go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-08 22:46:33 +02:00
Code Issues Releases Activity

Support the PreferEmailToUser option on PassUserHeaders

Browse Source 
Previously in #401, an option was added to support forwarding the email
address as the username to the upstream service when the PassBasicAuth
option is used.

The PassBasicAuth option is not appropriate for all users, with PassUserHeaders
allowing very similar functionality without specifying a basic auth headers.

The PreferEmailToUser option has been expanded to support the PassUserHeaders
option.
This commit is contained in:
Jordan Crawford
2020-03-04 11:27:43 +13:00
parent 666d4c3db1
commit 4cd43ef397
6 changed files with 44 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
oauthproxy_test.go
View File

@ -511,23 +511,45 @@ func TestBasicAuthWithEmail(t *testing.T) {
assert.Equal(t, expectedEmailHeader, req.Header["Authorization"][0])
assert.Equal(t, emailAddress, req.Header["X-Forwarded-User"][0])
}
}
func TestPassUserHeadersWithEmail(t *testing.T) {
opts := NewOptions()
opts.PassBasicAuth = false
opts.PassUserHeaders = true
opts.PreferEmailToUser = false
opts.Validate()
const emailAddress = "john.doe@example.com"
const userName = "9fcab5c9b889a557"
session := &sessions.SessionState{
User: userName,
Email: emailAddress,
AccessToken: "oauth_token",
CreatedAt: time.Now(),
}
{
// PassUserHeaders takes predecense over the headers added by
// PassBasicAuth, thus we expect them to contain something else.
rw := httptest.NewRecorder()
req, _ := http.NewRequest("GET", opts.ProxyPrefix+"/testCase2", nil)
req, _ := http.NewRequest("GET", opts.ProxyPrefix+"/testCase0", nil)
proxy := NewOAuthProxy(opts, func(email string) bool {
return email == emailAddress
})
proxy.addHeadersForProxying(rw, req, session)
// The user address here should still be an email.
assert.Equal(t, expectedEmailHeader, req.Header["Authorization"][0])
assert.Equal(t, emailAddress, req.Header["X-Forwarded-Email"][0])
assert.Equal(t, userName, req.Header["X-Forwarded-User"][0])
}
opts.PreferEmailToUser = true
{
rw := httptest.NewRecorder()
req, _ := http.NewRequest("GET", opts.ProxyPrefix+"/testCase1", nil)
proxy := NewOAuthProxy(opts, func(email string) bool {
return email == emailAddress
})
proxy.addHeadersForProxying(rw, req, session)
assert.Equal(t, emailAddress, req.Header["X-Forwarded-User"][0])
}
}
type PassAccessTokenTest struct {