wn/traefik-forward-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Optionally match emails against *either* whitelist or domains when both are provided (#106)

Browse Source 
The previous behaviour would ignore domains if the whitelist parameter was provided, however if both parameters are provided then matching either is more likely the intent.
This commit is contained in:
Thom Seddon
2020-06-03 14:11:59 +01:00
committed by GitHub
parent 8b3a950162
commit fb8b216481
5 changed files with 72 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
internal/auth_test.go
View File

@ -93,6 +93,30 @@ func TestAuthValidateEmail(t *testing.T) {
config.Whitelist = []string{"test@test.com"}
v = ValidateEmail("test@test.com")
assert.True(v, "should allow user in whitelist")
// Should allow only matching email address when
// MatchWhitelistOrDomain is disabled
config.Domains = []string{"example.com"}
config.Whitelist = []string{"test@test.com"}
config.MatchWhitelistOrDomain = false
v = ValidateEmail("test@test.com")
assert.True(v, "should allow user in whitelist")
v = ValidateEmail("test@example.com")
assert.False(v, "should not allow user from valid domain")
v = ValidateEmail("one@two.com")
assert.False(v, "should not allow user not in either")
// Should allow either matching domain or email address when
// MatchWhitelistOrDomain is enabled
config.Domains = []string{"example.com"}
config.Whitelist = []string{"test@test.com"}
config.MatchWhitelistOrDomain = true
v = ValidateEmail("test@test.com")
assert.True(v, "should allow user in whitelist")
v = ValidateEmail("test@example.com")
assert.True(v, "should allow user from valid domain")
v = ValidateEmail("one@two.com")
assert.False(v, "should not allow user not in either")
}
func TestRedirectUri(t *testing.T) {