outposts/ldap: fix AUTHENTIK_INSECURE not being respected for API client during bind
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
34e2bbc41d
commit
d0d3072c50
|
@ -42,7 +42,7 @@ type APIController struct {
|
||||||
// NewAPIController initialise new API Controller instance from URL and API token
|
// NewAPIController initialise new API Controller instance from URL and API token
|
||||||
func NewAPIController(akURL url.URL, token string) *APIController {
|
func NewAPIController(akURL url.URL, token string) *APIController {
|
||||||
transport := httptransport.New(akURL.Host, client.DefaultBasePath, []string{akURL.Scheme})
|
transport := httptransport.New(akURL.Host, client.DefaultBasePath, []string{akURL.Scheme})
|
||||||
transport.Transport = SetUserAgent(getTLSTransport(), pkg.UserAgent())
|
transport.Transport = SetUserAgent(GetTLSTransport(), pkg.UserAgent())
|
||||||
|
|
||||||
// create the transport
|
// create the transport
|
||||||
auth := httptransport.BearerToken(token)
|
auth := httptransport.BearerToken(token)
|
||||||
|
|
|
@ -52,7 +52,8 @@ func doGlobalSetup(config map[string]interface{}) {
|
||||||
defer sentry.Flush(2 * time.Second)
|
defer sentry.Flush(2 * time.Second)
|
||||||
}
|
}
|
||||||
|
|
||||||
func getTLSTransport() http.RoundTripper {
|
// GetTLSTransport Get a TLS transport instance, that skips verification if configured via environment variables.
|
||||||
|
func GetTLSTransport() http.RoundTripper {
|
||||||
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
|
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
|
||||||
if !set {
|
if !set {
|
||||||
value = "false"
|
value = "false"
|
||||||
|
|
|
@ -55,14 +55,18 @@ func (ls *LDAPServer) Start() error {
|
||||||
|
|
||||||
type transport struct {
|
type transport struct {
|
||||||
headers map[string]string
|
headers map[string]string
|
||||||
|
inner http.RoundTripper
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
|
func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||||
for key, value := range t.headers {
|
for key, value := range t.headers {
|
||||||
req.Header.Add(key, value)
|
req.Header.Add(key, value)
|
||||||
}
|
}
|
||||||
return http.DefaultTransport.RoundTrip(req)
|
return t.inner.RoundTrip(req)
|
||||||
|
}
|
||||||
|
func newTransport(inner http.RoundTripper, headers map[string]string) *transport {
|
||||||
|
return &transport{
|
||||||
|
inner: inner,
|
||||||
|
headers: headers,
|
||||||
}
|
}
|
||||||
func newTransport(headers map[string]string) *transport {
|
|
||||||
return &transport{headers}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,6 +14,8 @@ import (
|
||||||
goldap "github.com/go-ldap/ldap/v3"
|
goldap "github.com/go-ldap/ldap/v3"
|
||||||
httptransport "github.com/go-openapi/runtime/client"
|
httptransport "github.com/go-openapi/runtime/client"
|
||||||
"github.com/nmcclain/ldap"
|
"github.com/nmcclain/ldap"
|
||||||
|
"goauthentik.io/outpost/pkg"
|
||||||
|
"goauthentik.io/outpost/pkg/ak"
|
||||||
"goauthentik.io/outpost/pkg/client/core"
|
"goauthentik.io/outpost/pkg/client/core"
|
||||||
"goauthentik.io/outpost/pkg/client/flows"
|
"goauthentik.io/outpost/pkg/client/flows"
|
||||||
"goauthentik.io/outpost/pkg/models"
|
"goauthentik.io/outpost/pkg/models"
|
||||||
|
@ -61,7 +63,7 @@ func (pi *ProviderInstance) Bind(username string, bindDN, bindPW string, conn ne
|
||||||
// Create new http client that also sets the correct ip
|
// Create new http client that also sets the correct ip
|
||||||
client := &http.Client{
|
client := &http.Client{
|
||||||
Jar: jar,
|
Jar: jar,
|
||||||
Transport: newTransport(map[string]string{
|
Transport: newTransport(ak.SetUserAgent(ak.GetTLSTransport(), pkg.UserAgent()), map[string]string{
|
||||||
"X-authentik-remote-ip": host,
|
"X-authentik-remote-ip": host,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue