From 69d47196874128eac0c4ebd67f71b0c12ef4576f Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 14 Jan 2023 22:20:52 +0100 Subject: [PATCH] outposts/proxy: set http code when no redirect header is set Signed-off-by: Jens Langhammer --- internal/outpost/proxyv2/application/auth_bearer.go | 8 +++++--- internal/outpost/proxyv2/application/utils.go | 1 + 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/internal/outpost/proxyv2/application/auth_bearer.go b/internal/outpost/proxyv2/application/auth_bearer.go index 70cd2c381..4a9ad8f07 100644 --- a/internal/outpost/proxyv2/application/auth_bearer.go +++ b/internal/outpost/proxyv2/application/auth_bearer.go @@ -5,17 +5,19 @@ import ( "net/http" "net/url" "strings" + + "goauthentik.io/internal/outpost/proxyv2/constants" ) func (a *Application) checkAuthHeaderBearer(r *http.Request) string { - auth := r.Header.Get(HeaderAuthorization) + auth := r.Header.Get(constants.HeaderAuthorization) if auth == "" { return "" } - if len(auth) < len(AuthBearer) || !strings.EqualFold(auth[:len(AuthBearer)], AuthBearer) { + if len(auth) < len(constants.AuthBearer) || !strings.EqualFold(auth[:len(constants.AuthBearer)], constants.AuthBearer) { return "" } - return auth[len(AuthBearer):] + return auth[len(constants.AuthBearer):] } type TokenIntrospectionResponse struct { diff --git a/internal/outpost/proxyv2/application/utils.go b/internal/outpost/proxyv2/application/utils.go index 30bf69b66..085c82a1b 100644 --- a/internal/outpost/proxyv2/application/utils.go +++ b/internal/outpost/proxyv2/application/utils.go @@ -36,6 +36,7 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) { a.log.WithError(err).Warning("failed to decode session") } if r.Header.Get(constants.HeaderNoRedirect) == "true" { + rw.WriteHeader(401) er := a.errorTemplates.Execute(rw, ErrorPageData{ Title: "Unauthenticated", Message: fmt.Sprintf("Due to '%s' being set, no redirect is performed.", constants.HeaderNoRedirect),