Merge pull request #46 from drewolson/hide_custom_login_ui

Allow hiding custom login UI even if an htpasswd file is provided.
This commit is contained in:
Jehiah Czebotar 2014-12-09 16:14:04 -05:00
commit a80b93130c
5 changed files with 27 additions and 19 deletions

View File

@ -33,6 +33,7 @@ func main() {
flagSet.String("client-secret", "", "the OAuth Client Secret") flagSet.String("client-secret", "", "the OAuth Client Secret")
flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)") flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption") flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
flagSet.Bool("display-htpasswd-form", true, "display username / password login form if an htpasswd file is provided")
flagSet.String("cookie-secret", "", "the seed string for secure cookies") flagSet.String("cookie-secret", "", "the seed string for secure cookies")
flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*") flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*")
@ -78,6 +79,7 @@ func main() {
if opts.HtpasswdFile != "" { if opts.HtpasswdFile != "" {
log.Printf("using htpasswd file %s", opts.HtpasswdFile) log.Printf("using htpasswd file %s", opts.HtpasswdFile)
oauthproxy.HtpasswdFile, err = NewHtpasswdFromFile(opts.HtpasswdFile) oauthproxy.HtpasswdFile, err = NewHtpasswdFromFile(opts.HtpasswdFile)
oauthproxy.DisplayHtpasswdForm = opts.DisplayHtpasswdForm
if err != nil { if err != nil {
log.Fatalf("FATAL: unable to open %s %s", opts.HtpasswdFile, err) log.Fatalf("FATAL: unable to open %s %s", opts.HtpasswdFile, err)
} }

View File

@ -29,16 +29,17 @@ type OauthProxy struct {
CookieExpire time.Duration CookieExpire time.Duration
Validator func(string) bool Validator func(string) bool
redirectUrl *url.URL // the url to receive requests at redirectUrl *url.URL // the url to receive requests at
oauthRedemptionUrl *url.URL // endpoint to redeem the code oauthRedemptionUrl *url.URL // endpoint to redeem the code
oauthLoginUrl *url.URL // to redirect the user to oauthLoginUrl *url.URL // to redirect the user to
oauthScope string oauthScope string
clientID string clientID string
clientSecret string clientSecret string
SignInMessage string SignInMessage string
HtpasswdFile *HtpasswdFile HtpasswdFile *HtpasswdFile
serveMux *http.ServeMux DisplayHtpasswdForm bool
PassBasicAuth bool serveMux *http.ServeMux
PassBasicAuth bool
} }
func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
@ -114,6 +115,10 @@ func apiRequest(req *http.Request) (*simplejson.Json, error) {
return data, nil return data, nil
} }
func (p *OauthProxy) displayCustomLoginForm() bool {
return p.HtpasswdFile != nil && p.DisplayHtpasswdForm
}
func (p *OauthProxy) redeemCode(code string) (string, string, error) { func (p *OauthProxy) redeemCode(code string) (string, string, error) {
if code == "" { if code == "" {
return "", "", errors.New("missing code") return "", "", errors.New("missing code")
@ -232,12 +237,12 @@ func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
t := struct { t := struct {
SignInMessage string SignInMessage string
Htpasswd bool CustomLogin bool
Redirect string Redirect string
Version string Version string
}{ }{
SignInMessage: p.SignInMessage, SignInMessage: p.SignInMessage,
Htpasswd: p.HtpasswdFile != nil, CustomLogin: p.displayCustomLoginForm(),
Redirect: req.URL.RequestURI(), Redirect: req.URL.RequestURI(),
Version: VERSION, Version: VERSION,
} }

View File

@ -15,6 +15,7 @@ type Options struct {
ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"GOOGLE_AUTH_PROXY_CLIENT_SECRET"` ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"GOOGLE_AUTH_PROXY_CLIENT_SECRET"`
PassBasicAuth bool `flag:"pass-basic-auth" cfg:"pass_basic_auth"` PassBasicAuth bool `flag:"pass-basic-auth" cfg:"pass_basic_auth"`
HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"` HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"`
DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"GOOGLE_AUTH_PROXY_COOKIE_SECRET"` CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"GOOGLE_AUTH_PROXY_COOKIE_SECRET"`
CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"` CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"`
CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"` CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"`
@ -30,10 +31,11 @@ type Options struct {
func NewOptions() *Options { func NewOptions() *Options {
return &Options{ return &Options{
HttpAddress: "127.0.0.1:4180", HttpAddress: "127.0.0.1:4180",
CookieHttpsOnly: true, DisplayHtpasswdForm: true,
PassBasicAuth: true, CookieHttpsOnly: true,
CookieExpire: time.Duration(168) * time.Hour, PassBasicAuth: true,
CookieExpire: time.Duration(168) * time.Hour,
} }
} }

View File

@ -106,7 +106,7 @@ func getTemplates() *template.Template {
</form> </form>
</div> </div>
{{ if .Htpasswd }} {{ if .CustomLogin }}
<div class="signin"> <div class="signin">
<form method="POST" action="/oauth2/sign_in"> <form method="POST" action="/oauth2/sign_in">
<input type="hidden" name="rd" value="{{.Redirect}}"> <input type="hidden" name="rd" value="{{.Redirect}}">

View File

@ -8,5 +8,4 @@ import (
func TestTemplatesCompile(t *testing.T) { func TestTemplatesCompile(t *testing.T) {
templates := getTemplates() templates := getTemplates()
assert.NotEqual(t, templates, nil) assert.NotEqual(t, templates, nil)
} }