Allow hiding custom login UI even if an htpasswd file is provided.
This commit is contained in:
parent
5199e0028b
commit
69804e588a
2
main.go
2
main.go
@ -33,6 +33,7 @@ func main() {
|
||||
flagSet.String("client-secret", "", "the OAuth Client Secret")
|
||||
flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
|
||||
flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
|
||||
flagSet.Bool("display-htpasswd-form", true, "display username / password login form if an htpasswd file is provided")
|
||||
|
||||
flagSet.String("cookie-secret", "", "the seed string for secure cookies")
|
||||
flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*")
|
||||
@ -78,6 +79,7 @@ func main() {
|
||||
if opts.HtpasswdFile != "" {
|
||||
log.Printf("using htpasswd file %s", opts.HtpasswdFile)
|
||||
oauthproxy.HtpasswdFile, err = NewHtpasswdFromFile(opts.HtpasswdFile)
|
||||
oauthproxy.DisplayHtpasswdForm = opts.DisplayHtpasswdForm
|
||||
if err != nil {
|
||||
log.Fatalf("FATAL: unable to open %s %s", opts.HtpasswdFile, err)
|
||||
}
|
||||
|
@ -29,16 +29,17 @@ type OauthProxy struct {
|
||||
CookieExpire time.Duration
|
||||
Validator func(string) bool
|
||||
|
||||
redirectUrl *url.URL // the url to receive requests at
|
||||
oauthRedemptionUrl *url.URL // endpoint to redeem the code
|
||||
oauthLoginUrl *url.URL // to redirect the user to
|
||||
oauthScope string
|
||||
clientID string
|
||||
clientSecret string
|
||||
SignInMessage string
|
||||
HtpasswdFile *HtpasswdFile
|
||||
serveMux *http.ServeMux
|
||||
PassBasicAuth bool
|
||||
redirectUrl *url.URL // the url to receive requests at
|
||||
oauthRedemptionUrl *url.URL // endpoint to redeem the code
|
||||
oauthLoginUrl *url.URL // to redirect the user to
|
||||
oauthScope string
|
||||
clientID string
|
||||
clientSecret string
|
||||
SignInMessage string
|
||||
HtpasswdFile *HtpasswdFile
|
||||
DisplayHtpasswdForm bool
|
||||
serveMux *http.ServeMux
|
||||
PassBasicAuth bool
|
||||
}
|
||||
|
||||
func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
|
||||
@ -114,6 +115,10 @@ func apiRequest(req *http.Request) (*simplejson.Json, error) {
|
||||
return data, nil
|
||||
}
|
||||
|
||||
func (p *OauthProxy) displayCustomLoginForm() bool {
|
||||
return p.HtpasswdFile != nil && p.DisplayHtpasswdForm
|
||||
}
|
||||
|
||||
func (p *OauthProxy) redeemCode(code string) (string, string, error) {
|
||||
if code == "" {
|
||||
return "", "", errors.New("missing code")
|
||||
@ -232,12 +237,12 @@ func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
|
||||
|
||||
t := struct {
|
||||
SignInMessage string
|
||||
Htpasswd bool
|
||||
CustomLogin bool
|
||||
Redirect string
|
||||
Version string
|
||||
}{
|
||||
SignInMessage: p.SignInMessage,
|
||||
Htpasswd: p.HtpasswdFile != nil,
|
||||
CustomLogin: p.displayCustomLoginForm(),
|
||||
Redirect: req.URL.RequestURI(),
|
||||
Version: VERSION,
|
||||
}
|
||||
|
10
options.go
10
options.go
@ -15,6 +15,7 @@ type Options struct {
|
||||
ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"GOOGLE_AUTH_PROXY_CLIENT_SECRET"`
|
||||
PassBasicAuth bool `flag:"pass-basic-auth" cfg:"pass_basic_auth"`
|
||||
HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"`
|
||||
DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
|
||||
CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"GOOGLE_AUTH_PROXY_COOKIE_SECRET"`
|
||||
CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"`
|
||||
CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"`
|
||||
@ -30,10 +31,11 @@ type Options struct {
|
||||
|
||||
func NewOptions() *Options {
|
||||
return &Options{
|
||||
HttpAddress: "127.0.0.1:4180",
|
||||
CookieHttpsOnly: true,
|
||||
PassBasicAuth: true,
|
||||
CookieExpire: time.Duration(168) * time.Hour,
|
||||
HttpAddress: "127.0.0.1:4180",
|
||||
DisplayHtpasswdForm: true,
|
||||
CookieHttpsOnly: true,
|
||||
PassBasicAuth: true,
|
||||
CookieExpire: time.Duration(168) * time.Hour,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -105,8 +105,8 @@ func getTemplates() *template.Template {
|
||||
<button type="submit" class="btn">Sign in with a Google Account</button><br/>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
{{ if .Htpasswd }}
|
||||
|
||||
{{ if .CustomLogin }}
|
||||
<div class="signin">
|
||||
<form method="POST" action="/oauth2/sign_in">
|
||||
<input type="hidden" name="rd" value="{{.Redirect}}">
|
||||
|
@ -8,5 +8,4 @@ import (
|
||||
func TestTemplatesCompile(t *testing.T) {
|
||||
templates := getTemplates()
|
||||
assert.NotEqual(t, templates, nil)
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user