3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-04 01:09:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: support kubernetes (#62)

Browse source 
- cmd/pomerium: made ping a toplevel route for all services.
- docs: updated kubernetes script and corresponding configuration yaml's
This commit is contained in:
Bobby DeSimone 2019-03-12 15:31:17 -07:00 committed by GitHub
parent c13459bb88
commit 0a501b61ed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 115 additions and 202 deletions
Download patch file Download diff file Expand all files Collapse all files

35
internal/options/email_validator.go
View file

@ -1,35 +0,0 @@
package options // import "github.com/pomerium/pomerium/internal/options"
import (
"fmt"
"strings"
)
// NewEmailValidator returns a function that checks whether a given email is valid based on a list
// of domains. The domain "*" is a wild card that matches any non-empty email.
func NewEmailValidator(domains []string) func(string) bool {
allowAll := false
for i, domain := range domains {
if domain == "*" {
allowAll = true
}
domains[i] = fmt.Sprintf("@%s", strings.ToLower(domain))
}
if allowAll {
return func(email string) bool { return email != "" }
}
return func(email string) bool {
if email == "" {
return false
}
email = strings.ToLower(email)
for _, domain := range domains {
if strings.HasSuffix(email, domain) {
return true
}
}
return false
}
}

121
internal/options/email_validator_test.go
View file

@ -1,121 +0,0 @@
package options // import "github.com/pomerium/pomerium/internal/options"
import (
"testing"
)
func TestEmailValidatorValidator(t *testing.T) {
testCases := []struct {
name string
domains []string
email string
expectValid bool
}{
{
name: "nothing should validate when domain list is empty",
domains: []string(nil),
email: "foo@example.com",
expectValid: false,
},
{
name: "single domain validation",
domains: []string{"example.com"},
email: "foo@example.com",
expectValid: true,
},
{
name: "substring matches are rejected",
domains: []string{"example.com"},
email: "foo@hackerexample.com",
expectValid: false,
},
{
name: "no subdomain rollup happens",
domains: []string{"example.com"},
email: "foo@bar.example.com",
expectValid: false,
},
{
name: "multiple domain validation still rejects other domains",
domains: []string{"abc.com", "xyz.com"},
email: "foo@example.com",
expectValid: false,
},
{
name: "multiple domain validation still accepts emails from either domain",
domains: []string{"abc.com", "xyz.com"},
email: "foo@abc.com",
expectValid: true,
},
{
name: "multiple domain validation still rejects other domains",
domains: []string{"abc.com", "xyz.com"},
email: "bar@xyz.com",
expectValid: true,
},
{
name: "comparisons are case insensitive",
domains: []string{"Example.Com"},
email: "foo@example.com",
expectValid: true,
},
{
name: "comparisons are case insensitive",
domains: []string{"Example.Com"},
email: "foo@EXAMPLE.COM",
expectValid: true,
},
{
name: "comparisons are case insensitive",
domains: []string{"example.com"},
email: "foo@ExAmPlE.CoM",
expectValid: true,
},
{
name: "single wildcard allows all",
domains: []string{"*"},
email: "foo@example.com",
expectValid: true,
},
{
name: "single wildcard allows all",
domains: []string{"*"},
email: "bar@gmail.com",
expectValid: true,
},
{
name: "wildcard in list allows all",
domains: []string{"example.com", "*"},
email: "foo@example.com",
expectValid: true,
},
{
name: "wildcard in list allows all",
domains: []string{"example.com", "*"},
email: "foo@gmail.com",
expectValid: true,
},
{
name: "empty email rejected",
domains: []string{"example.com"},
email: "",
expectValid: false,
},
{
name: "wildcard still rejects empty emails",
domains: []string{"*"},
email: "",
expectValid: false,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
emailValidator := NewEmailValidator(tc.domains)
valid := emailValidator(tc.email)
if valid != tc.expectValid {
t.Fatalf("expected %v, got %v", tc.expectValid, valid)
}
})
}
}