meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Extract Authenticate for Proxy, AuthenticateOnly

Browse Source
This commit is contained in:
Mike Bland 2015-10-08 14:10:28 -04:00
parent e61fc9e7a6
commit 462f6d03d2
1 changed files with 19 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
oauthproxy.go
View File

@ -470,21 +470,27 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
} }
func (p *OAuthProxy) AuthenticateOnly(rw http.ResponseWriter, req *http.Request) { func (p *OAuthProxy) AuthenticateOnly(rw http.ResponseWriter, req *http.Request) {
remoteAddr := getRemoteAddr(req) status := p.Authenticate(rw, req)
if session, _, err := p.LoadCookiedSession(req); err != nil { if status == http.StatusAccepted {
log.Printf("%s %s", remoteAddr, err)
} else if session.IsExpired() {
log.Printf("%s Expired", remoteAddr, session)
} else if !p.Validator(session.Email) {
log.Printf("%s Permission Denied", remoteAddr, session)
} else {
rw.WriteHeader(http.StatusAccepted) rw.WriteHeader(http.StatusAccepted)
return } else {
http.Error(rw, "unauthorized request", http.StatusUnauthorized)
} }
http.Error(rw, "unauthorized request", http.StatusUnauthorized)
} }
func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request) { func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request) {
status := p.Authenticate(rw, req)
if status == http.StatusInternalServerError {
p.ErrorPage(rw, http.StatusInternalServerError,
"Internal Error", "Internal Error")
} else if status == http.StatusForbidden {
p.SignInPage(rw, req, http.StatusForbidden)
} else {
p.serveMux.ServeHTTP(rw, req)
}
}
func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int {
var saveSession, clearSession, revalidated bool var saveSession, clearSession, revalidated bool
remoteAddr := getRemoteAddr(req) remoteAddr := getRemoteAddr(req)
@ -533,8 +539,7 @@ func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request) {
err := p.SaveSession(rw, req, session) err := p.SaveSession(rw, req, session)
if err != nil { if err != nil {
log.Printf("%s %s", remoteAddr, err) log.Printf("%s %s", remoteAddr, err)
p.ErrorPage(rw, 500, "Internal Error", "Internal Error") return http.StatusInternalServerError
return
} }
} }
@ -550,8 +555,7 @@ func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request) {
} }
if session == nil { if session == nil {
p.SignInPage(rw, req, 403) return http.StatusForbidden
return
} }
// At this point, the user is authenticated. proxy normally // At this point, the user is authenticated. proxy normally
@ -570,8 +574,7 @@ func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request) {
} else { } else {
rw.Header().Set("GAP-Auth", session.Email) rw.Header().Set("GAP-Auth", session.Email)
} }
return http.StatusAccepted
p.serveMux.ServeHTTP(rw, req)
} }
func (p *OAuthProxy) CheckBasicAuth(req *http.Request) (*providers.SessionState, error) { func (p *OAuthProxy) CheckBasicAuth(req *http.Request) (*providers.SessionState, error) {