mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Merge pull request #92 from clems4ever/header-vars
Set headers values Remote-User and Remote-Groups in /verify response
This commit is contained in:
commit
72612e00aa
|
@ -75,15 +75,12 @@ http {
|
|||
auth_request_set $redirect $upstream_http_redirect;
|
||||
proxy_set_header Redirect $redirect;
|
||||
|
||||
auth_request_set $user $upstream_http_x_remote_user;
|
||||
auth_request_set $user $upstream_http_remote_user;
|
||||
proxy_set_header X-Forwarded-User $user;
|
||||
|
||||
auth_request_set $groups $upstream_http_remote_groups;
|
||||
proxy_set_header Remote-Groups $groups;
|
||||
|
||||
auth_request_set $expiry $upstream_http_remote_expiry;
|
||||
proxy_set_header Remote-Expiry $expiry;
|
||||
|
||||
error_page 401 =302 https://auth.test.local:8080?redirect=$redirect;
|
||||
error_page 403 = https://auth.test.local:8080/error/403;
|
||||
}
|
||||
|
|
|
@ -274,7 +274,10 @@ export const SECOND_FACTOR_GET = "/secondfactor";
|
|||
* @apiError (Error 401) status The user is not authenticated.
|
||||
*
|
||||
* @apiDescription Verify that the user is authenticated, i.e., the two
|
||||
* factors have been validated
|
||||
* factors have been validated.
|
||||
* If the user is authenticated the response headers Remote-User and Remote-Groups
|
||||
* are set. Remote-User contains the user id of the currently logged in user and Remote-Groups
|
||||
* a comma separated list of assigned groups.
|
||||
*/
|
||||
export const VERIFY_GET = "/verify";
|
||||
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
|
||||
import { Winston } from "winston";
|
||||
import objectPath = require("object-path");
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import express = require("express");
|
||||
import { AccessController } from "../../access_control/AccessController";
|
||||
import exceptions = require("../../Exceptions");
|
||||
import winston = require("winston");
|
||||
import AuthenticationValidator = require("../../AuthenticationValidator");
|
||||
|
@ -39,6 +37,9 @@ function verify_filter(req: express.Request, res: express.Response): BluebirdPro
|
|||
if (!authSession.first_factor || !authSession.second_factor)
|
||||
return BluebirdPromise.reject(new exceptions.AccessDeniedError("First or second factor not validated"));
|
||||
|
||||
res.setHeader("Remote-User", username);
|
||||
res.setHeader("Remote-Groups", groups.join(","));
|
||||
|
||||
return BluebirdPromise.resolve();
|
||||
});
|
||||
}
|
||||
|
|
|
@ -45,9 +45,12 @@ describe("test authentication token verification", function () {
|
|||
authSession.first_factor = true;
|
||||
authSession.second_factor = true;
|
||||
authSession.userid = "myuser";
|
||||
authSession.groups = ["mygroup", "othergroup"];
|
||||
return VerifyGet.default(req as express.Request, res as any);
|
||||
})
|
||||
.then(function () {
|
||||
sinon.assert.calledWithExactly(res.setHeader, "Remote-User", "myuser");
|
||||
sinon.assert.calledWithExactly(res.setHeader, "Remote-Groups", "mygroup,othergroup");
|
||||
assert.equal(204, res.status.getCall(0).args[0]);
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue
Block a user