|
|
|
@ -19,33 +19,53 @@ import ( |
|
|
|
// Headers retrieved to fetch user's email and group can be configured
|
|
|
|
// Headers retrieved to fetch user's email and group can be configured
|
|
|
|
// with userHeader and groupHeader.
|
|
|
|
// with userHeader and groupHeader.
|
|
|
|
type Config struct { |
|
|
|
type Config struct { |
|
|
|
UserHeader string `json:"userHeader"` |
|
|
|
UserIDHeader string `json:"userIDHeader"` |
|
|
|
GroupHeader string `json:"groupHeader"` |
|
|
|
UserHeader string `json:"userHeader"` |
|
|
|
Groups []string `json:"staticGroups"` |
|
|
|
EmailHeader string `json:"emailHeader"` |
|
|
|
|
|
|
|
GroupHeader string `json:"groupHeader"` |
|
|
|
|
|
|
|
Groups []string `json:"staticGroups"` |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Open returns an authentication strategy which requires no user interaction.
|
|
|
|
// Open returns an authentication strategy which requires no user interaction.
|
|
|
|
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) { |
|
|
|
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) { |
|
|
|
|
|
|
|
userIDHeader := c.UserIDHeader |
|
|
|
|
|
|
|
if userIDHeader == "" { |
|
|
|
|
|
|
|
userIDHeader = "X-Remote-User-Id" |
|
|
|
|
|
|
|
} |
|
|
|
userHeader := c.UserHeader |
|
|
|
userHeader := c.UserHeader |
|
|
|
if userHeader == "" { |
|
|
|
if userHeader == "" { |
|
|
|
userHeader = "X-Remote-User" |
|
|
|
userHeader = "X-Remote-User" |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
emailHeader := c.EmailHeader |
|
|
|
|
|
|
|
if emailHeader == "" { |
|
|
|
|
|
|
|
emailHeader = "X-Remote-User-Email" |
|
|
|
|
|
|
|
} |
|
|
|
groupHeader := c.GroupHeader |
|
|
|
groupHeader := c.GroupHeader |
|
|
|
if groupHeader == "" { |
|
|
|
if groupHeader == "" { |
|
|
|
groupHeader = "X-Remote-Group" |
|
|
|
groupHeader = "X-Remote-Group" |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
return &callback{userHeader: userHeader, groupHeader: groupHeader, logger: logger, pathSuffix: "/" + id, groups: c.Groups}, nil |
|
|
|
return &callback{ |
|
|
|
|
|
|
|
userIDHeader: userIDHeader, |
|
|
|
|
|
|
|
userHeader: userHeader, |
|
|
|
|
|
|
|
emailHeader: emailHeader, |
|
|
|
|
|
|
|
groupHeader: groupHeader, |
|
|
|
|
|
|
|
groups: c.Groups, |
|
|
|
|
|
|
|
logger: logger, |
|
|
|
|
|
|
|
pathSuffix: "/" + id, |
|
|
|
|
|
|
|
}, nil |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Callback is a connector which returns an identity with the HTTP header
|
|
|
|
// Callback is a connector which returns an identity with the HTTP header
|
|
|
|
// X-Remote-User as verified email.
|
|
|
|
// X-Remote-User as verified email.
|
|
|
|
type callback struct { |
|
|
|
type callback struct { |
|
|
|
userHeader string |
|
|
|
userIDHeader string |
|
|
|
groupHeader string |
|
|
|
userHeader string |
|
|
|
groups []string |
|
|
|
emailHeader string |
|
|
|
logger log.Logger |
|
|
|
groupHeader string |
|
|
|
pathSuffix string |
|
|
|
groups []string |
|
|
|
|
|
|
|
logger log.Logger |
|
|
|
|
|
|
|
pathSuffix string |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// LoginURL returns the URL to redirect the user to login with.
|
|
|
|
// LoginURL returns the URL to redirect the user to login with.
|
|
|
|
@ -67,6 +87,14 @@ func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connecto |
|
|
|
if remoteUser == "" { |
|
|
|
if remoteUser == "" { |
|
|
|
return connector.Identity{}, fmt.Errorf("required HTTP header %s is not set", m.userHeader) |
|
|
|
return connector.Identity{}, fmt.Errorf("required HTTP header %s is not set", m.userHeader) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
remoteUserID := r.Header.Get(m.userIDHeader) |
|
|
|
|
|
|
|
if remoteUserID == "" { |
|
|
|
|
|
|
|
remoteUserID = remoteUser |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
remoteUserEmail := r.Header.Get(m.emailHeader) |
|
|
|
|
|
|
|
if remoteUserEmail == "" { |
|
|
|
|
|
|
|
remoteUserEmail = remoteUser |
|
|
|
|
|
|
|
} |
|
|
|
groups := m.groups |
|
|
|
groups := m.groups |
|
|
|
headerGroup := r.Header.Get(m.groupHeader) |
|
|
|
headerGroup := r.Header.Get(m.groupHeader) |
|
|
|
if headerGroup != "" { |
|
|
|
if headerGroup != "" { |
|
|
|
@ -77,9 +105,10 @@ func (m *callback) HandleCallback(s connector.Scopes, r *http.Request) (connecto |
|
|
|
groups = append(splitheaderGroup, groups...) |
|
|
|
groups = append(splitheaderGroup, groups...) |
|
|
|
} |
|
|
|
} |
|
|
|
return connector.Identity{ |
|
|
|
return connector.Identity{ |
|
|
|
UserID: remoteUser, // TODO: figure out if this is a bad ID value.
|
|
|
|
UserID: remoteUserID, |
|
|
|
Email: remoteUser, |
|
|
|
PreferredUsername: remoteUser, |
|
|
|
EmailVerified: true, |
|
|
|
Email: remoteUserEmail, |
|
|
|
Groups: groups, |
|
|
|
EmailVerified: true, |
|
|
|
|
|
|
|
Groups: groups, |
|
|
|
}, nil |
|
|
|
}, nil |
|
|
|
} |
|
|
|
} |
|
|
|
|
Matt Pryor
2 years ago
committed by
GitHub