Change from basic auth to header authentication

customizations
Jonas Letzbor 2023-06-24 14:08:18 +02:00
parent e9a383be0c
commit dd673e0e82
Signed by: RPJosh
GPG Key ID: 46D72F589702E55A
1 changed files with 17 additions and 6 deletions

View File

@ -5,6 +5,7 @@ import (
"fmt"
"net"
"net/url"
"strings"
"github.com/authelia/authelia/v4/internal/authorization"
"github.com/authelia/authelia/v4/internal/configuration/schema"
@ -37,7 +38,7 @@ func NewAuthzGRCP(config *schema.Configuration, providers middlewares.Providers)
authBuilder := NewAuthzBuilder().WithConfig(config)
// Only the following strategies are supported. These are hardcoded at the moment and won't be taken from the configuration
strategies := []AuthnStrategy{NewHeaderAuthorizationAuthnStrategy(), NewCookieSessionAuthnStrategy(authBuilder.config.RefreshInterval)}
strategies := []AuthnStrategy{NewHeaderProxyAuthorizationAuthnStrategy() /* NewHeaderAuthorizationAuthnStrategy(), */, NewCookieSessionAuthnStrategy(authBuilder.config.RefreshInterval)}
return &AuthzGRCP{
Config: config,
@ -260,11 +261,10 @@ func (authz *AuthzGRCP) GetHttpCtxFromGRPC(req *autha.CheckRequest) (*fasthttp.R
rtc.Request.Header.Set(fasthttp.HeaderXForwardedFor, data.RemoteHost)
// Needed for NewHeaderProxyAuthorizationAuthnStrategy and NewHeaderAuthorizationAuthnStrategy
if val, isSet := headers["authorization"]; isSet {
rtc.Request.Header.Set(fasthttp.HeaderAuthorization, val)
}
rtc.Request.Header.Set(fasthttp.HeaderProxyAuthorization, headers[fasthttp.HeaderProxyAuthorization])
rtc.Request.Header.Set(fasthttp.HeaderWWWAuthenticate, headers[fasthttp.HeaderWWWAuthenticate])
authz.setHeaderIfSet(fasthttp.HeaderAuthorization, rtc, &headers)
authz.setHeaderIfSet(fasthttp.HeaderProxyAuthorization, rtc, &headers)
authz.setHeaderIfSet(fasthttp.HeaderWWWAuthenticate, rtc, &headers)
authz.setHeaderIfSet(fasthttp.HeaderProxyAuthenticate, rtc, &headers)
// Needed for CookieSesseionauthnStrategy
rtc.Request.Header.Set("cookie", headers["cookie"])
@ -272,6 +272,17 @@ func (authz *AuthzGRCP) GetHttpCtxFromGRPC(req *autha.CheckRequest) (*fasthttp.R
return rtc, data
}
// setHeaderIfSet sets the header in the given fastHttp request if the header from the envoy authentication
// request was also set
func (authz *AuthzGRCP) setHeaderIfSet(headerKeyFast string, rtc *fasthttp.RequestCtx, envoyHeaders *map[string]string) {
// Envoys provided header keys are always lower case
envoyHeaderKey := strings.ToLower(headerKeyFast)
if val, isSet := (*envoyHeaders)[envoyHeaderKey]; isSet {
rtc.Request.Header.Set(headerKeyFast, val)
}
}
// ErrAuthResponse returns an authentication error for envoy with the given status code
// and the given text body
func (authz *AuthzGRCP) ErrAuthResponse(statuscode envoy_type.StatusCode, body string) *autha.CheckResponse {