mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Add tests on headers forwarded to backend
Ensure Remote-User and Remote-Groups can be forwarded to the backend app.
This commit is contained in:
parent
f041b946d9
commit
8cf58d7b31
6
example/httpbin/docker-compose.yml
Normal file
6
example/httpbin/docker-compose.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
version: '2'
|
||||||
|
services:
|
||||||
|
httpbin:
|
||||||
|
image: citizenstig/httpbin
|
||||||
|
networks:
|
||||||
|
- example-network
|
|
@ -74,16 +74,16 @@ http {
|
||||||
proxy_set_header X-Original-URI $request_uri;
|
proxy_set_header X-Original-URI $request_uri;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header Content-Length "";
|
||||||
|
|
||||||
proxy_pass http://authelia/verify;
|
proxy_pass http://authelia/verify;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
auth_request /auth_verify;
|
auth_request /auth_verify;
|
||||||
|
|
||||||
auth_request_set $redirect $upstream_http_redirect;
|
|
||||||
proxy_set_header Redirect $redirect;
|
|
||||||
|
|
||||||
|
auth_request_set $redirect $upstream_http_redirect;
|
||||||
|
|
||||||
auth_request_set $user $upstream_http_remote_user;
|
auth_request_set $user $upstream_http_remote_user;
|
||||||
proxy_set_header X-Forwarded-User $user;
|
proxy_set_header X-Forwarded-User $user;
|
||||||
|
|
||||||
|
@ -93,6 +93,23 @@ http {
|
||||||
error_page 401 =302 https://auth.test.local:8080?redirect=$redirect;
|
error_page 401 =302 https://auth.test.local:8080?redirect=$redirect;
|
||||||
error_page 403 = https://auth.test.local:8080/error/403;
|
error_page 403 = https://auth.test.local:8080/error/403;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location /headers {
|
||||||
|
auth_request /auth_verify;
|
||||||
|
|
||||||
|
auth_request_set $redirect $upstream_http_redirect;
|
||||||
|
|
||||||
|
auth_request_set $user $upstream_http_remote_user;
|
||||||
|
proxy_set_header Custom-Forwarded-User $user;
|
||||||
|
|
||||||
|
auth_request_set $groups $upstream_http_remote_groups;
|
||||||
|
proxy_set_header Custom-Forwarded-Groups $groups;
|
||||||
|
|
||||||
|
proxy_pass http://httpbin:8000/headers;
|
||||||
|
|
||||||
|
error_page 401 =302 https://auth.test.local:8080?redirect=$redirect;
|
||||||
|
error_page 403 = https://auth.test.local:8080/error/403;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
@ -110,15 +127,15 @@ http {
|
||||||
proxy_set_header X-Original-URI $request_uri;
|
proxy_set_header X-Original-URI $request_uri;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header Content-Length "";
|
||||||
|
|
||||||
proxy_pass http://authelia/verify;
|
proxy_pass http://authelia/verify;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
auth_request /auth_verify;
|
auth_request /auth_verify;
|
||||||
|
|
||||||
auth_request_set $redirect $upstream_http_redirect;
|
auth_request_set $redirect $upstream_http_redirect;
|
||||||
proxy_set_header Redirect $redirect;
|
|
||||||
|
|
||||||
auth_request_set $user $upstream_http_remote_user;
|
auth_request_set $user $upstream_http_remote_user;
|
||||||
proxy_set_header X-Forwarded-User $user;
|
proxy_set_header X-Forwarded-User $user;
|
||||||
|
@ -146,15 +163,15 @@ http {
|
||||||
proxy_set_header X-Original-URI $request_uri;
|
proxy_set_header X-Original-URI $request_uri;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header Content-Length "";
|
||||||
|
|
||||||
proxy_pass http://authelia/verify;
|
proxy_pass http://authelia/verify;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
auth_request /auth_verify;
|
auth_request /auth_verify;
|
||||||
|
|
||||||
auth_request_set $redirect $upstream_http_redirect;
|
auth_request_set $redirect $upstream_http_redirect;
|
||||||
proxy_set_header Redirect $redirect;
|
|
||||||
|
|
||||||
auth_request_set $user $upstream_http_remote_user;
|
auth_request_set $user $upstream_http_remote_user;
|
||||||
proxy_set_header X-Forwarded-User $user;
|
proxy_set_header X-Forwarded-User $user;
|
||||||
|
@ -189,9 +206,8 @@ http {
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
auth_request /auth_verify;
|
auth_request /auth_verify;
|
||||||
|
|
||||||
auth_request_set $redirect $upstream_http_redirect;
|
auth_request_set $redirect $upstream_http_redirect;
|
||||||
proxy_set_header Redirect $redirect;
|
|
||||||
|
|
||||||
auth_request_set $user $upstream_http_remote_user;
|
auth_request_set $user $upstream_http_remote_user;
|
||||||
proxy_set_header X-Forwarded-User $user;
|
proxy_set_header X-Forwarded-User $user;
|
||||||
|
@ -226,9 +242,8 @@ http {
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
auth_request /auth_verify;
|
auth_request /auth_verify;
|
||||||
|
|
||||||
auth_request_set $redirect $upstream_http_redirect;
|
auth_request_set $redirect $upstream_http_redirect;
|
||||||
proxy_set_header Redirect $redirect;
|
|
||||||
|
|
||||||
auth_request_set $user $upstream_http_remote_user;
