proxy: cleanup addHeadersForProxying

proxy/pkg/proxy/oauthproxy.go

@@ -890,63 +890,30 @@ func (p *OAuthProxy) getAuthenticatedSession(rw http.ResponseWriter, req *http.R
 
 // addHeadersForProxying adds the appropriate headers the request / response for proxying
 func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Request, session *sessionsapi.SessionState) {
-	if p.PassUserHeaders {
+	req.Header["X-Forwarded-User"] = []string{session.User}
-		if p.PreferEmailToUser && session.Email != "" {
+	if session.Email != "" {
-			req.Header["X-Forwarded-User"] = []string{session.Email}
+		req.Header["X-Forwarded-Email"] = []string{session.Email}
-			req.Header.Del("X-Forwarded-Email")
-		} else {
-			req.Header["X-Forwarded-User"] = []string{session.User}
-			if session.Email != "" {
-				req.Header["X-Forwarded-Email"] = []string{session.Email}
-			} else {
-				req.Header.Del("X-Forwarded-Email")
-			}
-		}
-
-		if session.PreferredUsername != "" {
-			req.Header["X-Forwarded-Preferred-Username"] = []string{session.PreferredUsername}
-		} else {
-			req.Header.Del("X-Forwarded-Preferred-Username")
-		}
 	}
 
-	if p.SetXAuthRequest {
+	if session.PreferredUsername != "" {
-		rw.Header().Set("X-Auth-Request-User", session.User)
+		req.Header["X-Forwarded-Preferred-Username"] = []string{session.PreferredUsername}
-		if session.Email != "" {
+		req.Header["X-Auth-Username"] = []string{session.PreferredUsername}
-			rw.Header().Set("X-Auth-Request-Email", session.Email)
+	} else {
-		} else {
+		req.Header.Del("X-Forwarded-Preferred-Username")
-			rw.Header().Del("X-Auth-Request-Email")
+		req.Header.Del("X-Auth-Username")
-		}
-		if session.PreferredUsername != "" {
-			rw.Header().Set("X-Auth-Request-Preferred-Username", session.PreferredUsername)
-		} else {
-			rw.Header().Del("X-Auth-Request-Preferred-Username")
-		}
-
-		if p.PassAccessToken {
-			if session.AccessToken != "" {
-				rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)
-			} else {
-				rw.Header().Del("X-Auth-Request-Access-Token")
-			}
-		}
 	}
 
-	if p.PassAccessToken {
+	if session.Email != "" {
-		if session.AccessToken != "" {
+		rw.Header().Set("X-Auth-Request-Email", session.Email)
-			req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}
+	} else {
-		} else {
+		rw.Header().Del("X-Auth-Request-Email")
-			req.Header.Del("X-Forwarded-Access-Token")
+	}
-		}
+	if session.PreferredUsername != "" {
+		rw.Header().Set("X-Auth-Request-Preferred-Username", session.PreferredUsername)
+	} else {
+		rw.Header().Del("X-Auth-Request-Preferred-Username")
 	}
 
-	if p.PassAuthorization {
-		if session.IDToken != "" {
-			req.Header["Authorization"] = []string{fmt.Sprintf("Bearer %s", session.IDToken)}
-		} else {
-			req.Header.Del("Authorization")
-		}
-	}
 	if p.SetBasicAuth {
 		claims := Claims{}
 		err := claims.FromIDToken(session.IDToken)
@@ -968,13 +935,6 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
 		authVal := b64.StdEncoding.EncodeToString([]byte(username + ":" + password))
 		req.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)}
 	}
-	if p.SetAuthorization {
-		if session.IDToken != "" {
-			rw.Header().Set("Authorization", fmt.Sprintf("Bearer %s", session.IDToken))
-		} else {
-			rw.Header().Del("Authorization")
-		}
-	}
 
 	if session.Email == "" {
 		rw.Header().Set("GAP-Auth", session.User)

proxy/pkg/server/api.go

@@ -49,7 +49,6 @@ func getCommonOptions() *options.Options {
 	commonOpts.ProxyPrefix = "/pbprox"
 	commonOpts.SkipProviderButton = true
 	commonOpts.Logging.SilencePing = true
-	commonOpts.SetXAuthRequest = true
 	commonOpts.SetAuthorization = false
 	commonOpts.Scope = "openid email profile pb_proxy"
 	return commonOpts