diff --git a/authorize/evaluator/headers_evaluator.go b/authorize/evaluator/headers_evaluator.go index 9ff615b4c..95ee8ea52 100644 --- a/authorize/evaluator/headers_evaluator.go +++ b/authorize/evaluator/headers_evaluator.go @@ -123,10 +123,10 @@ func NewHeadersEvaluator(ctx context.Context, store *store.Store, options ...fun } // Evaluate evaluates the headers.rego script. -func (e *HeadersEvaluator) Evaluate(ctx context.Context, req *HeadersRequest) (*HeadersResponse, error) { +func (e *HeadersEvaluator) Evaluate(ctx context.Context, req *HeadersRequest, options ...rego.EvalOption) (*HeadersResponse, error) { ctx, span := trace.StartSpan(ctx, "authorize.HeadersEvaluator.Evaluate") defer span.End() - rs, err := safeEval(ctx, e.q, rego.EvalInput(req)) + rs, err := safeEval(ctx, e.q, append([]rego.EvalOption{rego.EvalInput(req)}, options...)...) if err != nil { return nil, fmt.Errorf("authorize: error evaluating headers.rego: %w", err) } diff --git a/authorize/evaluator/headers_evaluator_test.go b/authorize/evaluator/headers_evaluator_test.go index fb04be425..64c8e4940 100644 --- a/authorize/evaluator/headers_evaluator_test.go +++ b/authorize/evaluator/headers_evaluator_test.go @@ -75,7 +75,7 @@ func TestHeadersEvaluator(t *testing.T) { publicJWK, err := cryptutil.PublicJWKFromBytes(encodedSigningKey) require.NoError(t, err) - evalTime := time.Now().Round(time.Second) + iat := time.Unix(1686870680, 0) eval := func(t *testing.T, data []proto.Message, input *HeadersRequest) (*HeadersResponse, error) { ctx := context.Background() @@ -83,13 +83,11 @@ func TestHeadersEvaluator(t *testing.T) { store := store.New() store.UpdateJWTClaimHeaders(config.NewJWTClaimHeaders("email", "groups", "user", "CUSTOM_KEY")) store.UpdateSigningKey(privateJWK) - e, err := NewHeadersEvaluator(ctx, store, rego.Time(evalTime)) + e, err := NewHeadersEvaluator(ctx, store, rego.Time(iat)) require.NoError(t, err) - return e.Evaluate(ctx, input) + return e.Evaluate(ctx, input, rego.EvalTime(iat)) } - iat := time.Unix(1686870680, 0) - t.Run("jwt", func(t *testing.T) { output, err := eval(t, []proto.Message{ @@ -122,9 +120,9 @@ func TestHeadersEvaluator(t *testing.T) { require.NoError(t, err) // The 'iat' and 'exp' claims are set based on the current time. - assert.Equal(t, json.Number(fmt.Sprint(evalTime.Unix())), jwtPayloadDecoded["iat"], + assert.Equal(t, json.Number(fmt.Sprint(iat.Unix())), jwtPayloadDecoded["iat"], "unexpected 'iat' timestamp format") - assert.Equal(t, json.Number(fmt.Sprint(evalTime.Add(5*time.Minute).Unix())), jwtPayloadDecoded["exp"], + assert.Equal(t, json.Number(fmt.Sprint(iat.Add(5*time.Minute).Unix())), jwtPayloadDecoded["exp"], "unexpected 'exp' timestamp format") rawJWT, err := jwt.ParseSigned(jwtHeader) diff --git a/ui/src/components/Header.tsx b/ui/src/components/Header.tsx index 2320bbbc9..d9ab1a821 100644 --- a/ui/src/components/Header.tsx +++ b/ui/src/components/Header.tsx @@ -68,6 +68,11 @@ const Header: FC = ({ includeSidebar, data }) => { setDrawerOpen(false); }; + const handleUserInfo = (evt: React.MouseEvent): void => { + evt.preventDefault(); + window.open("/.pomerium/"); + }; + const handleLogout = (evt: React.MouseEvent): void => { evt.preventDefault(); location.href = "/.pomerium/sign_out"; @@ -139,6 +144,7 @@ const Header: FC = ({ includeSidebar, data }) => { open={!!anchorEl} anchorEl={anchorEl} > + User Info Logout