3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 10:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: allow redirects on deny (#2361)

Browse source
This commit is contained in:
Caleb Doxsey 2021-07-13 15:41:36 -06:00 committed by GitHub
parent b4b86dccb4
commit 360aa89505
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
authorize/grpc.go
View file

@ -67,11 +67,12 @@ func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRe
a.logAuthorizeCheck(ctx, in, out, res, s, u)
}()
denyStatusCode := int32(http.StatusForbidden)
denyStatusText := http.StatusText(http.StatusForbidden)
if res.Deny != nil {
return a.deniedResponse(ctx, in, int32(res.Deny.Status), res.Deny.Message, nil)
}
if res.Allow {
denyStatusCode = int32(res.Deny.Status)
denyStatusText = res.Deny.Message
} else if res.Allow {
return a.okResponse(res), nil
}
@ -81,7 +82,7 @@ func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRe
// if we're logged in, don't redirect, deny with forbidden
if req.Session.ID != "" {
return a.deniedResponse(ctx, in, http.StatusForbidden, http.StatusText(http.StatusForbidden), nil)
return a.deniedResponse(ctx, in, denyStatusCode, denyStatusText, nil)
}
return a.requireLoginResponse(ctx, in)