RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change from basic auth to header authentication

customizations
Jonas Letzbor 2023-06-24 14:08:18 +02:00
parent e9a383be0c
commit dd673e0e82
Signed by: RPJosh
GPG Key ID: 46D72F589702E55A
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
internal/handlers/handler_authz_grpc.go
View File

@ -5,6 +5,7 @@ import (
"fmt" "fmt"
"net" "net"
"net/url" "net/url"
"strings"
"github.com/authelia/authelia/v4/internal/authorization" "github.com/authelia/authelia/v4/internal/authorization"
"github.com/authelia/authelia/v4/internal/configuration/schema" "github.com/authelia/authelia/v4/internal/configuration/schema"
@ -37,7 +38,7 @@ func NewAuthzGRCP(config *schema.Configuration, providers middlewares.Providers)
authBuilder := NewAuthzBuilder().WithConfig(config) authBuilder := NewAuthzBuilder().WithConfig(config)
// Only the following strategies are supported. These are hardcoded at the moment and won't be taken from the configuration // Only the following strategies are supported. These are hardcoded at the moment and won't be taken from the configuration
strategies := []AuthnStrategy{NewHeaderAuthorizationAuthnStrategy(), NewCookieSessionAuthnStrategy(authBuilder.config.RefreshInterval)} strategies := []AuthnStrategy{NewHeaderProxyAuthorizationAuthnStrategy() /* NewHeaderAuthorizationAuthnStrategy(), */, NewCookieSessionAuthnStrategy(authBuilder.config.RefreshInterval)}
return &AuthzGRCP{ return &AuthzGRCP{
Config: config, Config: config,
@ -260,11 +261,10 @@ func (authz *AuthzGRCP) GetHttpCtxFromGRPC(req *autha.CheckRequest) (*fasthttp.R
rtc.Request.Header.Set(fasthttp.HeaderXForwardedFor, data.RemoteHost) rtc.Request.Header.Set(fasthttp.HeaderXForwardedFor, data.RemoteHost)
// Needed for NewHeaderProxyAuthorizationAuthnStrategy and NewHeaderAuthorizationAuthnStrategy // Needed for NewHeaderProxyAuthorizationAuthnStrategy and NewHeaderAuthorizationAuthnStrategy
if val, isSet := headers["authorization"]; isSet { authz.setHeaderIfSet(fasthttp.HeaderAuthorization, rtc, &headers)
rtc.Request.Header.Set(fasthttp.HeaderAuthorization, val) authz.setHeaderIfSet(fasthttp.HeaderProxyAuthorization, rtc, &headers)
} authz.setHeaderIfSet(fasthttp.HeaderWWWAuthenticate, rtc, &headers)
rtc.Request.Header.Set(fasthttp.HeaderProxyAuthorization, headers[fasthttp.HeaderProxyAuthorization]) authz.setHeaderIfSet(fasthttp.HeaderProxyAuthenticate, rtc, &headers)
rtc.Request.Header.Set(fasthttp.HeaderWWWAuthenticate, headers[fasthttp.HeaderWWWAuthenticate])
// Needed for CookieSesseionauthnStrategy // Needed for CookieSesseionauthnStrategy
rtc.Request.Header.Set("cookie", headers["cookie"]) rtc.Request.Header.Set("cookie", headers["cookie"])
@ -272,6 +272,17 @@ func (authz *AuthzGRCP) GetHttpCtxFromGRPC(req *autha.CheckRequest) (*fasthttp.R
return rtc, data return rtc, data
} }
// setHeaderIfSet sets the header in the given fastHttp request if the header from the envoy authentication
// request was also set
func (authz *AuthzGRCP) setHeaderIfSet(headerKeyFast string, rtc *fasthttp.RequestCtx, envoyHeaders *map[string]string) {
// Envoys provided header keys are always lower case
envoyHeaderKey := strings.ToLower(headerKeyFast)
if val, isSet := (*envoyHeaders)[envoyHeaderKey]; isSet {
rtc.Request.Header.Set(headerKeyFast, val)
}
}
// ErrAuthResponse returns an authentication error for envoy with the given status code // ErrAuthResponse returns an authentication error for envoy with the given status code
// and the given text body // and the given text body
func (authz *AuthzGRCP) ErrAuthResponse(statuscode envoy_type.StatusCode, body string) *autha.CheckResponse { func (authz *AuthzGRCP) ErrAuthResponse(statuscode envoy_type.StatusCode, body string) *autha.CheckResponse {