#65: Set headers X-Remote-User and Remote-Groups

pull/66/head
Tim Aebi 2017-08-19 11:45:26 +02:00
parent 7be61d7357
commit 9d1d10596f
8 changed files with 15 additions and 1986 deletions

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@ -1,15 +1 @@
define({ define({ "title": "Authelia API documentation", "name": "authelia", "version": "3.2.0", "description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F", "sampleUrl": false, "defaultVersion": "0.0.0", "apidoc": "0.3.0", "generator": { "name": "apidoc", "time": "2017-08-19T09:41:58.170Z", "url": "http://apidocjs.com", "version": "0.17.6" } });
"title": "Authelia API documentation",
"name": "authelia",
"version": "2.1.3",
"description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F",
"sampleUrl": false,
"defaultVersion": "0.0.0",
"apidoc": "0.3.0",
"generator": {
"name": "apidoc",
"time": "2017-06-11T20:41:36.025Z",
"url": "http://apidocjs.com",
"version": "0.17.6"
}
});

View File

@ -1,15 +1 @@
{ { "title": "Authelia API documentation", "name": "authelia", "version": "3.2.0", "description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F", "sampleUrl": false, "defaultVersion": "0.0.0", "apidoc": "0.3.0", "generator": { "name": "apidoc", "time": "2017-08-19T09:41:58.170Z", "url": "http://apidocjs.com", "version": "0.17.6" } }
"title": "Authelia API documentation",
"name": "authelia",
"version": "2.1.3",
"description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F",
"sampleUrl": false,
"defaultVersion": "0.0.0",
"apidoc": "0.3.0",
"generator": {
"name": "apidoc",
"time": "2017-06-11T20:41:36.025Z",
"url": "http://apidocjs.com",
"version": "0.17.6"
}
}

View File

@ -78,12 +78,10 @@ http {
location = /secret.html { location = /secret.html {
auth_request /auth_verify; auth_request /auth_verify;
auth_request_set $user $upstream_http_x_remote_user; auth_request_set $user $upstream_http_remote_user;
proxy_set_header X-Forwarded-User $user; proxy_set_header X-Forwarded-User $user;
auth_request_set $groups $upstream_http_remote_groups; auth_request_set $groups $upstream_http_remote_groups;
proxy_set_header Remote-Groups $groups; proxy_set_header Remote-Groups $groups;
auth_request_set $expiry $upstream_http_remote_expiry;
proxy_set_header Remote-Expiry $expiry;
} }
} }
} }

View File

@ -274,7 +274,10 @@ export const SECOND_FACTOR_GET = "/secondfactor";
* @apiError (Error 401) status The user is not authenticated. * @apiError (Error 401) status The user is not authenticated.
* *
* @apiDescription Verify that the user is authenticated, i.e., the two * @apiDescription Verify that the user is authenticated, i.e., the two
* factors have been validated * factors have been validated.
* If the user is authenticated the response headers Remote-User and Remote-Groups
* are set. Remote-User contains the user id of the currently logged in user and Remote-Groups
* a comma separated list of assigned groups.
*/ */
export const VERIFY_GET = "/verify"; export const VERIFY_GET = "/verify";

View File

@ -1,9 +1,7 @@
import { Winston } from "winston";
import objectPath = require("object-path"); import objectPath = require("object-path");
import BluebirdPromise = require("bluebird"); import BluebirdPromise = require("bluebird");
import express = require("express"); import express = require("express");
import { AccessController } from "../../access_control/AccessController";
import exceptions = require("../../Exceptions"); import exceptions = require("../../Exceptions");
import winston = require("winston"); import winston = require("winston");
import AuthenticationValidator = require("../../AuthenticationValidator"); import AuthenticationValidator = require("../../AuthenticationValidator");
@ -35,6 +33,9 @@ function verify_filter(req: express.Request, res: express.Response): BluebirdPro
if (!authSession.first_factor || !authSession.second_factor) if (!authSession.first_factor || !authSession.second_factor)
return BluebirdPromise.reject(new exceptions.AccessDeniedError("First or second factor not validated")); return BluebirdPromise.reject(new exceptions.AccessDeniedError("First or second factor not validated"));
res.setHeader("Remote-User", username);
res.setHeader("Remote-Groups", groups.join(","));
return BluebirdPromise.resolve(); return BluebirdPromise.resolve();
}); });
} }

View File

@ -41,9 +41,12 @@ describe("test authentication token verification", function () {
authSession.first_factor = true; authSession.first_factor = true;
authSession.second_factor = true; authSession.second_factor = true;
authSession.userid = "myuser"; authSession.userid = "myuser";
authSession.groups = ["mygroup", "othergroup"];
return VerifyGet.default(req as express.Request, res as any) return VerifyGet.default(req as express.Request, res as any)
.then(function () { .then(function () {
sinon.assert.calledWithExactly(res.setHeader, "Remote-User", "myuser");
sinon.assert.calledWithExactly(res.setHeader, "Remote-Groups", "mygroup,othergroup");
assert.equal(204, res.status.getCall(0).args[0]); assert.equal(204, res.status.getCall(0).args[0]);
}); });
}); });