3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-16 18:47:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

proxy: fix unauthorized redirect loop (fwdauth) (#448)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone 2020-01-11 10:23:50 -08:00 committed by GitHub
parent 8b7f344e01
commit f0d811f2bb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 38 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

4
proxy/middleware.go
View file

@ -142,13 +142,13 @@ func (p *Proxy) AuthorizeSession(next http.Handler) http.Handler {
func (p *Proxy) authorize(host string, r *http.Request) error {
s, err := sessions.FromContext(r.Context())
if err != nil {
return httputil.NewError(http.StatusUnauthorized, err)
return httputil.NewError(http.StatusInternalServerError, err)
}
authorized, err := p.AuthorizeClient.Authorize(r.Context(), host, s)
if err != nil {
return err
} else if !authorized {
return httputil.NewError(http.StatusUnauthorized, fmt.Errorf("%s is not authorized for %s", s.RequestEmail(), host))
return httputil.NewError(http.StatusForbidden, fmt.Errorf("%s is not authorized for %s", s.RequestEmail(), host))
}
return nil
}