Store access token when cookie-refresh is set
cookie-refresh now no longer requires pass-access-token in order to work.
This commit is contained in:
parent
b6e07d51b2
commit
bd4eae8fec
@ -49,6 +49,7 @@ type OauthProxy struct {
|
||||
DisplayHtpasswdForm bool
|
||||
serveMux http.Handler
|
||||
PassBasicAuth bool
|
||||
PassAccessToken bool
|
||||
AesCipher cipher.Block
|
||||
skipAuthRegex []string
|
||||
compiledRegex []*regexp.Regexp
|
||||
@ -122,7 +123,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
|
||||
log.Printf("Cookie settings: secure (https):%v httponly:%v expiry:%s domain:%s", opts.CookieSecure, opts.CookieHttpOnly, opts.CookieExpire, domain)
|
||||
|
||||
var aes_cipher cipher.Block
|
||||
if opts.PassAccessToken {
|
||||
if opts.PassAccessToken || (opts.CookieRefresh != time.Duration(0)) {
|
||||
var err error
|
||||
aes_cipher, err = aes.NewCipher([]byte(opts.CookieSecret))
|
||||
if err != nil {
|
||||
@ -153,6 +154,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
|
||||
skipAuthRegex: opts.SkipAuthRegex,
|
||||
compiledRegex: opts.CompiledRegex,
|
||||
PassBasicAuth: opts.PassBasicAuth,
|
||||
PassAccessToken: opts.PassAccessToken,
|
||||
AesCipher: aes_cipher,
|
||||
templates: loadTemplates(opts.CustomTemplatesDir),
|
||||
}
|
||||
@ -496,7 +498,7 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
req.Header["X-Forwarded-User"] = []string{user}
|
||||
req.Header["X-Forwarded-Email"] = []string{email}
|
||||
}
|
||||
if access_token != "" {
|
||||
if p.PassAccessToken {
|
||||
req.Header["X-Forwarded-Access-Token"] = []string{access_token}
|
||||
}
|
||||
if email == "" {
|
||||
|
@ -407,14 +407,19 @@ func NewProcessCookieTest() *ProcessCookieTest {
|
||||
pc_test.opts.CookieSecret = "foobar"
|
||||
pc_test.opts.ClientID = "bazquux"
|
||||
pc_test.opts.ClientSecret = "xyzzyplugh"
|
||||
pc_test.opts.PassAccessToken = true
|
||||
pc_test.opts.CookieSecret = "0123456789abcdef"
|
||||
// First, set the CookieRefresh option so proxy.AesCipher is created,
|
||||
// needed to encrypt the access_token.
|
||||
pc_test.opts.CookieRefresh = time.Duration(24) * time.Hour
|
||||
pc_test.opts.Validate()
|
||||
|
||||
pc_test.proxy = NewOauthProxy(pc_test.opts, func(email string) bool {
|
||||
return true
|
||||
})
|
||||
|
||||
// Now, zero-out proxy.CookieRefresh for the cases that don't involve
|
||||
// access_token validation.
|
||||
pc_test.proxy.CookieRefresh = time.Duration(0)
|
||||
pc_test.rw = httptest.NewRecorder()
|
||||
pc_test.req, _ = http.NewRequest("GET", "/", strings.NewReader(""))
|
||||
return &pc_test
|
||||
|
Loading…
Reference in New Issue
Block a user