3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-06 21:04:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: use impersonate email/groups in JWT (#1364)

Browse source
This commit is contained in:
Caleb Doxsey 2020-09-02 13:50:46 -06:00 committed by GitHub
parent 4fb90fabe8
commit 0a2638e5dc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
authorize/evaluator/evaluator.go
View file

@ -231,6 +231,14 @@ func (e *Evaluator) JWTPayload(req *Request) map[string]interface{} {
payload["groups"] = groups
}
}
if req.Session.ImpersonateEmail != "" {
payload["email"] = req.Session.ImpersonateEmail
}
if len(req.Session.ImpersonateGroups) > 0 {
payload["groups"] = req.Session.ImpersonateGroups
}
return payload
}

16
authorize/evaluator/evaluator_test.go
View file

@ -247,6 +247,22 @@ func TestEvaluator_JWTPayload(t *testing.T) {
"groups": []string{"group1", "group2", "admin", "test"},
},
},
{
"with impersonate",
&Request{
HTTP: RequestHTTP{URL: "https://example.com"},
Session: RequestSession{
ImpersonateEmail: "user@example.com",
ImpersonateGroups: []string{"admin", "test"},
},
},
map[string]interface{}{
"iss": "authn.example.com",
"aud": "example.com",
"email": "user@example.com",
"groups": []string{"admin", "test"},
},
},
}
for _, tc := range tests {