Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setting created_by/updated_by via header #300

Merged
merged 4 commits into from
Nov 7, 2019
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions pkg/config/env.go
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,10 @@ var Config = struct {
// "HS256" and "RS256" supported
JWTAuthSigningMethod string `env:"FLAGR_JWT_AUTH_SIGNING_METHOD" envDefault:"HS256"`

// auth proxy in front of flagr to identify user
AuthProxyEnabled bool `env:"FLAGR_AUTH_PROXY_ENABLED" envDefault:"false"`
pacoguzman marked this conversation as resolved.
Show resolved Hide resolved
AuthProxyHeader string `env:"FLAGR_AUTH_PROXY_HEADER" envDefault:"X-Email"`

// WebPrefix - base path for web and API
// e.g. FLAGR_WEB_PREFIX=/foo
// UI path => localhost:18000/foo"
Expand Down
26 changes: 0 additions & 26 deletions pkg/handler/jwt.go

This file was deleted.

32 changes: 32 additions & 0 deletions pkg/handler/subject.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
package handler

import (
"net/http"

"github.com/checkr/flagr/pkg/config"
"github.com/checkr/flagr/pkg/util"

jwt "github.com/dgrijalva/jwt-go"
)

func getSubjectFromRequest(r *http.Request) string {
if r == nil {
return ""
}

if config.Config.JWTAuthEnabled {
token, ok := r.Context().Value(config.Config.JWTAuthUserProperty).(*jwt.Token)
if !ok {
return ""
}

if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
return util.SafeString(claims[config.Config.JWTAuthUserClaim])
}

} else if config.Config.AuthProxyEnabled {
return r.Header.Get(config.Config.AuthProxyHeader)
}

return ""
}
18 changes: 17 additions & 1 deletion pkg/handler/jwt_test.go → pkg/handler/subject_test.go
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@

package handler

import (
Expand All @@ -10,9 +11,11 @@ import (
"github.com/stretchr/testify/assert"
)

func TestGetSubjectFromRequest(t *testing.T) {
func TestGetSubjectFromJWT(t *testing.T) {
var ctx context.Context

config.Config.JWTAuthEnabled = true
pacoguzman marked this conversation as resolved.
Show resolved Hide resolved

r, _ := http.NewRequest("GET", "", nil)
assert.Equal(t, getSubjectFromRequest(r), "")

Expand All @@ -30,3 +33,16 @@ func TestGetSubjectFromRequest(t *testing.T) {
})
assert.Equal(t, getSubjectFromRequest(r.WithContext(ctx)), "[email protected]")
}

func TestGetSubjectFromOauthProxy(t *testing.T) {
var ctx = context.Background()

config.Config.JWTAuthEnabled = false
config.Config.AuthProxyEnabled = true
pacoguzman marked this conversation as resolved.
Show resolved Hide resolved

r, _ := http.NewRequest("GET", "", nil)
assert.Equal(t, getSubjectFromRequest(r), "")

r.Header.Set("X-Email", "[email protected]")
pacoguzman marked this conversation as resolved.
Show resolved Hide resolved
assert.Equal(t, getSubjectFromRequest(r.WithContext(ctx)), "[email protected]")
}