From 31205c0c29f37284a80c43f00b9de8334c51d2c7 Mon Sep 17 00:00:00 2001 From: Cuong Manh Le Date: Tue, 18 Aug 2020 18:08:32 +0700 Subject: [PATCH] proxy: fix wrong applied middleware Validate signature middleware must be applied for the callback sub-router, not the whole dashboard router. Fixes #1297 --- integration/control_plane_test.go | 16 ++++++++++++++++ proxy/handlers.go | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/integration/control_plane_test.go b/integration/control_plane_test.go index 8b46ce0e8..659a84608 100644 --- a/integration/control_plane_test.go +++ b/integration/control_plane_test.go @@ -15,6 +15,22 @@ func TestDashboard(t *testing.T) { ctx, clearTimeout := context.WithTimeout(ctx, time.Second*30) defer clearTimeout() + t.Run("user dashboard", func(t *testing.T) { + client := testcluster.NewHTTPClient() + + req, err := http.NewRequestWithContext(ctx, "GET", "https://httpdetails.localhost.pomerium.io/.pomerium", nil) + if err != nil { + t.Fatal(err) + } + + res, err := client.Do(req) + if !assert.NoError(t, err, "unexpected http error") { + return + } + defer res.Body.Close() + + assert.Equal(t, http.StatusFound, res.StatusCode, "unexpected status code") + }) t.Run("image asset", func(t *testing.T) { client := testcluster.NewHTTPClient() diff --git a/proxy/handlers.go b/proxy/handlers.go index efdfe75d1..fee87f9a3 100644 --- a/proxy/handlers.go +++ b/proxy/handlers.go @@ -45,7 +45,7 @@ func (p *Proxy) registerDashboardHandlers(r *mux.Router) *mux.Router { // callback used to set route-scoped session and redirect back to destination // only accept signed requests (hmac) from other trusted pomerium services c := r.PathPrefix(dashboardPath + "/callback").Subrouter() - h.Use(func(h http.Handler) http.Handler { + c.Use(func(h http.Handler) http.Handler { return middleware.ValidateSignature(p.state.Load().sharedKey)(h) })