proxy: add support for additionalHeaders
This commit is contained in:
parent
791627d3ce
commit
4e1808632d
|
@ -8,7 +8,7 @@ import (
|
|||
|
||||
type Claims struct {
|
||||
Proxy struct {
|
||||
UserAttributes map[string]string `json:"user_attributes"`
|
||||
UserAttributes map[string]interface{} `json:"user_attributes"`
|
||||
} `json:"pb_proxy"`
|
||||
}
|
||||
|
||||
|
|
|
@ -413,27 +413,36 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
|
|||
req.Header.Del("X-Auth-Username")
|
||||
}
|
||||
|
||||
if p.SetBasicAuth {
|
||||
claims := Claims{}
|
||||
err := claims.FromIDToken(session.IDToken)
|
||||
if err != nil {
|
||||
log.WithError(err).Warning("Failed to parse IDToken")
|
||||
}
|
||||
|
||||
userAttributes := claims.Proxy.UserAttributes
|
||||
// Attempt to set basic auth based on user's attributes
|
||||
if p.SetBasicAuth {
|
||||
var ok bool
|
||||
var password string
|
||||
if password, ok = userAttributes[p.BasicAuthPasswordAttribute]; !ok {
|
||||
if password, ok = userAttributes[p.BasicAuthPasswordAttribute].(string); !ok {
|
||||
password = ""
|
||||
}
|
||||
// Check if we should use email or a custom attribute as username
|
||||
var username string
|
||||
if username, ok = userAttributes[p.BasicAuthUserAttribute]; !ok {
|
||||
if username, ok = userAttributes[p.BasicAuthUserAttribute].(string); !ok {
|
||||
username = session.Email
|
||||
}
|
||||
authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password))
|
||||
req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)}
|
||||
}
|
||||
// Check if user has additional headers set that we should sent
|
||||
if additionalHeaders, ok := userAttributes["additionalHeaders"].(map[string]string); ok {
|
||||
if additionalHeaders == nil {
|
||||
return
|
||||
}
|
||||
for key, value := range additionalHeaders {
|
||||
req.Header.Set(key, value)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// stripAuthHeaders removes Auth headers for whitelisted routes from skipAuthRegex
|
||||
|
|
Reference in New Issue