From 69804e588a972cdf8fb774fc088cf8e442ba43d3 Mon Sep 17 00:00:00 2001 From: drew Date: Tue, 9 Dec 2014 14:38:57 -0600 Subject: [PATCH] Allow hiding custom login UI even if an htpasswd file is provided. --- main.go | 2 ++ oauthproxy.go | 29 +++++++++++++++++------------ options.go | 10 ++++++---- templates.go | 4 ++-- templates_test.go | 1 - 5 files changed, 27 insertions(+), 19 deletions(-) diff --git a/main.go b/main.go index 31accf6..820dc61 100644 --- a/main.go +++ b/main.go @@ -33,6 +33,7 @@ func main() { flagSet.String("client-secret", "", "the OAuth Client Secret") flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)") flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption") + flagSet.Bool("display-htpasswd-form", true, "display username / password login form if an htpasswd file is provided") flagSet.String("cookie-secret", "", "the seed string for secure cookies") flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*") @@ -78,6 +79,7 @@ func main() { if opts.HtpasswdFile != "" { log.Printf("using htpasswd file %s", opts.HtpasswdFile) oauthproxy.HtpasswdFile, err = NewHtpasswdFromFile(opts.HtpasswdFile) + oauthproxy.DisplayHtpasswdForm = opts.DisplayHtpasswdForm if err != nil { log.Fatalf("FATAL: unable to open %s %s", opts.HtpasswdFile, err) } diff --git a/oauthproxy.go b/oauthproxy.go index aa4f634..706c082 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -29,16 +29,17 @@ type OauthProxy struct { CookieExpire time.Duration Validator func(string) bool - redirectUrl *url.URL // the url to receive requests at - oauthRedemptionUrl *url.URL // endpoint to redeem the code - oauthLoginUrl *url.URL // to redirect the user to - oauthScope string - clientID string - clientSecret string - SignInMessage string - HtpasswdFile *HtpasswdFile - serveMux *http.ServeMux - PassBasicAuth bool + redirectUrl *url.URL // the url to receive requests at + oauthRedemptionUrl *url.URL // endpoint to redeem the code + oauthLoginUrl *url.URL // to redirect the user to + oauthScope string + clientID string + clientSecret string + SignInMessage string + HtpasswdFile *HtpasswdFile + DisplayHtpasswdForm bool + serveMux *http.ServeMux + PassBasicAuth bool } func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { @@ -114,6 +115,10 @@ func apiRequest(req *http.Request) (*simplejson.Json, error) { return data, nil } +func (p *OauthProxy) displayCustomLoginForm() bool { + return p.HtpasswdFile != nil && p.DisplayHtpasswdForm +} + func (p *OauthProxy) redeemCode(code string) (string, string, error) { if code == "" { return "", "", errors.New("missing code") @@ -232,12 +237,12 @@ func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code t := struct { SignInMessage string - Htpasswd bool + CustomLogin bool Redirect string Version string }{ SignInMessage: p.SignInMessage, - Htpasswd: p.HtpasswdFile != nil, + CustomLogin: p.displayCustomLoginForm(), Redirect: req.URL.RequestURI(), Version: VERSION, } diff --git a/options.go b/options.go index 010f366..b70e31c 100644 --- a/options.go +++ b/options.go @@ -15,6 +15,7 @@ type Options struct { ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"GOOGLE_AUTH_PROXY_CLIENT_SECRET"` PassBasicAuth bool `flag:"pass-basic-auth" cfg:"pass_basic_auth"` HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"` + DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"` CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"GOOGLE_AUTH_PROXY_COOKIE_SECRET"` CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"` CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"` @@ -30,10 +31,11 @@ type Options struct { func NewOptions() *Options { return &Options{ - HttpAddress: "127.0.0.1:4180", - CookieHttpsOnly: true, - PassBasicAuth: true, - CookieExpire: time.Duration(168) * time.Hour, + HttpAddress: "127.0.0.1:4180", + DisplayHtpasswdForm: true, + CookieHttpsOnly: true, + PassBasicAuth: true, + CookieExpire: time.Duration(168) * time.Hour, } } diff --git a/templates.go b/templates.go index 5670861..202114c 100644 --- a/templates.go +++ b/templates.go @@ -105,8 +105,8 @@ func getTemplates() *template.Template {
- - {{ if .Htpasswd }} + + {{ if .CustomLogin }}
diff --git a/templates_test.go b/templates_test.go index 65b653e..ed4ed70 100644 --- a/templates_test.go +++ b/templates_test.go @@ -8,5 +8,4 @@ import ( func TestTemplatesCompile(t *testing.T) { templates := getTemplates() assert.NotEqual(t, templates, nil) - }