Merge pull request #46 from drewolson/hide_custom_login_ui
Allow hiding custom login UI even if an htpasswd file is provided.
This commit is contained in:
commit
a80b93130c
2
main.go
2
main.go
@ -33,6 +33,7 @@ func main() {
|
|||||||
flagSet.String("client-secret", "", "the OAuth Client Secret")
|
flagSet.String("client-secret", "", "the OAuth Client Secret")
|
||||||
flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
|
flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
|
||||||
flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
|
flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
|
||||||
|
flagSet.Bool("display-htpasswd-form", true, "display username / password login form if an htpasswd file is provided")
|
||||||
|
|
||||||
flagSet.String("cookie-secret", "", "the seed string for secure cookies")
|
flagSet.String("cookie-secret", "", "the seed string for secure cookies")
|
||||||
flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*")
|
flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*")
|
||||||
@ -78,6 +79,7 @@ func main() {
|
|||||||
if opts.HtpasswdFile != "" {
|
if opts.HtpasswdFile != "" {
|
||||||
log.Printf("using htpasswd file %s", opts.HtpasswdFile)
|
log.Printf("using htpasswd file %s", opts.HtpasswdFile)
|
||||||
oauthproxy.HtpasswdFile, err = NewHtpasswdFromFile(opts.HtpasswdFile)
|
oauthproxy.HtpasswdFile, err = NewHtpasswdFromFile(opts.HtpasswdFile)
|
||||||
|
oauthproxy.DisplayHtpasswdForm = opts.DisplayHtpasswdForm
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("FATAL: unable to open %s %s", opts.HtpasswdFile, err)
|
log.Fatalf("FATAL: unable to open %s %s", opts.HtpasswdFile, err)
|
||||||
}
|
}
|
||||||
|
@ -29,16 +29,17 @@ type OauthProxy struct {
|
|||||||
CookieExpire time.Duration
|
CookieExpire time.Duration
|
||||||
Validator func(string) bool
|
Validator func(string) bool
|
||||||
|
|
||||||
redirectUrl *url.URL // the url to receive requests at
|
redirectUrl *url.URL // the url to receive requests at
|
||||||
oauthRedemptionUrl *url.URL // endpoint to redeem the code
|
oauthRedemptionUrl *url.URL // endpoint to redeem the code
|
||||||
oauthLoginUrl *url.URL // to redirect the user to
|
oauthLoginUrl *url.URL // to redirect the user to
|
||||||
oauthScope string
|
oauthScope string
|
||||||
clientID string
|
clientID string
|
||||||
clientSecret string
|
clientSecret string
|
||||||
SignInMessage string
|
SignInMessage string
|
||||||
HtpasswdFile *HtpasswdFile
|
HtpasswdFile *HtpasswdFile
|
||||||
serveMux *http.ServeMux
|
DisplayHtpasswdForm bool
|
||||||
PassBasicAuth bool
|
serveMux *http.ServeMux
|
||||||
|
PassBasicAuth bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
|
func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
|
||||||
@ -114,6 +115,10 @@ func apiRequest(req *http.Request) (*simplejson.Json, error) {
|
|||||||
return data, nil
|
return data, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p *OauthProxy) displayCustomLoginForm() bool {
|
||||||
|
return p.HtpasswdFile != nil && p.DisplayHtpasswdForm
|
||||||
|
}
|
||||||
|
|
||||||
func (p *OauthProxy) redeemCode(code string) (string, string, error) {
|
func (p *OauthProxy) redeemCode(code string) (string, string, error) {
|
||||||
if code == "" {
|
if code == "" {
|
||||||
return "", "", errors.New("missing code")
|
return "", "", errors.New("missing code")
|
||||||
@ -232,12 +237,12 @@ func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
|
|||||||
|
|
||||||
t := struct {
|
t := struct {
|
||||||
SignInMessage string
|
SignInMessage string
|
||||||
Htpasswd bool
|
CustomLogin bool
|
||||||
Redirect string
|
Redirect string
|
||||||
Version string
|
Version string
|
||||||
}{
|
}{
|
||||||
SignInMessage: p.SignInMessage,
|
SignInMessage: p.SignInMessage,
|
||||||
Htpasswd: p.HtpasswdFile != nil,
|
CustomLogin: p.displayCustomLoginForm(),
|
||||||
Redirect: req.URL.RequestURI(),
|
Redirect: req.URL.RequestURI(),
|
||||||
Version: VERSION,
|
Version: VERSION,
|
||||||
}
|
}
|
||||||
|
10
options.go
10
options.go
@ -15,6 +15,7 @@ type Options struct {
|
|||||||
ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"GOOGLE_AUTH_PROXY_CLIENT_SECRET"`
|
ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"GOOGLE_AUTH_PROXY_CLIENT_SECRET"`
|
||||||
PassBasicAuth bool `flag:"pass-basic-auth" cfg:"pass_basic_auth"`
|
PassBasicAuth bool `flag:"pass-basic-auth" cfg:"pass_basic_auth"`
|
||||||
HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"`
|
HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"`
|
||||||
|
DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
|
||||||
CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"GOOGLE_AUTH_PROXY_COOKIE_SECRET"`
|
CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"GOOGLE_AUTH_PROXY_COOKIE_SECRET"`
|
||||||
CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"`
|
CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"`
|
||||||
CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"`
|
CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"`
|
||||||
@ -30,10 +31,11 @@ type Options struct {
|
|||||||
|
|
||||||
func NewOptions() *Options {
|
func NewOptions() *Options {
|
||||||
return &Options{
|
return &Options{
|
||||||
HttpAddress: "127.0.0.1:4180",
|
HttpAddress: "127.0.0.1:4180",
|
||||||
CookieHttpsOnly: true,
|
DisplayHtpasswdForm: true,
|
||||||
PassBasicAuth: true,
|
CookieHttpsOnly: true,
|
||||||
CookieExpire: time.Duration(168) * time.Hour,
|
PassBasicAuth: true,
|
||||||
|
CookieExpire: time.Duration(168) * time.Hour,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -105,8 +105,8 @@ func getTemplates() *template.Template {
|
|||||||
<button type="submit" class="btn">Sign in with a Google Account</button><br/>
|
<button type="submit" class="btn">Sign in with a Google Account</button><br/>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{{ if .Htpasswd }}
|
{{ if .CustomLogin }}
|
||||||
<div class="signin">
|
<div class="signin">
|
||||||
<form method="POST" action="/oauth2/sign_in">
|
<form method="POST" action="/oauth2/sign_in">
|
||||||
<input type="hidden" name="rd" value="{{.Redirect}}">
|
<input type="hidden" name="rd" value="{{.Redirect}}">
|
||||||
|
@ -8,5 +8,4 @@ import (
|
|||||||
func TestTemplatesCompile(t *testing.T) {
|
func TestTemplatesCompile(t *testing.T) {
|
||||||
templates := getTemplates()
|
templates := getTemplates()
|
||||||
assert.NotEqual(t, templates, nil)
|
assert.NotEqual(t, templates, nil)
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user