Don't pass the Authorization header to the backends

2018-07-16 13:52:03 +02:00 · 2018-07-16 13:52:03 +02:00 · 9ce444b91a
commit 9ce444b91a
parent ae8be89767
40 changed files with 445 additions and 130 deletions
--- a/provider/label/names.go
+++ b/provider/label/names.go
@ -37,9 +37,11 @@ const (
 	SuffixFrontend                                  = "frontend"
 	SuffixFrontendAuth                              = SuffixFrontend + ".auth"
 	SuffixFrontendAuthBasic                         = SuffixFrontendAuth + ".basic"
+	SuffixFrontendAuthBasicRemoveHeader             = SuffixFrontendAuthBasic + ".removeHeader"
 	SuffixFrontendAuthBasicUsers                    = SuffixFrontendAuthBasic + ".users"
 	SuffixFrontendAuthBasicUsersFile                = SuffixFrontendAuthBasic + ".usersFile"
 	SuffixFrontendAuthDigest                        = SuffixFrontendAuth + ".digest"
+	SuffixFrontendAuthDigestRemoveHeader            = SuffixFrontendAuthDigest + ".removeHeader"
 	SuffixFrontendAuthDigestUsers                   = SuffixFrontendAuthDigest + ".users"
 	SuffixFrontendAuthDigestUsersFile               = SuffixFrontendAuthDigest + ".usersFile"
 	SuffixFrontendAuthForward                       = SuffixFrontendAuth + ".forward"
@ -123,9 +125,11 @@ const (
 	TraefikFrontend                                 = Prefix + SuffixFrontend
 	TraefikFrontendAuth                             = Prefix + SuffixFrontendAuth
 	TraefikFrontendAuthBasic                        = Prefix + SuffixFrontendAuthBasic
+	TraefikFrontendAuthBasicRemoveHeader            = Prefix + SuffixFrontendAuthBasicRemoveHeader
 	TraefikFrontendAuthBasicUsers                   = Prefix + SuffixFrontendAuthBasicUsers
 	TraefikFrontendAuthBasicUsersFile               = Prefix + SuffixFrontendAuthBasicUsersFile
 	TraefikFrontendAuthDigest                       = Prefix + SuffixFrontendAuthDigest
+	TraefikFrontendAuthDigestRemoveHeader           = Prefix + SuffixFrontendAuthDigestRemoveHeader
 	TraefikFrontendAuthDigestUsers                  = Prefix + SuffixFrontendAuthDigestUsers
 	TraefikFrontendAuthDigestUsersFile              = Prefix + SuffixFrontendAuthDigestUsersFile
 	TraefikFrontendAuthForward                      = Prefix + SuffixFrontendAuthForward
--- a/provider/label/partial.go
+++ b/provider/label/partial.go
@ -84,7 +84,8 @@ func GetAuth(labels map[string]string) *types.Auth {
 // getAuthBasic Create Basic Auth from labels
 func getAuthBasic(labels map[string]string) *types.Basic {
 	basicAuth := &types.Basic{
-		UsersFile: GetStringValue(labels, TraefikFrontendAuthBasicUsersFile, ""),
+		UsersFile:    GetStringValue(labels, TraefikFrontendAuthBasicUsersFile, ""),
+		RemoveHeader: GetBoolValue(labels, TraefikFrontendAuthBasicRemoveHeader, false),
 	}

 	// backward compatibility
@ -101,8 +102,9 @@ func getAuthBasic(labels map[string]string) *types.Basic {
 // getAuthDigest Create Digest Auth from labels
 func getAuthDigest(labels map[string]string) *types.Digest {
 	return &types.Digest{
-		Users:     GetSliceStringValue(labels, TraefikFrontendAuthDigestUsers),
-		UsersFile: GetStringValue(labels, TraefikFrontendAuthDigestUsersFile, ""),
+		Users:        GetSliceStringValue(labels, TraefikFrontendAuthDigestUsers),
+		UsersFile:    GetStringValue(labels, TraefikFrontendAuthDigestUsersFile, ""),
+		RemoveHeader: GetBoolValue(labels, TraefikFrontendAuthDigestRemoveHeader, false),
 	}
 }

--- a/provider/label/partial_test.go
+++ b/provider/label/partial_test.go
@ -735,25 +735,27 @@ func TestGetAuth(t *testing.T) {
 		{
 			desc: "should return a basic auth",
 			labels: map[string]string{
-				TraefikFrontendAuthHeaderField:    "myHeaderField",
-				TraefikFrontendAuthBasicUsers:     "user:pwd,user2:pwd2",
-				TraefikFrontendAuthBasicUsersFile: "myUsersFile",
+				TraefikFrontendAuthHeaderField:       "myHeaderField",
+				TraefikFrontendAuthBasicUsers:        "user:pwd,user2:pwd2",
+				TraefikFrontendAuthBasicUsersFile:    "myUsersFile",
+				TraefikFrontendAuthBasicRemoveHeader: "true",
 			},
 			expected: &types.Auth{
 				HeaderField: "myHeaderField",
-				Basic:       &types.Basic{UsersFile: "myUsersFile", Users: []string{"user:pwd", "user2:pwd2"}},
+				Basic:       &types.Basic{UsersFile: "myUsersFile", Users: []string{"user:pwd", "user2:pwd2"}, RemoveHeader: true},
 			},
 		},
 		{
 			desc: "should return a digest auth",
 			labels: map[string]string{
-				TraefikFrontendAuthHeaderField:     "myHeaderField",
-				TraefikFrontendAuthDigestUsers:     "user:pwd,user2:pwd2",
-				TraefikFrontendAuthDigestUsersFile: "myUsersFile",
+				TraefikFrontendAuthDigestRemoveHeader: "true",
+				TraefikFrontendAuthHeaderField:        "myHeaderField",
+				TraefikFrontendAuthDigestUsers:        "user:pwd,user2:pwd2",
+				TraefikFrontendAuthDigestUsersFile:    "myUsersFile",
 			},
 			expected: &types.Auth{
 				HeaderField: "myHeaderField",
-				Digest:      &types.Digest{UsersFile: "myUsersFile", Users: []string{"user:pwd", "user2:pwd2"}},
+				Digest:      &types.Digest{UsersFile: "myUsersFile", Users: []string{"user:pwd", "user2:pwd2"}, RemoveHeader: true},
 			},
 		},
 		{