuthRequestAccessToken, xAuthRequestAccessToken,
}, },
}), }),
Entry("with passAcessToken and SkipAuthStripHeaders disabled", legacyHeadersTableInput{
legacyHeaders: &LegacyHeaders{
PassBasicAuth: false,
PassAccessToken: true,
PassUserHeaders: false,
PassAuthorization: false,
SetBasicAuth: false,
SetXAuthRequest: false,
SetAuthorization: false,
PreferEmailToUser: false,
BasicAuthPassword: "",
SkipAuthStripHeaders: false,
},
expectedRequestHeaders: []Header{
withPreserveRequestValue(xForwardedAccessToken, true),
},
expectedResponseHeaders: []Header{},
}),
Entry("with authorization headers", legacyHeadersTableInput{ Entry("with authorization headers", legacyHeadersTableInput{
legacyHeaders: &LegacyHeaders{
PassBasicAuth: false,
PassAccessToken: false,
PassUserHeaders: false,
PassAuthorization: true,
SetBasicAuth: false,
SetXAuthRequest: false,
SetAuthorization: true,
PreferEmailToUser: false,
BasicAuthPassword: "",
SkipAuthStripHeaders: true,
},
expectedRequestHeaders: []Header{
authorizationHeader,
},
expectedResponseHeaders: []Header{
authorizationHeader,
},
}),
Entry("with authorization headers and SkipAuthStripHeaders disabled", legacyHeadersTableInput{
legacyHeaders: &LegacyHeaders{ legacyHeaders: &LegacyHeaders{
PassBasicAuth: false, PassBasicAuth: false,
PassAccessToken: false, PassAccessToken: false,
@ -673,10 +750,10 @@ var _ = Describe("Legacy Options", func() {
SkipAuthStripHeaders: false, SkipAuthStripHeaders: false,
}, },
expectedRequestHeaders: []Header{ expectedRequestHeaders: []Header{
authorizationHeader, withPreserveRequestValue(authorizationHeader, true),
}, },
expectedResponseHeaders: []Header{ expectedResponseHeaders: []Header{
withPreserveRequestValue(authorizationHeader, false), authorizationHeader,
}, },
}), }),
) )