From df81be11475ffeeadcfc983c5703c1bac458a767 Mon Sep 17 00:00:00 2001 From: Thom Seddon Date: Mon, 10 Dec 2018 12:44:13 +0000 Subject: [PATCH] Pass on authenticated user via X-Forwarded-User header Fixes #13 --- example/traefik.toml | 3 ++- main.go | 1 + main_test.go | 15 +++++++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/example/traefik.toml b/example/traefik.toml index a5e9c4f..4aa9882 100644 --- a/example/traefik.toml +++ b/example/traefik.toml @@ -37,7 +37,8 @@ address = ":80" [entryPoints.http.auth.forward] - address = "http://forward-oauth:4181" + address = "http://traefik-forward-auth:4181" + authResponseHeaders = ["X-Forwarded-User"] ################################################################ # Traefik logs configuration diff --git a/main.go b/main.go index e631fb2..900a890 100644 --- a/main.go +++ b/main.go @@ -70,6 +70,7 @@ func handler(w http.ResponseWriter, r *http.Request) { } // Valid request + w.Header().Set("X-Forwarded-User", email) w.WriteHeader(200) } diff --git a/main_test.go b/main_test.go index 6876fb3..01b07f1 100644 --- a/main_test.go +++ b/main_test.go @@ -15,6 +15,9 @@ import ( "github.com/op/go-logging" ) +/** + * Utilities + */ type TokenServerHandler struct {} func (t *TokenServerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { @@ -79,6 +82,10 @@ func qsDiff(one, two url.Values) { } } +/** + * Tests + */ + func TestHandler(t *testing.T) { fw = &ForwardAuth{ Path: "_oauth", @@ -138,6 +145,14 @@ func TestHandler(t *testing.T) { if res.StatusCode != 200 { t.Error("Valid request should be allowed, got:", res.StatusCode) } + + // Should pass through user + users := res.Header["X-Forwarded-User"]; + if len(users) != 1 { + t.Error("Valid request missing X-Forwarded-User header") + } else if users[0] != "test@example.com" { + t.Error("X-Forwarded-User should match user, got: ", users) + } } func TestCallback(t *testing.T) {