proxy: add support for additionalHeaders

This commit is contained in:
Jens Langhammer 2020-10-29 22:09:53 +01:00
parent 791627d3ce
commit 4e1808632d
2 changed files with 19 additions and 10 deletions

View File

@ -8,7 +8,7 @@ import (
type Claims struct {
Proxy struct {
UserAttributes map[string]string `json:"user_attributes"`
UserAttributes map[string]interface{} `json:"user_attributes"`
} `json:"pb_proxy"`
}

View File

@ -413,27 +413,36 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
req.Header.Del("X-Auth-Username")
}
if p.SetBasicAuth {
claims := Claims{}
err := claims.FromIDToken(session.IDToken)
if err != nil {
log.WithError(err).Warning("Failed to parse IDToken")
}
userAttributes := claims.Proxy.UserAttributes
// Attempt to set basic auth based on user's attributes
if p.SetBasicAuth {
var ok bool
var password string
if password, ok = userAttributes[p.BasicAuthPasswordAttribute]; !ok {
if password, ok = userAttributes[p.BasicAuthPasswordAttribute].(string); !ok {
password = ""
}
// Check if we should use email or a custom attribute as username
var username string
if username, ok = userAttributes[p.BasicAuthUserAttribute]; !ok {
if username, ok = userAttributes[p.BasicAuthUserAttribute].(string); !ok {
username = session.Email
}
authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password))
req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)}
}
// Check if user has additional headers set that we should sent
if additionalHeaders, ok := userAttributes["additionalHeaders"].(map[string]string); ok {
if additionalHeaders == nil {
return
}
for key, value := range additionalHeaders {
req.Header.Set(key, value)
}
}
}
// stripAuthHeaders removes Auth headers for whitelisted routes from skipAuthRegex