Set headers values Remote-User and Remote-Groups in /verify response

This commit is contained in:
Clement Michaud 2017-09-22 21:18:38 +02:00
parent ae5b647d23
commit d005b83365
4 changed files with 11 additions and 7 deletions

View File

@ -75,15 +75,12 @@ http {
auth_request_set $redirect $upstream_http_redirect; auth_request_set $redirect $upstream_http_redirect;
proxy_set_header Redirect $redirect; proxy_set_header Redirect $redirect;
auth_request_set $user $upstream_http_x_remote_user; auth_request_set $user $upstream_http_remote_user;
proxy_set_header X-Forwarded-User $user; proxy_set_header X-Forwarded-User $user;
auth_request_set $groups $upstream_http_remote_groups; auth_request_set $groups $upstream_http_remote_groups;
proxy_set_header Remote-Groups $groups; proxy_set_header Remote-Groups $groups;
auth_request_set $expiry $upstream_http_remote_expiry;
proxy_set_header Remote-Expiry $expiry;
error_page 401 =302 https://auth.test.local:8080?redirect=$redirect; error_page 401 =302 https://auth.test.local:8080?redirect=$redirect;
error_page 403 = https://auth.test.local:8080/error/403; error_page 403 = https://auth.test.local:8080/error/403;
} }

View File

@ -274,7 +274,10 @@ export const SECOND_FACTOR_GET = "/secondfactor";
* @apiError (Error 401) status The user is not authenticated. * @apiError (Error 401) status The user is not authenticated.
* *
* @apiDescription Verify that the user is authenticated, i.e., the two * @apiDescription Verify that the user is authenticated, i.e., the two
* factors have been validated * factors have been validated.
* If the user is authenticated the response headers Remote-User and Remote-Groups
* are set. Remote-User contains the user id of the currently logged in user and Remote-Groups
* a comma separated list of assigned groups.
*/ */
export const VERIFY_GET = "/verify"; export const VERIFY_GET = "/verify";

View File

@ -1,9 +1,7 @@
import { Winston } from "winston";
import objectPath = require("object-path"); import objectPath = require("object-path");
import BluebirdPromise = require("bluebird"); import BluebirdPromise = require("bluebird");
import express = require("express"); import express = require("express");
import { AccessController } from "../../access_control/AccessController";
import exceptions = require("../../Exceptions"); import exceptions = require("../../Exceptions");
import winston = require("winston"); import winston = require("winston");
import AuthenticationValidator = require("../../AuthenticationValidator"); import AuthenticationValidator = require("../../AuthenticationValidator");
@ -39,6 +37,9 @@ function verify_filter(req: express.Request, res: express.Response): BluebirdPro
if (!authSession.first_factor || !authSession.second_factor) if (!authSession.first_factor || !authSession.second_factor)
return BluebirdPromise.reject(new exceptions.AccessDeniedError("First or second factor not validated")); return BluebirdPromise.reject(new exceptions.AccessDeniedError("First or second factor not validated"));
res.setHeader("Remote-User", username);
res.setHeader("Remote-Groups", groups.join(","));
return BluebirdPromise.resolve(); return BluebirdPromise.resolve();
}); });
} }

View File

@ -45,9 +45,12 @@ describe("test authentication token verification", function () {
authSession.first_factor = true; authSession.first_factor = true;
authSession.second_factor = true; authSession.second_factor = true;
authSession.userid = "myuser"; authSession.userid = "myuser";
authSession.groups = ["mygroup", "othergroup"];
return VerifyGet.default(req as express.Request, res as any); return VerifyGet.default(req as express.Request, res as any);
}) })
.then(function () { .then(function () {
sinon.assert.calledWithExactly(res.setHeader, "Remote-User", "myuser");
sinon.assert.calledWithExactly(res.setHeader, "Remote-Groups", "mygroup,othergroup");
assert.equal(204, res.status.getCall(0).args[0]); assert.equal(204, res.status.getCall(0).args[0]);
}); });
}); });