From fcf4657833ec87a12b6edcbae68939666f0b8e4e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 30 Jul 2022 20:29:23 +0200 Subject: [PATCH] providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser closes #3314 Signed-off-by: Jens Langhammer --- authentik/providers/proxy/managed.py | 3 ++- internal/outpost/proxyv2/application/claims.go | 1 + internal/outpost/proxyv2/application/error.go | 6 ++++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/authentik/providers/proxy/managed.py b/authentik/providers/proxy/managed.py index ab908322e..2df4e03a3 100644 --- a/authentik/providers/proxy/managed.py +++ b/authentik/providers/proxy/managed.py @@ -8,7 +8,8 @@ SCOPE_AK_PROXY_EXPRESSION = """ # which are used for example for the HTTP-Basic Authentication mapping. return { "ak_proxy": { - "user_attributes": request.user.group_attributes(request) + "user_attributes": request.user.group_attributes(request), + "is_superuser": request.user.is_superuser, } }""" diff --git a/internal/outpost/proxyv2/application/claims.go b/internal/outpost/proxyv2/application/claims.go index e806610b7..bd34e1309 100644 --- a/internal/outpost/proxyv2/application/claims.go +++ b/internal/outpost/proxyv2/application/claims.go @@ -3,6 +3,7 @@ package application type ProxyClaims struct { UserAttributes map[string]interface{} `json:"user_attributes"` BackendOverride string `json:"backend_override"` + IsSuperuser bool `json:"is_superuser"` } type Claims struct { diff --git a/internal/outpost/proxyv2/application/error.go b/internal/outpost/proxyv2/application/error.go index 1b52d4f7a..56c922054 100644 --- a/internal/outpost/proxyv2/application/error.go +++ b/internal/outpost/proxyv2/application/error.go @@ -20,8 +20,10 @@ func (a *Application) ErrorPage(rw http.ResponseWriter, r *http.Request, err str Message: "Error proxying to upstream server", ProxyPrefix: "/outpost.goauthentik.io", } - if claims != nil && len(err) > 0 { + if claims != nil && claims.Proxy.IsSuperuser { data.Message = err + } else { + data.Message = "Failed to connect to backend." } er := a.errorTemplates.Execute(rw, data) if er != nil { @@ -34,6 +36,6 @@ func (a *Application) newProxyErrorHandler() func(http.ResponseWriter, *http.Req return func(rw http.ResponseWriter, req *http.Request, proxyErr error) { log.WithError(proxyErr).Warning("Error proxying to upstream server") rw.WriteHeader(http.StatusBadGateway) - a.ErrorPage(rw, req, fmt.Sprintf("Error proxying to upstream server: %s", proxyErr.Error())) + a.ErrorPage(rw, req, fmt.Sprintf("Error proxying to upstream server: %v", proxyErr)) } }