outposts/proxy: set http code when no redirect header is set

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-01-14 22:20:52 +01:00
parent d31e566873
commit 69d4719687
No known key found for this signature in database
2 changed files with 6 additions and 3 deletions

View file

@ -5,17 +5,19 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
"goauthentik.io/internal/outpost/proxyv2/constants"
) )
func (a *Application) checkAuthHeaderBearer(r *http.Request) string { func (a *Application) checkAuthHeaderBearer(r *http.Request) string {
auth := r.Header.Get(HeaderAuthorization) auth := r.Header.Get(constants.HeaderAuthorization)
if auth == "" { if auth == "" {
return "" return ""
} }
if len(auth) < len(AuthBearer) || !strings.EqualFold(auth[:len(AuthBearer)], AuthBearer) { if len(auth) < len(constants.AuthBearer) || !strings.EqualFold(auth[:len(constants.AuthBearer)], constants.AuthBearer) {
return "" return ""
} }
return auth[len(AuthBearer):] return auth[len(constants.AuthBearer):]
} }
type TokenIntrospectionResponse struct { type TokenIntrospectionResponse struct {

View file

@ -36,6 +36,7 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
a.log.WithError(err).Warning("failed to decode session") a.log.WithError(err).Warning("failed to decode session")
} }
if r.Header.Get(constants.HeaderNoRedirect) == "true" { if r.Header.Get(constants.HeaderNoRedirect) == "true" {
rw.WriteHeader(401)
er := a.errorTemplates.Execute(rw, ErrorPageData{ er := a.errorTemplates.Execute(rw, ErrorPageData{
Title: "Unauthenticated", Title: "Unauthenticated",
Message: fmt.Sprintf("Due to '%s' being set, no redirect is performed.", constants.HeaderNoRedirect), Message: fmt.Sprintf("Due to '%s' being set, no redirect is performed.", constants.HeaderNoRedirect),