|
auth_request_set $user $upstream_http_remote_user;
|
||||||
proxy_set_header X-Forwarded-User $user;
|
proxy_set_header X-Forwarded-User $user;
|
||||||
|
|
|
@ -10,5 +10,6 @@ docker-compose \
|
||||||
-f example/redis/docker-compose.yml \
|
-f example/redis/docker-compose.yml \
|
||||||
-f example/nginx/docker-compose.yml \
|
-f example/nginx/docker-compose.yml \
|
||||||
-f example/smtp/docker-compose.yml \
|
-f example/smtp/docker-compose.yml \
|
||||||
|
-f example/httpbin/docker-compose.yml \
|
||||||
-f example/ldap/docker-compose.admin.yml \
|
-f example/ldap/docker-compose.admin.yml \
|
||||||
-f example/ldap/docker-compose.yml $*
|
-f example/ldap/docker-compose.yml $*
|
||||||
|
|
|
@ -9,4 +9,5 @@ docker-compose \
|
||||||
-f example/redis/docker-compose.yml \
|
-f example/redis/docker-compose.yml \
|
||||||
-f example/nginx/docker-compose.yml \
|
-f example/nginx/docker-compose.yml \
|
||||||
-f example/smtp/docker-compose.yml \
|
-f example/smtp/docker-compose.yml \
|
||||||
|
-f example/httpbin/docker-compose.yml \
|
||||||
-f example/ldap/docker-compose.yml $*
|
-f example/ldap/docker-compose.yml $*
|
||||||
|
|
|
@ -3,4 +3,4 @@
|
||||||
DC_SCRIPT=./scripts/example-commit/dc-example.sh
|
DC_SCRIPT=./scripts/example-commit/dc-example.sh
|
||||||
|
|
||||||
$DC_SCRIPT build
|
$DC_SCRIPT build
|
||||||
$DC_SCRIPT up -d mongo redis openldap authelia nginx smtp
|
$DC_SCRIPT up -d httpbin mongo redis openldap authelia nginx smtp
|
||||||
|
|
|
@ -9,4 +9,5 @@ docker-compose \
|
||||||
-f example/redis/docker-compose.yml \
|
-f example/redis/docker-compose.yml \
|
||||||
-f example/nginx/docker-compose.yml \
|
-f example/nginx/docker-compose.yml \
|
||||||
-f example/smtp/docker-compose.yml \
|
-f example/smtp/docker-compose.yml \
|
||||||
|
-f example/httpbin/docker-compose.yml \
|
||||||
-f example/ldap/docker-compose.yml $*
|
-f example/ldap/docker-compose.yml $*
|
||||||
|
|
|
@ -3,4 +3,4 @@
|
||||||
DC_SCRIPT=./scripts/example-dockerhub/dc-example.sh
|
DC_SCRIPT=./scripts/example-dockerhub/dc-example.sh
|
||||||
|
|
||||||
#$DC_SCRIPT build
|
#$DC_SCRIPT build
|
||||||
$DC_SCRIPT up -d mongo redis openldap authelia nginx smtp
|
$DC_SCRIPT up -d httpbin mongo redis openldap authelia nginx smtp
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
DC_SCRIPT=./scripts/example-commit/dc-example.sh
|
DC_SCRIPT=./scripts/example-commit/dc-example.sh
|
||||||
EXPECTED_SERVICES_COUNT=6
|
EXPECTED_SERVICES_COUNT=7
|
||||||
|
|
||||||
build_services() {
|
build_services() {
|
||||||
$DC_SCRIPT build authelia
|
$DC_SCRIPT build authelia
|
||||||
}
|
}
|
||||||
|
|
||||||
start_services() {
|
start_services() {
|
||||||
$DC_SCRIPT up -d mongo redis openldap authelia nginx smtp
|
$DC_SCRIPT up -d httpbin mongo redis openldap authelia nginx smtp
|
||||||
sleep 3
|
sleep 3
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
6
test/features/forward-headers.feature
Normal file
6
test/features/forward-headers.feature
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
Feature: User and groups headers are correctly forwarded to backend
|
||||||
|
@need-authenticated-user-john
|
||||||
|
Scenario: Custom-Forwarded-User and Custom-Forwarded-Groups are correctly forwarded to protected backend
|
||||||
|
When I visit "https://public.test.local:8080/headers"
|
||||||
|
Then I see header "Custom-Forwarded-User" set to "john"
|
||||||
|
Then I see header "Custom-Forwarded-Groups" set to "dev,admin"
|
20
test/features/step_definitions/forward-headers.ts
Normal file
20
test/features/step_definitions/forward-headers.ts
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
import Cucumber = require("cucumber");
|
||||||
|
import seleniumWebdriver = require("selenium-webdriver");
|
||||||
|
import CustomWorld = require("../support/world");
|
||||||
|
import Util = require("util");
|
||||||
|
import BluebirdPromise = require("bluebird");
|
||||||
|
|
||||||
|
Cucumber.defineSupportCode(function ({ Given, When, Then }) {
|
||||||
|
Then("I see header {stringInDoubleQuotes} set to {stringInDoubleQuotes}",
|
||||||
|
{ timeout: 5000 },
|
||||||
|
function (expectedHeaderName: string, expectedValue: string) {
|
||||||
|
return this.driver.findElement(seleniumWebdriver.By.tagName("body")).getText()
|
||||||
|
.then(function (txt: string) {
|
||||||
|
const expectedLine = Util.format("\"%s\": \"%s\"", expectedHeaderName, expectedValue);
|
||||||
|
if (txt.indexOf(expectedLine) > 0)
|
||||||
|
return BluebirdPromise.resolve();
|
||||||
|
else
|
||||||
|
return BluebirdPromise.reject(new Error(Util.format("No such header or with unexpected value.")));
|
||||||
|
});
|
||||||
|
})
|
||||||
|
});
|
|
@ -23,5 +23,4 @@ Cucumber.defineSupportCode(function ({ Given, When, Then }) {
|
||||||
return that.driver.sleep(500);
|
return that.driver.sleep(500);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
});
|
});
|
Loading…
Reference in New Issue
Block a user