remove forward auth (#3628)

2025-06-25 22:18:23 +02:00 · 2022-11-23 15:59:28 -07:00 · 2022-11-23 15:59:28 -07:00 · fa26587f19
commit fa26587f19
parent ba07afc245
68 changed files with 302 additions and 5072 deletions
--- a/integration/flows/flows.go
+++ b/integration/flows/flows.go
@ -13,16 +13,14 @@ import (
 	"time"

 	"github.com/pomerium/pomerium/integration/forms"
-	"github.com/pomerium/pomerium/internal/log"
 	"github.com/pomerium/pomerium/internal/urlutil"
 )

 const (
-	authenticateHostname        = "authenticate.localhost.pomerium.io"
-	forwardAuthenticateHostname = "forward-authenticate.localhost.pomerium.io"
-	idpHostname                 = "mock-idp.localhost.pomerium.io"
-	pomeriumCallbackPath        = "/.pomerium/callback/"
-	pomeriumAPIPath             = "/.pomerium/api/v1/login"
+	authenticateHostname = "authenticate.localhost.pomerium.io"
+	idpHostname          = "mock-idp.localhost.pomerium.io"
+	pomeriumCallbackPath = "/.pomerium/callback/"
+	pomeriumAPIPath      = "/.pomerium/api/v1/login"
 )

 type authenticateConfig struct {
@ -30,7 +28,6 @@ type authenticateConfig struct {
 	groups          []string
 	tokenExpiration time.Duration
 	apiPath         string
-	forwardAuth     bool
 }

 // An AuthenticateOption is an option for authentication.
@ -48,13 +45,6 @@ func getAuthenticateConfig(options ...AuthenticateOption) *authenticateConfig {
 	return cfg
 }

-// WithForwardAuth enables/disables forward auth.
-func WithForwardAuth(fa bool) AuthenticateOption {
-	return func(cfg *authenticateConfig) {
-		cfg.forwardAuth = fa
-	}
-}
-
 // WithEmail sets the email to use.
 func WithEmail(email string) AuthenticateOption {
 	return func(cfg *authenticateConfig) {
@ -145,7 +135,7 @@ func Authenticate(ctx context.Context, client *http.Client, url *url.URL, option
 	}

 	// (2) redirect to idp
-	for req.URL.Hostname() == authenticateHostname || req.URL.Hostname() == forwardAuthenticateHostname {
+	for req.URL.Hostname() == authenticateHostname {
 		res, err = client.Do(req)
 		if err != nil {
 			return nil, err
@ -201,34 +191,10 @@ func Authenticate(ctx context.Context, client *http.Client, url *url.URL, option
 	}

 	// (5) finally to callback
-	if !cfg.forwardAuth && req.URL.Path != pomeriumCallbackPath {
+	if req.URL.Path != pomeriumCallbackPath {
 		return nil, fmt.Errorf("expected to redirect 5 back to %s, but got %s", pomeriumCallbackPath, req.URL.String())
 	}

-	if cfg.forwardAuth {
-		for i := 0; ; i++ {
-			res, err = client.Do(req)
-			if err != nil {
-				return nil, err
-			}
-			defer res.Body.Close()
-			if res.StatusCode != 302 {
-				break
-			}
-			originalURL := req.URL.String()
-			req, err = requestFromRedirectResponse(ctx, res, req)
-			if err != nil {
-				return nil, fmt.Errorf("expected redirect to %s: %w", originalHostname, err)
-			}
-			log.Info(ctx).
-				Int("count", i).
-				Str("from", originalURL).
-				Str("to", req.URL.String()).
-				Msg("forward-auth redirect")
-		}
-		return res, err
-	}
-
 	res, err = client.Do(req)
 	if err != nil {
 		return nil, err