meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow specifying multiple google apps domains.

Browse Source
This commit is contained in:
drew 2014-05-21 20:47:42 -05:00
parent 7d0a8231cc
commit 964929a56d
2 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
main.go
View File

@ -23,12 +23,13 @@ var (
htpasswdFile = flag.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption") htpasswdFile = flag.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
cookieSecret = flag.String("cookie-secret", "", "the seed string for secure cookies") cookieSecret = flag.String("cookie-secret", "", "the seed string for secure cookies")
cookieDomain = flag.String("cookie-domain", "", "an optional cookie domain to force cookies to") cookieDomain = flag.String("cookie-domain", "", "an optional cookie domain to force cookies to")
googleAppsDomain = flag.String("google-apps-domain", "", "authenticate against the given google apps domain")
authenticatedEmailsFile = flag.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)") authenticatedEmailsFile = flag.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
googleAppsDomains = StringArray{}
upstreams = StringArray{} upstreams = StringArray{}
) )
func init() { func init() {
flag.Var(&googleAppsDomains, "google-apps-domain", "authenticate against the given google apps domain (may be given multiple times)")
flag.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path") flag.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path")
} }
@ -78,11 +79,11 @@ func main() {
log.Fatalf("error parsing --redirect-url %s", err.Error()) log.Fatalf("error parsing --redirect-url %s", err.Error())
} }
validator := NewValidator(*googleAppsDomain, *authenticatedEmailsFile) validator := NewValidator(googleAppsDomains, *authenticatedEmailsFile)
oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, validator) oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, validator)
oauthproxy.SetRedirectUrl(redirectUrl) oauthproxy.SetRedirectUrl(redirectUrl)
if *googleAppsDomain != "" && *authenticatedEmailsFile == "" { if len(googleAppsDomains) != 0 && *authenticatedEmailsFile == "" {
oauthproxy.SignInMessage = fmt.Sprintf("using a %s email address", *googleAppsDomain) oauthproxy.SignInMessage = fmt.Sprintf("using a email address from the following domains: %v", strings.Join(googleAppsDomains, ", "))
} }
if *htpasswdFile != "" { if *htpasswdFile != "" {
oauthproxy.HtpasswdFile, err = NewHtpasswdFromFile(*htpasswdFile) oauthproxy.HtpasswdFile, err = NewHtpasswdFromFile(*htpasswdFile)

14
validator.go
View File

@ -8,13 +8,8 @@ import (
"strings" "strings"
) )
func NewValidator(domain string, usersFile string) func(string) bool { func NewValidator(domains []string, usersFile string) func(string) bool {
validUsers := make(map[string]bool) validUsers := make(map[string]bool)
emailSuffix := ""
if domain != "" {
emailSuffix = fmt.Sprintf("@%s", domain)
}
if usersFile != "" { if usersFile != "" {
r, err := os.Open(usersFile) r, err := os.Open(usersFile)
@ -32,9 +27,10 @@ func NewValidator(domain string, usersFile string) func(string) bool {
} }
validator := func(email string) bool { validator := func(email string) bool {
var valid bool valid := false
if emailSuffix != "" { for _, domain := range domains {
valid = strings.HasSuffix(email, emailSuffix) emailSuffix := fmt.Sprintf("@%s", domain)
valid = valid || strings.HasSuffix(email, emailSuffix)
} }
if !valid { if !valid {
_, valid = validUsers[email] _, valid = validUsers[email]