mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-02 11:56:02 +02:00
8d1732582e
authenticate: unmarshal and verify state from jwt, instead of middleware
authorize: embed opa policy using statik
authorize: have IsAuthorized handle authorization for all routes
authorize: if no signing key is provided, one is generated
authorize: remove IsAdmin grpc endpoint
authorize/client: return authorize decision struct
cmd/pomerium: main logger no longer contains email and group
cryptutil: add ECDSA signing methods
dashboard: have impersonate form show up for all users, but have api gated by authz
docs: fix typo in signed jwt header
encoding/jws: remove unused es256 signer
frontend: namespace static web assets
internal/sessions: remove leeway to match authz policy
proxy: move signing functionality to authz
proxy: remove jwt attestation from proxy (authZ does now)
proxy: remove non-signed headers from headers
proxy: remove special handling of x-forwarded-host
sessions: do not verify state in middleware
sessions: remove leeway from state to match authz
sessions/{all}: store jwt directly instead of state
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
27 lines
727 B
Go
27 lines
727 B
Go
package client
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
|
|
pb "github.com/pomerium/pomerium/internal/grpc/authorize"
|
|
)
|
|
|
|
var _ Authorizer = &MockAuthorize{}
|
|
|
|
// MockAuthorize provides a mocked implementation of the authorizer interface.
|
|
type MockAuthorize struct {
|
|
AuthorizeResponse *pb.IsAuthorizedReply
|
|
AuthorizeError error
|
|
IsAdminResponse bool
|
|
IsAdminError error
|
|
CloseError error
|
|
}
|
|
|
|
// Close is a mocked authorizer client function.
|
|
func (a MockAuthorize) Close() error { return a.CloseError }
|
|
|
|
// Authorize is a mocked authorizer client function.
|
|
func (a MockAuthorize) Authorize(ctx context.Context, user string, r *http.Request) (*pb.IsAuthorizedReply, error) {
|
|
return a.AuthorizeResponse, a.AuthorizeError
|
|
}
|