From 67d68629da380173ce15090ab3a1b79cf4a6edab Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 8 Feb 2022 16:30:26 +0100 Subject: [PATCH] providers/proxy: fix Host/:Authority not being modified Signed-off-by: Jens Langhammer --- .../outpost/proxyv2/application/mode_proxy.go | 11 ++- .../proxyv2/application/mode_proxy_test.go | 81 +++++++++++++++++++ 2 files changed, 88 insertions(+), 4 deletions(-) create mode 100644 internal/outpost/proxyv2/application/mode_proxy_test.go diff --git a/internal/outpost/proxyv2/application/mode_proxy.go b/internal/outpost/proxyv2/application/mode_proxy.go index 81f0803bd..92dedd766 100644 --- a/internal/outpost/proxyv2/application/mode_proxy.go +++ b/internal/outpost/proxyv2/application/mode_proxy.go @@ -76,15 +76,18 @@ func (a *Application) proxyModifyRequest(ou *url.URL) func(req *http.Request) { claims, _ := a.getClaims(r) r.URL.Scheme = ou.Scheme r.URL.Host = ou.Host - if claims.Proxy != nil && claims.Proxy.BackendOverride != "" { + r.Host = ou.Host + if claims != nil && claims.Proxy != nil && claims.Proxy.BackendOverride != "" { u, err := url.Parse(claims.Proxy.BackendOverride) if err != nil { a.log.WithField("backend_override", claims.Proxy.BackendOverride).WithError(err).Warning("failed parse user backend override") - return + } else { + r.URL.Scheme = u.Scheme + r.URL.Host = u.Host + r.Host = u.Host } - r.URL.Scheme = u.Scheme - r.URL.Host = u.Host } + a.log.WithField("upstream_url", r.URL.String()).Trace("final upstream url") } } diff --git a/internal/outpost/proxyv2/application/mode_proxy_test.go b/internal/outpost/proxyv2/application/mode_proxy_test.go new file mode 100644 index 000000000..6aeb6ccb7 --- /dev/null +++ b/internal/outpost/proxyv2/application/mode_proxy_test.go @@ -0,0 +1,81 @@ +package application + +import ( + "net/http" + "net/http/httptest" + "net/url" + "testing" + + "github.com/stretchr/testify/assert" + "goauthentik.io/internal/outpost/proxyv2/constants" +) + +func TestProxy_ModifyRequest(t *testing.T) { + a := newTestApplication() + req, _ := http.NewRequest("GET", "http://frontend/foo", nil) + u, err := url.Parse("http://backend:8012") + if err != nil { + panic(err) + } + a.proxyModifyRequest(u)(req) + + assert.Equal(t, "/foo", req.URL.Path) + assert.Equal(t, "backend:8012", req.URL.Host) + assert.Equal(t, "backend:8012", req.Host) +} + +func TestProxy_ModifyRequest_Claims(t *testing.T) { + a := newTestApplication() + req, _ := http.NewRequest("GET", "http://frontend/foo", nil) + u, err := url.Parse("http://backend:8012") + if err != nil { + panic(err) + } + rr := httptest.NewRecorder() + + s, _ := a.sessions.Get(req, constants.SeesionName) + s.Values[constants.SessionClaims] = Claims{ + Sub: "foo", + Proxy: &ProxyClaims{ + BackendOverride: "http://other-backend:8123", + }, + } + err = a.sessions.Save(req, rr, s) + if err != nil { + panic(err) + } + + a.proxyModifyRequest(u)(req) + + assert.Equal(t, "/foo", req.URL.Path) + assert.Equal(t, "other-backend:8123", req.URL.Host) + assert.Equal(t, "other-backend:8123", req.Host) +} + +func TestProxy_ModifyRequest_Claims_Invalid(t *testing.T) { + a := newTestApplication() + req, _ := http.NewRequest("GET", "http://frontend/foo", nil) + u, err := url.Parse("http://backend:8012") + if err != nil { + panic(err) + } + rr := httptest.NewRecorder() + + s, _ := a.sessions.Get(req, constants.SeesionName) + s.Values[constants.SessionClaims] = Claims{ + Sub: "foo", + Proxy: &ProxyClaims{ + BackendOverride: ":qewr", + }, + } + err = a.sessions.Save(req, rr, s) + if err != nil { + panic(err) + } + + a.proxyModifyRequest(u)(req) + + assert.Equal(t, "/foo", req.URL.Path) + assert.Equal(t, "backend:8012", req.URL.Host) + assert.Equal(t, "backend:8012", req.Host) +}