providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser

closes #3314

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-07-30 20:29:23 +02:00
parent 393d7ec486
commit fcf4657833
3 changed files with 7 additions and 3 deletions

View File

@ -8,7 +8,8 @@ SCOPE_AK_PROXY_EXPRESSION = """
# which are used for example for the HTTP-Basic Authentication mapping.
return {
"ak_proxy": {
"user_attributes": request.user.group_attributes(request)
"user_attributes": request.user.group_attributes(request),
"is_superuser": request.user.is_superuser,
}
}"""

View File

@ -3,6 +3,7 @@ package application
type ProxyClaims struct {
UserAttributes map[string]interface{} `json:"user_attributes"`
BackendOverride string `json:"backend_override"`
IsSuperuser bool `json:"is_superuser"`
}
type Claims struct {

View File

@ -20,8 +20,10 @@ func (a *Application) ErrorPage(rw http.ResponseWriter, r *http.Request, err str
Message: "Error proxying to upstream server",
ProxyPrefix: "/outpost.goauthentik.io",
}
if claims != nil && len(err) > 0 {
if claims != nil && claims.Proxy.IsSuperuser {
data.Message = err
} else {
data.Message = "Failed to connect to backend."
}
er := a.errorTemplates.Execute(rw, data)
if er != nil {
@ -34,6 +36,6 @@ func (a *Application) newProxyErrorHandler() func(http.ResponseWriter, *http.Req
return func(rw http.ResponseWriter, req *http.Request, proxyErr error) {
log.WithError(proxyErr).Warning("Error proxying to upstream server")
rw.WriteHeader(http.StatusBadGateway)
a.ErrorPage(rw, req, fmt.Sprintf("Error proxying to upstream server: %s", proxyErr.Error()))
a.ErrorPage(rw, req, fmt.Sprintf("Error proxying to upstream server: %v", proxyErr))
}
}