Merge pull request #92 from clems4ever/header-vars
Set headers values Remote-User and Remote-Groups in /verify responsepull/94/head
commit
72612e00aa
|
@ -75,15 +75,12 @@ http {
|
||||||
auth_request_set $redirect $upstream_http_redirect;
|
auth_request_set $redirect $upstream_http_redirect;
|
||||||
proxy_set_header Redirect $redirect;
|
proxy_set_header Redirect $redirect;
|
||||||
|
|
||||||
auth_request_set $user $upstream_http_x_remote_user;
|
auth_request_set $user $upstream_http_remote_user;
|
||||||
proxy_set_header X-Forwarded-User $user;
|
proxy_set_header X-Forwarded-User $user;
|
||||||
|
|
||||||
auth_request_set $groups $upstream_http_remote_groups;
|
auth_request_set $groups $upstream_http_remote_groups;
|
||||||
proxy_set_header Remote-Groups $groups;
|
proxy_set_header Remote-Groups $groups;
|
||||||
|
|
||||||
auth_request_set $expiry $upstream_http_remote_expiry;
|
|
||||||
proxy_set_header Remote-Expiry $expiry;
|
|
||||||
|
|
||||||
error_page 401 =302 https://auth.test.local:8080?redirect=$redirect;
|
error_page 401 =302 https://auth.test.local:8080?redirect=$redirect;
|
||||||
error_page 403 = https://auth.test.local:8080/error/403;
|
error_page 403 = https://auth.test.local:8080/error/403;
|
||||||
}
|
}
|
||||||
|
|
|
@ -274,7 +274,10 @@ export const SECOND_FACTOR_GET = "/secondfactor";
|
||||||
* @apiError (Error 401) status The user is not authenticated.
|
* @apiError (Error 401) status The user is not authenticated.
|
||||||
*
|
*
|
||||||
* @apiDescription Verify that the user is authenticated, i.e., the two
|
* @apiDescription Verify that the user is authenticated, i.e., the two
|
||||||
* factors have been validated
|
* factors have been validated.
|
||||||
|
* If the user is authenticated the response headers Remote-User and Remote-Groups
|
||||||
|
* are set. Remote-User contains the user id of the currently logged in user and Remote-Groups
|
||||||
|
* a comma separated list of assigned groups.
|
||||||
*/
|
*/
|
||||||
export const VERIFY_GET = "/verify";
|
export const VERIFY_GET = "/verify";
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
|
|
||||||
import { Winston } from "winston";
|
|
||||||
import objectPath = require("object-path");
|
import objectPath = require("object-path");
|
||||||
import BluebirdPromise = require("bluebird");
|
import BluebirdPromise = require("bluebird");
|
||||||
import express = require("express");
|
import express = require("express");
|
||||||
import { AccessController } from "../../access_control/AccessController";
|
|
||||||
import exceptions = require("../../Exceptions");
|
import exceptions = require("../../Exceptions");
|
||||||
import winston = require("winston");
|
import winston = require("winston");
|
||||||
import AuthenticationValidator = require("../../AuthenticationValidator");
|
import AuthenticationValidator = require("../../AuthenticationValidator");
|
||||||
|
@ -39,6 +37,9 @@ function verify_filter(req: express.Request, res: express.Response): BluebirdPro
|
||||||
if (!authSession.first_factor || !authSession.second_factor)
|
if (!authSession.first_factor || !authSession.second_factor)
|
||||||
return BluebirdPromise.reject(new exceptions.AccessDeniedError("First or second factor not validated"));
|
return BluebirdPromise.reject(new exceptions.AccessDeniedError("First or second factor not validated"));
|
||||||
|
|
||||||
|
res.setHeader("Remote-User", username);
|
||||||
|
res.setHeader("Remote-Groups", groups.join(","));
|
||||||
|
|
||||||
return BluebirdPromise.resolve();
|
return BluebirdPromise.resolve();
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
@ -45,9 +45,12 @@ describe("test authentication token verification", function () {
|
||||||
authSession.first_factor = true;
|
authSession.first_factor = true;
|
||||||
authSession.second_factor = true;
|
authSession.second_factor = true;
|
||||||
authSession.userid = "myuser";
|
authSession.userid = "myuser";
|
||||||
|
authSession.groups = ["mygroup", "othergroup"];
|
||||||
return VerifyGet.default(req as express.Request, res as any);
|
return VerifyGet.default(req as express.Request, res as any);
|
||||||
})
|
})
|
||||||
.then(function () {
|
.then(function () {
|
||||||
|
sinon.assert.calledWithExactly(res.setHeader, "Remote-User", "myuser");
|
||||||
|
sinon.assert.calledWithExactly(res.setHeader, "Remote-Groups", "mygroup,othergroup");
|
||||||
assert.equal(204, res.status.getCall(0).args[0]);
|
assert.equal(204, res.status.getCall(0).args[0]);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in New Issue