#65: Set headers X-Remote-User and Remote-Groups
parent
7be61d7357
commit
9d1d10596f
976
doc/api_data.js
976
doc/api_data.js
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1,15 +1 @@
|
||||||
define({
|
define({
"title": "Authelia API documentation",
"name": "authelia",
"version": "3.2.0",
"description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F",
"sampleUrl": false,
"defaultVersion": "0.0.0",
"apidoc": "0.3.0",
"generator": {
"name": "apidoc",
"time": "2017-08-19T09:41:58.170Z",
"url": "http://apidocjs.com",
"version": "0.17.6"
}
});
|
||||||
"title": "Authelia API documentation",
|
|
||||||
"name": "authelia",
|
|
||||||
"version": "2.1.3",
|
|
||||||
"description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F",
|
|
||||||
"sampleUrl": false,
|
|
||||||
"defaultVersion": "0.0.0",
|
|
||||||
"apidoc": "0.3.0",
|
|
||||||
"generator": {
|
|
||||||
"name": "apidoc",
|
|
||||||
"time": "2017-06-11T20:41:36.025Z",
|
|
||||||
"url": "http://apidocjs.com",
|
|
||||||
"version": "0.17.6"
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
|
@ -1,15 +1 @@
|
||||||
{
|
{
"title": "Authelia API documentation",
"name": "authelia",
"version": "3.2.0",
"description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F",
"sampleUrl": false,
"defaultVersion": "0.0.0",
"apidoc": "0.3.0",
"generator": {
"name": "apidoc",
"time": "2017-08-19T09:41:58.170Z",
"url": "http://apidocjs.com",
"version": "0.17.6"
}
}
|
||||||
"title": "Authelia API documentation",
|
|
||||||
"name": "authelia",
|
|
||||||
"version": "2.1.3",
|
|
||||||
"description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F",
|
|
||||||
"sampleUrl": false,
|
|
||||||
"defaultVersion": "0.0.0",
|
|
||||||
"apidoc": "0.3.0",
|
|
||||||
"generator": {
|
|
||||||
"name": "apidoc",
|
|
||||||
"time": "2017-06-11T20:41:36.025Z",
|
|
||||||
"url": "http://apidocjs.com",
|
|
||||||
"version": "0.17.6"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -78,12 +78,10 @@ http {
|
||||||
location = /secret.html {
|
location = /secret.html {
|
||||||
auth_request /auth_verify;
|
auth_request /auth_verify;
|
||||||
|
|
||||||
auth_request_set $user $upstream_http_x_remote_user;
|
auth_request_set $user $upstream_http_remote_user;
|
||||||
proxy_set_header X-Forwarded-User $user;
|
proxy_set_header X-Forwarded-User $user;
|
||||||
auth_request_set $groups $upstream_http_remote_groups;
|
auth_request_set $groups $upstream_http_remote_groups;
|
||||||
proxy_set_header Remote-Groups $groups;
|
proxy_set_header Remote-Groups $groups;
|
||||||
auth_request_set $expiry $upstream_http_remote_expiry;
|
|
||||||
proxy_set_header Remote-Expiry $expiry;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -274,7 +274,10 @@ export const SECOND_FACTOR_GET = "/secondfactor";
|
||||||
* @apiError (Error 401) status The user is not authenticated.
|
* @apiError (Error 401) status The user is not authenticated.
|
||||||
*
|
*
|
||||||
* @apiDescription Verify that the user is authenticated, i.e., the two
|
* @apiDescription Verify that the user is authenticated, i.e., the two
|
||||||
* factors have been validated
|
* factors have been validated.
|
||||||
|
* If the user is authenticated the response headers Remote-User and Remote-Groups
|
||||||
|
* are set. Remote-User contains the user id of the currently logged in user and Remote-Groups
|
||||||
|
* a comma separated list of assigned groups.
|
||||||
*/
|
*/
|
||||||
export const VERIFY_GET = "/verify";
|
export const VERIFY_GET = "/verify";
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
|
|
||||||
import { Winston } from "winston";
|
|
||||||
import objectPath = require("object-path");
|
import objectPath = require("object-path");
|
||||||
import BluebirdPromise = require("bluebird");
|
import BluebirdPromise = require("bluebird");
|
||||||
import express = require("express");
|
import express = require("express");
|
||||||
import { AccessController } from "../../access_control/AccessController";
|
|
||||||
import exceptions = require("../../Exceptions");
|
import exceptions = require("../../Exceptions");
|
||||||
import winston = require("winston");
|
import winston = require("winston");
|
||||||
import AuthenticationValidator = require("../../AuthenticationValidator");
|
import AuthenticationValidator = require("../../AuthenticationValidator");
|
||||||
|
@ -35,6 +33,9 @@ function verify_filter(req: express.Request, res: express.Response): BluebirdPro
|
||||||
if (!authSession.first_factor || !authSession.second_factor)
|
if (!authSession.first_factor || !authSession.second_factor)
|
||||||
return BluebirdPromise.reject(new exceptions.AccessDeniedError("First or second factor not validated"));
|
return BluebirdPromise.reject(new exceptions.AccessDeniedError("First or second factor not validated"));
|
||||||
|
|
||||||
|
res.setHeader("Remote-User", username);
|
||||||
|
res.setHeader("Remote-Groups", groups.join(","));
|
||||||
|
|
||||||
return BluebirdPromise.resolve();
|
return BluebirdPromise.resolve();
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,9 +41,12 @@ describe("test authentication token verification", function () {
|
||||||
authSession.first_factor = true;
|
authSession.first_factor = true;
|
||||||
authSession.second_factor = true;
|
authSession.second_factor = true;
|
||||||
authSession.userid = "myuser";
|
authSession.userid = "myuser";
|
||||||
|
authSession.groups = ["mygroup", "othergroup"];
|
||||||
|
|
||||||
return VerifyGet.default(req as express.Request, res as any)
|
return VerifyGet.default(req as express.Request, res as any)
|
||||||
.then(function () {
|
.then(function () {
|
||||||
|
sinon.assert.calledWithExactly(res.setHeader, "Remote-User", "myuser");
|
||||||
|
sinon.assert.calledWithExactly(res.setHeader, "Remote-Groups", "mygroup,othergroup");
|
||||||
assert.equal(204, res.status.getCall(0).args[0]);
|
assert.equal(204, res.status.getCall(0).args[0]);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in New Issue