Store the group membership in the session

This change puts the groups from the htpasswd-user-group in the
session during the manual sign in process. This fixes the issue
with being unable to properly authenticate using the manual
sign in form when certain group membership is required (e.g. when
the --gitlab-group option is used).

oauthproxy.go

@@ -78,6 +78,7 @@ type OAuthProxy struct {
 	sessionStore        sessionsapi.SessionStore
 	ProxyPrefix         string
 	basicAuthValidator  basic.Validator
+	basicAuthGroups     []string
 	SkipProviderButton  bool
 	skipAuthPreflight   bool
 	skipJwtBearerTokens bool
@@ -200,6 +201,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
 		trustedIPs:          trustedIPs,
 
 		basicAuthValidator: basicAuthValidator,
+		basicAuthGroups:    opts.HtpasswdUserGroups,
 		sessionChain:       sessionChain,
 		headersChain:       headersChain,
 		preAuthChain:       preAuthChain,
@@ -534,7 +536,7 @@ func (p *OAuthProxy) isTrustedIP(req *http.Request) bool {
 	return p.trustedIPs.Has(remoteAddr)
 }
 
-// SignInPage writes the sing in template to the response
+// SignInPage writes the sign in template to the response
 func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code int) {
 	prepareNoCache(rw)
 	err := p.ClearSessionCookie(rw, req)
@@ -589,7 +591,7 @@ func (p *OAuthProxy) SignIn(rw http.ResponseWriter, req *http.Request) {
 
 	user, ok := p.ManualSignIn(req)
 	if ok {
-		session := &sessionsapi.SessionState{User: user}
+		session := &sessionsapi.SessionState{User: user, Groups: p.basicAuthGroups}
 		err = p.SaveSession(rw, req, session)
 		if err != nil {
 			logger.Printf("Error saving session: %v", err)