feat: proxy auth support (#485)
* Change the order of commands to be able to cache more layers in case of multiple builds triggered in a row
* Fix #471
* Format Code
* Revert "Change the order of commands to be able to cache more layers in case of multiple builds triggered in a row"
This reverts commit 01362f34ee.
* Adjustment based on the review
* Rename "login-header" to "loginHeader" and prepare auth.method to accept "none" as a value
* Fixed line break
* Readd "lumberjack.v2" import which was removed by gofmt
Sorry - I do my tests and run "gofmt" before comitting the changes - It sadly seems like it is messing up the imports over and over again.
This commit is contained in:
maweck
Henrique Dias
+24
-2
@@ -51,20 +51,32 @@ func reCaptcha(host, secret, response string) (bool, error) {
|
||||
|
||||
// authHandler processes the authentication for the user.
|
||||
func authHandler(c *fb.Context, w http.ResponseWriter, r *http.Request) (int, error) {
|
||||
// NoAuth instances shouldn't call this method.
|
||||
if c.NoAuth {
|
||||
// NoAuth instances shouldn't call this method.
|
||||
return 0, nil
|
||||
}
|
||||
|
||||
if c.AuthMethod == "proxy" {
|
||||
// Receive the Username from the Header and check if it exists.
|
||||
u, err := c.Store.Users.GetByUsername(r.Header.Get(c.LoginHeader), c.NewFS)
|
||||
if err != nil {
|
||||
return http.StatusForbidden, nil
|
||||
}
|
||||
|
||||
c.User = u
|
||||
return printToken(c, w)
|
||||
}
|
||||
|
||||
// Receive the credentials from the request and unmarshal them.
|
||||
var cred cred
|
||||
|
||||
if r.Body == nil {
|
||||
return http.StatusForbidden, nil
|
||||
}
|
||||
|
||||
err := json.NewDecoder(r.Body).Decode(&cred)
|
||||
if err != nil {
|
||||
return http.StatusForbidden, nil
|
||||
return http.StatusForbidden, err
|
||||
}
|
||||
|
||||
// If ReCaptcha is enabled, check the code.
|
||||
@@ -171,6 +183,16 @@ func validateAuth(c *fb.Context, r *http.Request) (bool, *fb.User) {
|
||||
return true, c.User
|
||||
}
|
||||
|
||||
// If proxy auth is used do not verify the JWT token if the header is provided.
|
||||
if c.AuthMethod == "proxy" {
|
||||
u, err := c.Store.Users.GetByUsername(r.Header.Get(c.LoginHeader), c.NewFS)
|
||||
if err != nil {
|
||||
return false, nil
|
||||
}
|
||||
c.User = u
|
||||
return true, c.User
|
||||
}
|
||||
|
||||
keyFunc := func(token *jwt.Token) (interface{}, error) {
|
||||
return c.Key, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user