mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-03 01:48:02 +02:00
core/config: remove unnecessary authenticate route
This commit is contained in:
Caleb Doxsey
parent
ffca3b36a9
commit
cd61532e98
3 changed files with 29 additions and 20 deletions
|
|
@ -445,6 +445,16 @@ func Test_getAllDomains(t *testing.T) {
|
|||
assert.Equal(t, expect, actual)
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("exclude default authenticate", func(t *testing.T) {
|
||||
options := config.NewDefaultOptions()
|
||||
options.Policies = []config.Policy{
|
||||
{From: "https://a.example.com"},
|
||||
}
|
||||
actual, err := getAllRouteableHosts(options, ":443")
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, []string{"a.example.com", "a.example.com:443"}, actual)
|
||||
})
|
||||
}
|
||||
|
||||
func Test_urlMatchesHost(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -325,7 +325,6 @@ var defaultOptions = Options{
|
|||
GRPCAddr: ":443",
|
||||
GRPCClientTimeout: 10 * time.Second, // Try to withstand transient service failures for a single request
|
||||
GRPCClientDNSRoundRobin: true,
|
||||
AuthenticateURLString: "https://authenticate.pomerium.app",
|
||||
AuthenticateCallbackPath: "/oauth2/callback",
|
||||
TracingSampleRate: 0.0001,
|
||||
|
||||
|
|
@ -806,17 +805,17 @@ func (o *Options) GetDeriveInternalDomain() string {
|
|||
|
||||
// GetAuthenticateURL returns the AuthenticateURL in the options or 127.0.0.1.
|
||||
func (o *Options) GetAuthenticateURL() (*url.URL, error) {
|
||||
rawurl := o.AuthenticateURLString
|
||||
if rawurl == "" {
|
||||
rawurl = "https://127.0.0.1"
|
||||
rawURL := o.AuthenticateURLString
|
||||
if rawURL == "" {
|
||||
rawURL = "https://authenticate.pomerium.app"
|
||||
}
|
||||
return urlutil.ParseAndValidateURL(rawurl)
|
||||
return urlutil.ParseAndValidateURL(rawURL)
|
||||
}
|
||||
|
||||
// GetInternalAuthenticateURL returns the internal AuthenticateURL in the options or the AuthenticateURL.
|
||||
func (o *Options) GetInternalAuthenticateURL() (*url.URL, error) {
|
||||
rawurl := o.AuthenticateInternalURLString
|
||||
if rawurl == "" {
|
||||
rawURL := o.AuthenticateInternalURLString
|
||||
if rawURL == "" {
|
||||
return o.GetAuthenticateURL()
|
||||
}
|
||||
return urlutil.ParseAndValidateURL(o.AuthenticateInternalURLString)
|
||||
|
|
@ -1210,18 +1209,22 @@ func (o *Options) GetAllRouteableGRPCHosts() ([]string, error) {
|
|||
func (o *Options) GetAllRouteableHTTPHosts() ([]string, error) {
|
||||
hosts := sets.NewSorted[string]()
|
||||
if IsAuthenticate(o.Services) {
|
||||
if o.AuthenticateInternalURLString != "" {
|
||||
authenticateURL, err := o.GetInternalAuthenticateURL()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
hosts.Add(urlutil.GetDomainsForURL(authenticateURL)...)
|
||||
}
|
||||
|
||||
authenticateURL, err = o.GetAuthenticateURL()
|
||||
if o.AuthenticateURLString != "" {
|
||||
authenticateURL, err := o.GetAuthenticateURL()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
hosts.Add(urlutil.GetDomainsForURL(authenticateURL)...)
|
||||
}
|
||||
}
|
||||
|
||||
// policy urls
|
||||
if IsProxy(o.Services) {
|
||||
|
|
|
|||
|
|
@ -411,7 +411,6 @@ func TestOptionsFromViper(t *testing.T) {
|
|||
CookieSecure: true,
|
||||
InsecureServer: true,
|
||||
CookieHTTPOnly: true,
|
||||
AuthenticateURLString: "https://authenticate.pomerium.app",
|
||||
AuthenticateCallbackPath: "/oauth2/callback",
|
||||
DataBrokerStorageType: "memory",
|
||||
EnvoyAdminAccessLogPath: os.DevNull,
|
||||
|
|
@ -425,7 +424,6 @@ func TestOptionsFromViper(t *testing.T) {
|
|||
&Options{
|
||||
Policies: []Policy{{From: "https://from.example", To: mustParseWeightedURLs(t, "https://to.example")}},
|
||||
CookieName: "_pomerium",
|
||||
AuthenticateURLString: "https://authenticate.pomerium.app",
|
||||
AuthenticateCallbackPath: "/oauth2/callback",
|
||||
CookieSecure: true,
|
||||
CookieHTTPOnly: true,
|
||||
|
|
@ -848,9 +846,7 @@ func TestOptions_DefaultURL(t *testing.T) {
|
|||
f func() (*url.URL, error)
|
||||
expectedURLStr string
|
||||
}{
|
||||
{"default authenticate url", defaultOptions.GetAuthenticateURL, "https://127.0.0.1"},
|
||||
{"default authorize url", defaultOptions.GetAuthenticateURL, "https://127.0.0.1"},
|
||||
{"default databroker url", defaultOptions.GetAuthenticateURL, "https://127.0.0.1"},
|
||||
{"default authenticate url", defaultOptions.GetAuthenticateURL, "https://authenticate.pomerium.app"},
|
||||
{"good authenticate url", opts.GetAuthenticateURL, "https://authenticate.example.com"},
|
||||
{"good authorize url", firstURL(opts.GetAuthorizeURLs), "https://authorize.example.com"},
|
||||
{"good databroker url", firstURL(opts.GetDataBrokerURLs), "https://databroker.example.com"},
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue