proxy: cleanup addHeadersForProxying
This commit is contained in:
parent
ef24b1cde2
commit
b10912d8ba
|
@ -890,63 +890,30 @@ func (p *OAuthProxy) getAuthenticatedSession(rw http.ResponseWriter, req *http.R
|
||||||
|
|
||||||
// addHeadersForProxying adds the appropriate headers the request / response for proxying
|
// addHeadersForProxying adds the appropriate headers the request / response for proxying
|
||||||
func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Request, session *sessionsapi.SessionState) {
|
func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Request, session *sessionsapi.SessionState) {
|
||||||
if p.PassUserHeaders {
|
req.Header["X-Forwarded-User"] = []string{session.User}
|
||||||
if p.PreferEmailToUser && session.Email != "" {
|
if session.Email != "" {
|
||||||
req.Header["X-Forwarded-User"] = []string{session.Email}
|
req.Header["X-Forwarded-Email"] = []string{session.Email}
|
||||||
req.Header.Del("X-Forwarded-Email")
|
|
||||||
} else {
|
|
||||||
req.Header["X-Forwarded-User"] = []string{session.User}
|
|
||||||
if session.Email != "" {
|
|
||||||
req.Header["X-Forwarded-Email"] = []string{session.Email}
|
|
||||||
} else {
|
|
||||||
req.Header.Del("X-Forwarded-Email")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if session.PreferredUsername != "" {
|
|
||||||
req.Header["X-Forwarded-Preferred-Username"] = []string{session.PreferredUsername}
|
|
||||||
} else {
|
|
||||||
req.Header.Del("X-Forwarded-Preferred-Username")
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.SetXAuthRequest {
|
if session.PreferredUsername != "" {
|
||||||
rw.Header().Set("X-Auth-Request-User", session.User)
|
req.Header["X-Forwarded-Preferred-Username"] = []string{session.PreferredUsername}
|
||||||
if session.Email != "" {
|
req.Header["X-Auth-Username"] = []string{session.PreferredUsername}
|
||||||
rw.Header().Set("X-Auth-Request-Email", session.Email)
|
} else {
|
||||||
} else {
|
req.Header.Del("X-Forwarded-Preferred-Username")
|
||||||
rw.Header().Del("X-Auth-Request-Email")
|
req.Header.Del("X-Auth-Username")
|
||||||
}
|
|
||||||
if session.PreferredUsername != "" {
|
|
||||||
rw.Header().Set("X-Auth-Request-Preferred-Username", session.PreferredUsername)
|
|
||||||
} else {
|
|
||||||
rw.Header().Del("X-Auth-Request-Preferred-Username")
|
|
||||||
}
|
|
||||||
|
|
||||||
if p.PassAccessToken {
|
|
||||||
if session.AccessToken != "" {
|
|
||||||
rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)
|
|
||||||
} else {
|
|
||||||
rw.Header().Del("X-Auth-Request-Access-Token")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.PassAccessToken {
|
if session.Email != "" {
|
||||||
if session.AccessToken != "" {
|
rw.Header().Set("X-Auth-Request-Email", session.Email)
|
||||||
req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}
|
} else {
|
||||||
} else {
|
rw.Header().Del("X-Auth-Request-Email")
|
||||||
req.Header.Del("X-Forwarded-Access-Token")
|
}
|
||||||
}
|
if session.PreferredUsername != "" {
|
||||||
|
rw.Header().Set("X-Auth-Request-Preferred-Username", session.PreferredUsername)
|
||||||
|
} else {
|
||||||
|
rw.Header().Del("X-Auth-Request-Preferred-Username")
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.PassAuthorization {
|
|
||||||
if session.IDToken != "" {
|
|
||||||
req.Header["Authorization"] = []string{fmt.Sprintf("Bearer %s", session.IDToken)}
|
|
||||||
} else {
|
|
||||||
req.Header.Del("Authorization")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if p.SetBasicAuth {
|
if p.SetBasicAuth {
|
||||||
claims := Claims{}
|
claims := Claims{}
|
||||||
err := claims.FromIDToken(session.IDToken)
|
err := claims.FromIDToken(session.IDToken)
|
||||||
|
@ -968,13 +935,6 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
|
||||||
authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password))
|
authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password))
|
||||||
req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)}
|
req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)}
|
||||||
}
|
}
|
||||||
if p.SetAuthorization {
|
|
||||||
if session.IDToken != "" {
|
|
||||||
rw.Header().Set("Authorization", fmt.Sprintf("Bearer %s", session.IDToken))
|
|
||||||
} else {
|
|
||||||
rw.Header().Del("Authorization")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if session.Email == "" {
|
if session.Email == "" {
|
||||||
rw.Header().Set("GAP-Auth", session.User)
|
rw.Header().Set("GAP-Auth", session.User)
|
||||||
|
|
|
@ -49,7 +49,6 @@ func getCommonOptions() *options.Options {
|
||||||
commonOpts.ProxyPrefix = "/pbprox"
|
commonOpts.ProxyPrefix = "/pbprox"
|
||||||
commonOpts.SkipProviderButton = true
|
commonOpts.SkipProviderButton = true
|
||||||
commonOpts.Logging.SilencePing = true
|
commonOpts.Logging.SilencePing = true
|
||||||
commonOpts.SetXAuthRequest = true
|
|
||||||
commonOpts.SetAuthorization = false
|
commonOpts.SetAuthorization = false
|
||||||
commonOpts.Scope = "openid email profile pb_proxy"
|
commonOpts.Scope = "openid email profile pb_proxy"
|
||||||
return commonOpts
|
return commonOpts
|
||||||
|
|
Reference in a new issue