3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-05 04:13:11 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize,proxy: allow traefik forward auth without uri query (#1103)

Browse source 
In #1030, the fix was done without aware of the context that traefik
forward auth mode did allow request without the "?uri=". Previosuly,
this is done in proxy, and by converting the forward auth request to
actual request. The fix is #1030 prevent this conversion, to makre
authorize service aware of which is forward auth request.

But that causes traefik forward auth without "?uri" stop working. Fixing
it by making the authorize service also honor the forwarded uri header,
too.

Fixes #1096
This commit is contained in:
Cuong Manh Le 2020-07-21 00:58:14 +07:00 committed by GitHub
parent e85226b609
commit e8d3ce1a2e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

29
authorize/grpc_test.go
View file

@ -10,6 +10,7 @@ import (
"github.com/pomerium/pomerium/authorize/evaluator"
"github.com/pomerium/pomerium/config"
"github.com/pomerium/pomerium/internal/encoding/jws"
"github.com/pomerium/pomerium/internal/httputil"
)
const certPEM = `
@ -127,21 +128,29 @@ func Test_handleForwardAuth(t *testing.T) {
},
Request: &envoy_service_auth_v2.AttributeContext_Request{
Http: &envoy_service_auth_v2.AttributeContext_HttpRequest{
Method: "GET",
Path: "/verify?uri=" + url.QueryEscape("https://example.com?q=foo"),
Host: "forward-auth.example.com",
Scheme: "https",
Headers: map[string]string{"X-Forwarded-Uri": "/foo/bar"},
Method: "GET",
Path: "/",
Host: "forward-auth.example.com",
Scheme: "https",
Headers: map[string]string{
httputil.HeaderForwardedURI: "/foo/bar",
httputil.HeaderForwardedProto: "https",
httputil.HeaderForwardedHost: "example.com",
},
},
},
},
},
attrCtxHTTPReq: &envoy_service_auth_v2.AttributeContext_HttpRequest{
Method: "GET",
Path: "/foo/bar?q=foo",
Host: "example.com",
Scheme: "https",
Headers: map[string]string{"X-Forwarded-Uri": "/foo/bar"},
Method: "GET",
Path: "/foo/bar",
Host: "example.com",
Scheme: "https",
Headers: map[string]string{
httputil.HeaderForwardedURI: "/foo/bar",
httputil.HeaderForwardedProto: "https",
httputil.HeaderForwardedHost: "example.com",
},
},
forwardAuthURL: "https://forward-auth.example.com",
isForwardAuth: true,