trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

internal: set Host on url in envoy 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-08-18 22:42:22 +01:00
parent 0cc83c23c4
commit 8ffae4505f
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
internal/outpost/proxyv2/application/mode_forward.go
View File

@ -154,6 +154,7 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request
func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request) { func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request) {
a.log.WithField("header", r.Header).Trace("tracing headers for debug") a.log.WithField("header", r.Header).Trace("tracing headers for debug")
r.URL.Path = strings.TrimPrefix(r.URL.Path, envoyPrefix) r.URL.Path = strings.TrimPrefix(r.URL.Path, envoyPrefix)
r.URL.Host = r.Host
fwd := r.URL fwd := r.URL
// Check if we're authenticated, or the request path is on the allowlist // Check if we're authenticated, or the request path is on the allowlist
claims, err := a.getClaims(r) claims, err := a.getClaims(r)

8
internal/outpost/proxyv2/application/mode_forward_envoy_test.go
View File

@ -24,7 +24,8 @@ func TestForwardHandleEnvoy_Single_Skip(t *testing.T) {
func TestForwardHandleEnvoy_Single_Headers(t *testing.T) { func TestForwardHandleEnvoy_Single_Headers(t *testing.T) {
a := newTestApplication() a := newTestApplication()
req, _ := http.NewRequest("GET", "http://test.goauthentik.io/app", nil) req, _ := http.NewRequest("GET", "http:///app", nil)
req.Host = "ext.t.goauthentik.io"
rr := httptest.NewRecorder() rr := httptest.NewRecorder()
a.forwardHandleEnvoy(rr, req) a.forwardHandleEnvoy(rr, req)
@ -39,7 +40,7 @@ func TestForwardHandleEnvoy_Single_Headers(t *testing.T) {
"state": []string{s.Values[constants.SessionOAuthState].([]string)[0]}, "state": []string{s.Values[constants.SessionOAuthState].([]string)[0]},
} }
assert.Equal(t, fmt.Sprintf("http://fake-auth.t.goauthentik.io/auth?%s", shouldUrl.Encode()), loc.String()) assert.Equal(t, fmt.Sprintf("http://fake-auth.t.goauthentik.io/auth?%s", shouldUrl.Encode()), loc.String())
assert.Equal(t, "http://test.goauthentik.io/app", s.Values[constants.SessionRedirect]) assert.Equal(t, "http://ext.t.goauthentik.io/app", s.Values[constants.SessionRedirect])
} }
func TestForwardHandleEnvoy_Single_Claims(t *testing.T) { func TestForwardHandleEnvoy_Single_Claims(t *testing.T) {
@ -91,7 +92,8 @@ func TestForwardHandleEnvoy_Domain_Header(t *testing.T) {
a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr()) a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr())
a.proxyConfig.CookieDomain = api.PtrString("foo") a.proxyConfig.CookieDomain = api.PtrString("foo")
a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io" a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
req, _ := http.NewRequest("GET", "http://test.goauthentik.io/app", nil) req, _ := http.NewRequest("GET", "http:///app", nil)
req.Host = "test.goauthentik.io"
rr := httptest.NewRecorder() rr := httptest.NewRecorder()
a.forwardHandleEnvoy(rr, req) a.forwardHandleEnvoy(rr, req)