meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

improve handling of cookie domains

Browse Source
This commit is contained in:
Jehiah Czebotar 2015-03-19 15:59:48 -04:00
parent d5169f92f7
commit 07c74f55c6
1 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
oauthproxy.go
View File

@ -8,6 +8,7 @@ import (
"html/template" "html/template"
"io/ioutil" "io/ioutil"
"log" "log"
"net"
"net/http" "net/http"
"net/http/httputil" "net/http/httputil"
"net/url" "net/url"
@ -244,8 +245,14 @@ func jwtDecodeSegment(seg string) ([]byte, error) {
} }
func (p *OauthProxy) ClearCookie(rw http.ResponseWriter, req *http.Request) { func (p *OauthProxy) ClearCookie(rw http.ResponseWriter, req *http.Request) {
domain := strings.Split(req.Host, ":")[0] domain := req.Host
if p.CookieDomain != "" && strings.HasSuffix(domain, p.CookieDomain) { if h, _, err := net.SplitHostPort(domain); err == nil {
domain = h
}
if p.CookieDomain != "" {
if !strings.HasSuffix(domain, p.CookieDomain) {
log.Printf("Warning: request host is %q but using configured cookie domain of %q", domain, p.CookieDomain)
}
domain = p.CookieDomain domain = p.CookieDomain
} }
cookie := &http.Cookie{ cookie := &http.Cookie{
@ -253,16 +260,23 @@ func (p *OauthProxy) ClearCookie(rw http.ResponseWriter, req *http.Request) {
Value: "", Value: "",
Path: "/", Path: "/",
Domain: domain, Domain: domain,
Expires: time.Now().Add(time.Duration(1) * time.Hour * -1),
HttpOnly: p.CookieHttpOnly, HttpOnly: p.CookieHttpOnly,
Secure: p.CookieSecure,
Expires: time.Now().Add(time.Duration(1) * time.Hour * -1),
} }
http.SetCookie(rw, cookie) http.SetCookie(rw, cookie)
} }
func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val string) { func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val string) {
domain := strings.Split(req.Host, ":")[0] // strip the port (if any) domain := req.Host
if p.CookieDomain != "" && strings.HasSuffix(domain, p.CookieDomain) { if h, _, err := net.SplitHostPort(domain); err == nil {
domain = h
}
if p.CookieDomain != "" {
if !strings.HasSuffix(domain, p.CookieDomain) {
log.Printf("Warning: request host is %q but using configured cookie domain of %q", domain, p.CookieDomain)
}
domain = p.CookieDomain domain = p.CookieDomain
} }
cookie := &http.Cookie{ cookie := &http.Cookie{
@ -444,11 +458,6 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
if !ok { if !ok {
user, ok = p.CheckBasicAuth(req) user, ok = p.CheckBasicAuth(req)
// if we want to promote basic auth requests to cookie'd requests, we could do that here
// not sure that would be ideal in all circumstances though
// if ok {
// p.SetCookie(rw, req, user)
// }
} }
if !ok { if !ok {