Pass on authenticated user via X-Forwarded-User header

Fixes #13
2018-12-10 12:44:13 +00:00 · 2018-12-10 12:44:13 +00:00 · df81be1147
commit df81be1147
parent 5dcf889efe
3 changed files with 18 additions and 1 deletions
--- a/example/traefik.toml
+++ b/example/traefik.toml
@ -37,7 +37,8 @@
    address = ":80"

    [entryPoints.http.auth.forward]
-    address = "http://forward-oauth:4181"
+    address = "http://traefik-forward-auth:4181"
+    authResponseHeaders = ["X-Forwarded-User"]

 ################################################################
 # Traefik logs configuration
--- a/main.go
+++ b/main.go
@ -70,6 +70,7 @@ func handler(w http.ResponseWriter, r *http.Request) {
  }

  // Valid request
+  w.Header().Set("X-Forwarded-User", email)
  w.WriteHeader(200)
 }

--- a/main_test.go
+++ b/main_test.go
@ -15,6 +15,9 @@ import (
  "github.com/op/go-logging"
 )

+/**
+ * Utilities
+ */

 type TokenServerHandler struct {}
 func (t *TokenServerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@ -79,6 +82,10 @@ func qsDiff(one, two url.Values) {
  }
 }

+/**
+ * Tests
+ */
+
 func TestHandler(t *testing.T) {
  fw = &ForwardAuth{
    Path: "_oauth",
@ -138,6 +145,14 @@ func TestHandler(t *testing.T) {
  if res.StatusCode != 200 {
    t.Error("Valid request should be allowed, got:", res.StatusCode)
  }
+
+  // Should pass through user
+  users := res.Header["X-Forwarded-User"];
+  if len(users) != 1 {
+    t.Error("Valid request missing X-Forwarded-User header")
+  } else if users[0] != "test@example.com" {
+    t.Error("X-Forwarded-User should match user, got: ", users)
+  }
 }

 func TestCallback(t *testing.T) {