From 4ae98a0cdc393202cc5850fddfebac335504e754 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20M=C3=BCller?= Date: Tue, 1 Nov 2022 18:52:17 +0100 Subject: [PATCH] Allow basic-auth for programmatic access --- internal/sessions/header/header_store.go | 23 ++++++++++++++----- internal/sessions/header/header_store_test.go | 6 +++++ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/internal/sessions/header/header_store.go b/internal/sessions/header/header_store.go index f04ab069c..7c33125b9 100644 --- a/internal/sessions/header/header_store.go +++ b/internal/sessions/header/header_store.go @@ -3,6 +3,7 @@ package header import ( + "encoding/base64" "net/http" "strings" @@ -47,17 +48,27 @@ func TokenFromHeaders(r *http.Request) string { return jwt } - bearer := r.Header.Get(httputil.HeaderAuthorization) + authHeader := r.Header.Get(httputil.HeaderAuthorization) + // Authorization: Basic enc64 + prefix := "Basic " + if strings.HasPrefix(authHeader, prefix) { + userPassword, _ := base64.StdEncoding.DecodeString(authHeader[len(prefix):]) + userPrefix := "pomerium:" + if strings.HasPrefix(string(userPassword), userPrefix) { + return string(userPassword[len(userPrefix):]) + } + } + // Authorization: Pomerium - prefix := httputil.AuthorizationTypePomerium + " " - if strings.HasPrefix(bearer, prefix) { - return bearer[len(prefix):] + prefix = httputil.AuthorizationTypePomerium + " " + if strings.HasPrefix(authHeader, prefix) { + return authHeader[len(prefix):] } // Authorization: Bearer Pomerium- prefix = "Bearer " + httputil.AuthorizationTypePomerium + "-" - if strings.HasPrefix(bearer, prefix) { - return bearer[len(prefix):] + if strings.HasPrefix(authHeader, prefix) { + return authHeader[len(prefix):] } return "" diff --git a/internal/sessions/header/header_store_test.go b/internal/sessions/header/header_store_test.go index 7acf526bf..f38d4203c 100644 --- a/internal/sessions/header/header_store_test.go +++ b/internal/sessions/header/header_store_test.go @@ -26,4 +26,10 @@ func TestTokenFromHeader(t *testing.T) { v := TokenFromHeaders(r) assert.Equal(t, "JWT", v) }) + t.Run("basic auth", func(t *testing.T) { + r, _ := http.NewRequest("GET", "http://localhost/some/url", nil) + r.SetBasicAuth("pomerium", "JWT") + v := TokenFromHeaders(r) + assert.Equal(t, "JWT", v) + }) }