Don't pass the Authorization header to the backends
This commit is contained in:
Jean-Baptiste Doumenjou
Traefiker Bot
parent
ae8be89767
commit
9ce444b91a
40 changed files with 445 additions and 130 deletions
|
|
@ -37,9 +37,11 @@ const (
|
|||
pathFrontendBasicAuth = "/basicauth" // Deprecated
|
||||
pathFrontendAuth = "/auth/"
|
||||
pathFrontendAuthBasic = pathFrontendAuth + "basic/"
|
||||
pathFrontendAuthBasicRemoveHeader = pathFrontendAuthBasic + "removeheader"
|
||||
pathFrontendAuthBasicUsers = pathFrontendAuthBasic + "users"
|
||||
pathFrontendAuthBasicUsersFile = pathFrontendAuthBasic + "usersfile"
|
||||
pathFrontendAuthDigest = pathFrontendAuth + "digest/"
|
||||
pathFrontendAuthDigestRemoveHeader = pathFrontendAuthDigest + "removeheader"
|
||||
pathFrontendAuthDigestUsers = pathFrontendAuthDigest + "users"
|
||||
pathFrontendAuthDigestUsersFile = pathFrontendAuthDigest + "usersfile"
|
||||
pathFrontendAuthForward = pathFrontendAuth + "forward/"
|
||||
|
|
|
|||
|
|
@ -398,7 +398,8 @@ func (p *Provider) getAuth(rootPath string) *types.Auth {
|
|||
// getAuthBasic Create Basic Auth from path
|
||||
func (p *Provider) getAuthBasic(rootPath string) *types.Basic {
|
||||
basicAuth := &types.Basic{
|
||||
UsersFile: p.get("", rootPath, pathFrontendAuthBasicUsersFile),
|
||||
UsersFile: p.get("", rootPath, pathFrontendAuthBasicUsersFile),
|
||||
RemoveHeader: p.getBool(false, rootPath, pathFrontendAuthBasicRemoveHeader),
|
||||
}
|
||||
|
||||
// backward compatibility
|
||||
|
|
@ -415,8 +416,9 @@ func (p *Provider) getAuthBasic(rootPath string) *types.Basic {
|
|||
// getAuthDigest Create Digest Auth from path
|
||||
func (p *Provider) getAuthDigest(rootPath string) *types.Digest {
|
||||
return &types.Digest{
|
||||
Users: p.getList(rootPath, pathFrontendAuthDigestUsers),
|
||||
UsersFile: p.get("", rootPath, pathFrontendAuthDigestUsersFile),
|
||||
Users: p.getList(rootPath, pathFrontendAuthDigestUsers),
|
||||
UsersFile: p.get("", rootPath, pathFrontendAuthDigestUsersFile),
|
||||
RemoveHeader: p.getBool(false, rootPath, pathFrontendAuthDigestRemoveHeader),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -67,6 +67,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
frontend("frontend",
|
||||
withPair(pathFrontendBackend, "backend"),
|
||||
withPair(pathFrontendAuthHeaderField, "X-WebAuth-User"),
|
||||
withPair(pathFrontendAuthBasicRemoveHeader, "true"),
|
||||
withList(pathFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
|
||||
),
|
||||
backend("backend"),
|
||||
|
|
@ -87,6 +88,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
},
|
||||
|
|
@ -166,6 +168,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
frontend("frontend",
|
||||
withPair(pathFrontendBackend, "backend"),
|
||||
withPair(pathFrontendAuthHeaderField, "X-WebAuth-User"),
|
||||
withPair(pathFrontendAuthDigestRemoveHeader, "true"),
|
||||
withList(pathFrontendAuthDigestUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
|
||||
withPair(pathFrontendAuthDigestUsersFile, ".htpasswd"),
|
||||
),
|
||||
|
|
@ -187,6 +190,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Digest: &types.Digest{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
|
|
@ -279,8 +283,10 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
withPair(pathFrontendWhiteListUseXForwardedFor, "true"),
|
||||
|
||||
withList(pathFrontendBasicAuth, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
|
||||
withPair(pathFrontendAuthBasicRemoveHeader, "true"),
|
||||
withList(pathFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
|
||||
withPair(pathFrontendAuthBasicUsersFile, ".htpasswd"),
|
||||
withPair(pathFrontendAuthDigestRemoveHeader, "true"),
|
||||
withList(pathFrontendAuthDigestUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
|
||||
withPair(pathFrontendAuthDigestUsersFile, ".htpasswd"),
|
||||
withPair(pathFrontendAuthForwardAddress, "auth.server"),
|
||||
|
|
@ -398,6 +404,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
Auth: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
|
|
@ -2157,12 +2164,14 @@ func TestProviderGetAuth(t *testing.T) {
|
|||
rootPath: "traefik/frontends/foo",
|
||||
kvPairs: filler("traefik",
|
||||
frontend("foo",
|
||||
withPair(pathFrontendAuthBasicRemoveHeader, "true"),
|
||||
withList(pathFrontendAuthBasicUsers, "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"),
|
||||
withPair(pathFrontendAuthBasicUsersFile, ".htpasswd"),
|
||||
withPair(pathFrontendAuthHeaderField, "X-WebAuth-User"))),
|
||||
expected: &types.Auth{
|
||||
HeaderField: "X-WebAuth-User",
|
||||
Basic: &types.Basic{
|
||||
RemoveHeader: true,
|
||||
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"},
|
||||
UsersFile: ".htpasswd",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue