diff --git a/example/httpbin/docker-compose.yml b/example/httpbin/docker-compose.yml new file mode 100644 index 00000000..b21cdc54 --- /dev/null +++ b/example/httpbin/docker-compose.yml @@ -0,0 +1,6 @@ +version: '2' +services: + httpbin: + image: citizenstig/httpbin + networks: + - example-network diff --git a/example/nginx/nginx.conf b/example/nginx/nginx.conf index 542d6221..a1ec3dbc 100644 --- a/example/nginx/nginx.conf +++ b/example/nginx/nginx.conf @@ -74,16 +74,16 @@ http { proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; + proxy_set_header Content-Length ""; proxy_pass http://authelia/verify; } location / { auth_request /auth_verify; - - auth_request_set $redirect $upstream_http_redirect; - proxy_set_header Redirect $redirect; + auth_request_set $redirect $upstream_http_redirect; + auth_request_set $user $upstream_http_remote_user; proxy_set_header X-Forwarded-User $user; @@ -93,6 +93,23 @@ http { error_page 401 =302 https://auth.test.local:8080?redirect=$redirect; error_page 403 = https://auth.test.local:8080/error/403; } + + location /headers { + auth_request /auth_verify; + + auth_request_set $redirect $upstream_http_redirect; + + auth_request_set $user $upstream_http_remote_user; + proxy_set_header Custom-Forwarded-User $user; + + auth_request_set $groups $upstream_http_remote_groups; + proxy_set_header Custom-Forwarded-Groups $groups; + + proxy_pass http://httpbin:8000/headers; + + error_page 401 =302 https://auth.test.local:8080?redirect=$redirect; + error_page 403 = https://auth.test.local:8080/error/403; + } } server { @@ -110,15 +127,15 @@ http { proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; + proxy_set_header Content-Length ""; proxy_pass http://authelia/verify; } location / { auth_request /auth_verify; - + auth_request_set $redirect $upstream_http_redirect; - proxy_set_header Redirect $redirect; auth_request_set $user $upstream_http_remote_user; proxy_set_header X-Forwarded-User $user; @@ -146,15 +163,15 @@ http { proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; + proxy_set_header Content-Length ""; proxy_pass http://authelia/verify; } location / { auth_request /auth_verify; - + auth_request_set $redirect $upstream_http_redirect; - proxy_set_header Redirect $redirect; auth_request_set $user $upstream_http_remote_user; proxy_set_header X-Forwarded-User $user; @@ -189,9 +206,8 @@ http { location / { auth_request /auth_verify; - + auth_request_set $redirect $upstream_http_redirect; - proxy_set_header Redirect $redirect; auth_request_set $user $upstream_http_remote_user; proxy_set_header X-Forwarded-User $user; @@ -226,9 +242,8 @@ http { location / { auth_request /auth_verify; - + auth_request_set $redirect $upstream_http_redirect; - proxy_set_header Redirect $redirect; auth_request_set $user $upstream_http_remote_user; proxy_set_header X-Forwarded-User $user; diff --git a/scripts/dc-dev.sh b/scripts/dc-dev.sh index 3d83b914..75b6ba6a 100755 --- a/scripts/dc-dev.sh +++ b/scripts/dc-dev.sh @@ -10,5 +10,6 @@ docker-compose \ -f example/redis/docker-compose.yml \ -f example/nginx/docker-compose.yml \ -f example/smtp/docker-compose.yml \ + -f example/httpbin/docker-compose.yml \ -f example/ldap/docker-compose.admin.yml \ -f example/ldap/docker-compose.yml $* diff --git a/scripts/example-commit/dc-example.sh b/scripts/example-commit/dc-example.sh index 9ede68d9..59c344c4 100755 --- a/scripts/example-commit/dc-example.sh +++ b/scripts/example-commit/dc-example.sh @@ -9,4 +9,5 @@ docker-compose \ -f example/redis/docker-compose.yml \ -f example/nginx/docker-compose.yml \ -f example/smtp/docker-compose.yml \ + -f example/httpbin/docker-compose.yml \ -f example/ldap/docker-compose.yml $* diff --git a/scripts/example-commit/deploy-example.sh b/scripts/example-commit/deploy-example.sh index e5855f1f..3ea60e07 100755 --- a/scripts/example-commit/deploy-example.sh +++ b/scripts/example-commit/deploy-example.sh @@ -3,4 +3,4 @@ DC_SCRIPT=./scripts/example-commit/dc-example.sh $DC_SCRIPT build -$DC_SCRIPT up -d mongo redis openldap authelia nginx smtp +$DC_SCRIPT up -d httpbin mongo redis openldap authelia nginx smtp diff --git a/scripts/example-dockerhub/dc-example.sh b/scripts/example-dockerhub/dc-example.sh index e7348674..94d242ba 100755 --- a/scripts/example-dockerhub/dc-example.sh +++ b/scripts/example-dockerhub/dc-example.sh @@ -9,4 +9,5 @@ docker-compose \ -f example/redis/docker-compose.yml \ -f example/nginx/docker-compose.yml \ -f example/smtp/docker-compose.yml \ + -f example/httpbin/docker-compose.yml \ -f example/ldap/docker-compose.yml $* diff --git a/scripts/example-dockerhub/deploy-example.sh b/scripts/example-dockerhub/deploy-example.sh index 81eddfdb..ec042ec7 100755 --- a/scripts/example-dockerhub/deploy-example.sh +++ b/scripts/example-dockerhub/deploy-example.sh @@ -3,4 +3,4 @@ DC_SCRIPT=./scripts/example-dockerhub/dc-example.sh #$DC_SCRIPT build -$DC_SCRIPT up -d mongo redis openldap authelia nginx smtp +$DC_SCRIPT up -d httpbin mongo redis openldap authelia nginx smtp diff --git a/scripts/integration-tests.sh b/scripts/integration-tests.sh index 1cabe9bc..09f16ad9 100755 --- a/scripts/integration-tests.sh +++ b/scripts/integration-tests.sh @@ -1,14 +1,14 @@ #!/bin/bash DC_SCRIPT=./scripts/example-commit/dc-example.sh -EXPECTED_SERVICES_COUNT=6 +EXPECTED_SERVICES_COUNT=7 build_services() { $DC_SCRIPT build authelia } start_services() { - $DC_SCRIPT up -d mongo redis openldap authelia nginx smtp + $DC_SCRIPT up -d httpbin mongo redis openldap authelia nginx smtp sleep 3 } diff --git a/test/features/forward-headers.feature b/test/features/forward-headers.feature new file mode 100644 index 00000000..3b363526 --- /dev/null +++ b/test/features/forward-headers.feature @@ -0,0 +1,6 @@ +Feature: User and groups headers are correctly forwarded to backend + @need-authenticated-user-john + Scenario: Custom-Forwarded-User and Custom-Forwarded-Groups are correctly forwarded to protected backend + When I visit "https://public.test.local:8080/headers" + Then I see header "Custom-Forwarded-User" set to "john" + Then I see header "Custom-Forwarded-Groups" set to "dev,admin" diff --git a/test/features/step_definitions/forward-headers.ts b/test/features/step_definitions/forward-headers.ts new file mode 100644 index 00000000..2e61771c --- /dev/null +++ b/test/features/step_definitions/forward-headers.ts @@ -0,0 +1,20 @@ +import Cucumber = require("cucumber"); +import seleniumWebdriver = require("selenium-webdriver"); +import CustomWorld = require("../support/world"); +import Util = require("util"); +import BluebirdPromise = require("bluebird"); + +Cucumber.defineSupportCode(function ({ Given, When, Then }) { + Then("I see header {stringInDoubleQuotes} set to {stringInDoubleQuotes}", + { timeout: 5000 }, + function (expectedHeaderName: string, expectedValue: string) { + return this.driver.findElement(seleniumWebdriver.By.tagName("body")).getText() + .then(function (txt: string) { + const expectedLine = Util.format("\"%s\": \"%s\"", expectedHeaderName, expectedValue); + if (txt.indexOf(expectedLine) > 0) + return BluebirdPromise.resolve(); + else + return BluebirdPromise.reject(new Error(Util.format("No such header or with unexpected value."))); + }); + }) +}); \ No newline at end of file diff --git a/test/features/step_definitions/notifications.ts b/test/features/step_definitions/notifications.ts index 8916ba7e..5da9d06a 100644 --- a/test/features/step_definitions/notifications.ts +++ b/test/features/step_definitions/notifications.ts @@ -23,5 +23,4 @@ Cucumber.defineSupportCode(function ({ Given, When, Then }) { return that.driver.sleep(500); }); }); - }); \ No newline at end of file