outposts/ldap: fix AUTHENTIK_INSECURE not being respected for API client during bind

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-05-16 00:01:16 +02:00
parent 34e2bbc41d
commit d0d3072c50
4 changed files with 13 additions and 6 deletions

View File

@ -42,7 +42,7 @@ type APIController struct {
// NewAPIController initialise new API Controller instance from URL and API token // NewAPIController initialise new API Controller instance from URL and API token
func NewAPIController(akURL url.URL, token string) *APIController { func NewAPIController(akURL url.URL, token string) *APIController {
transport := httptransport.New(akURL.Host, client.DefaultBasePath, []string{akURL.Scheme}) transport := httptransport.New(akURL.Host, client.DefaultBasePath, []string{akURL.Scheme})
transport.Transport = SetUserAgent(getTLSTransport(), pkg.UserAgent()) transport.Transport = SetUserAgent(GetTLSTransport(), pkg.UserAgent())
// create the transport // create the transport
auth := httptransport.BearerToken(token) auth := httptransport.BearerToken(token)

View File

@ -52,7 +52,8 @@ func doGlobalSetup(config map[string]interface{}) {
defer sentry.Flush(2 * time.Second) defer sentry.Flush(2 * time.Second)
} }
func getTLSTransport() http.RoundTripper { // GetTLSTransport Get a TLS transport instance, that skips verification if configured via environment variables.
func GetTLSTransport() http.RoundTripper {
value, set := os.LookupEnv("AUTHENTIK_INSECURE") value, set := os.LookupEnv("AUTHENTIK_INSECURE")
if !set { if !set {
value = "false" value = "false"

View File

@ -55,14 +55,18 @@ func (ls *LDAPServer) Start() error {
type transport struct { type transport struct {
headers map[string]string headers map[string]string
inner http.RoundTripper
} }
func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) { func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
for key, value := range t.headers { for key, value := range t.headers {
req.Header.Add(key, value) req.Header.Add(key, value)
} }
return http.DefaultTransport.RoundTrip(req) return t.inner.RoundTrip(req)
}
func newTransport(inner http.RoundTripper, headers map[string]string) *transport {
return &transport{
inner: inner,
headers: headers,
} }
func newTransport(headers map[string]string) *transport {
return &transport{headers}
} }

View File

@ -14,6 +14,8 @@ import (
goldap "github.com/go-ldap/ldap/v3" goldap "github.com/go-ldap/ldap/v3"
httptransport "github.com/go-openapi/runtime/client" httptransport "github.com/go-openapi/runtime/client"
"github.com/nmcclain/ldap" "github.com/nmcclain/ldap"
"goauthentik.io/outpost/pkg"
"goauthentik.io/outpost/pkg/ak"
"goauthentik.io/outpost/pkg/client/core" "goauthentik.io/outpost/pkg/client/core"
"goauthentik.io/outpost/pkg/client/flows" "goauthentik.io/outpost/pkg/client/flows"
"goauthentik.io/outpost/pkg/models" "goauthentik.io/outpost/pkg/models"
@ -61,7 +63,7 @@ func (pi *ProviderInstance) Bind(username string, bindDN, bindPW string, conn ne
// Create new http client that also sets the correct ip // Create new http client that also sets the correct ip
client := &http.Client{ client := &http.Client{
Jar: jar, Jar: jar,
Transport: newTransport(map[string]string{ Transport: newTransport(ak.SetUserAgent(ak.GetTLSTransport(), pkg.UserAgent()), map[string]string{
"X-authentik-remote-ip": host, "X-authentik-remote-ip": host,
}), }),
} }