Drop fallback to email when user is empty (#537)
This commit is contained in:
parent
7cf685140b
commit
4e3dd09cf2
@ -25,9 +25,17 @@
|
||||
- [#535](https://github.com/oauth2-proxy/oauth2-proxy/pull/535) Drop support for pre v3.1 cookies
|
||||
- The encoding for session cookies was changed starting in v3.1.0, support for the previous encoding is now dropped
|
||||
- If you are upgrading from a version earlier than this, please upgrade via a version between v3.1.0 and v5.1.1
|
||||
- [#537](https://github.com/oauth2-proxy/oauth2-proxy/pull/537) Drop Fallback to Email if User not set
|
||||
- Previously, when a session was loaded, if the User was not set, it would be replaced by the Email.
|
||||
This behaviour was inconsistent as it required the session to be stored and then loaded to function properly.
|
||||
- This behaviour has now been removed and the User field will remain empty if it was not set when the session was saved.
|
||||
- In some scenarios `X-Forwarded-User` will now be empty. Use `X-Forwarded-Email` instead.
|
||||
- In some scenarios, this may break setting Basic Auth on upstream or responses.
|
||||
Use `--prefer-email-to-user` to restore falling back to the Email in these cases.
|
||||
|
||||
## Changes since v5.1.1
|
||||
|
||||
- [#537](https://github.com/oauth2-proxy/oauth2-proxy/pull/537) Drop Fallback to Email if User not set (@JoelSpeed)
|
||||
- [#535](https://github.com/oauth2-proxy/oauth2-proxy/pull/535) Drop support for pre v3.1 cookies (@JoelSpeed)
|
||||
- [#533](https://github.com/oauth2-proxy/oauth2-proxy/pull/487) Set up code coverage within Travis for Code Climate (@JoelSpeed)
|
||||
- [#514](https://github.com/oauth2-proxy/oauth2-proxy/pull/514) Add basic string functions to templates
|
||||
|
@ -1048,10 +1048,14 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
|
||||
}
|
||||
}
|
||||
if p.SetBasicAuth {
|
||||
if session.User != "" {
|
||||
switch {
|
||||
case p.PreferEmailToUser && session.Email != "":
|
||||
authVal := b64.StdEncoding.EncodeToString([]byte(session.Email + ":" + p.BasicAuthPassword))
|
||||
rw.Header().Set("Authorization", "Basic "+authVal)
|
||||
case session.User != "":
|
||||
authVal := b64.StdEncoding.EncodeToString([]byte(session.User + ":" + p.BasicAuthPassword))
|
||||
rw.Header().Set("Authorization", "Basic "+authVal)
|
||||
} else {
|
||||
default:
|
||||
rw.Header().Del("Authorization")
|
||||
}
|
||||
}
|
||||
|
@ -956,7 +956,7 @@ func TestLoadCookiedSession(t *testing.T) {
|
||||
session, err := pcTest.LoadCookiedSession()
|
||||
assert.Equal(t, nil, err)
|
||||
assert.Equal(t, startSession.Email, session.Email)
|
||||
assert.Equal(t, "john.doe@example.com", session.User)
|
||||
assert.Equal(t, "", session.User)
|
||||
assert.Equal(t, startSession.AccessToken, session.AccessToken)
|
||||
}
|
||||
|
||||
|
@ -193,8 +193,5 @@ func DecodeSessionState(v string, c *encryption.Cipher) (*SessionState, error) {
|
||||
}
|
||||
}
|
||||
}
|
||||
if ss.User == "" {
|
||||
ss.User = ss.Email
|
||||
}
|
||||
return ss, nil
|
||||
}
|
||||
|
@ -33,7 +33,7 @@ func TestSessionStateSerialization(t *testing.T) {
|
||||
ss, err := sessions.DecodeSessionState(encoded, c)
|
||||
t.Logf("%#v", ss)
|
||||
assert.Equal(t, nil, err)
|
||||
assert.Equal(t, "user@domain.com", ss.User)
|
||||
assert.Equal(t, "", ss.User)
|
||||
assert.Equal(t, s.Email, ss.Email)
|
||||
assert.Equal(t, s.PreferredUsername, ss.PreferredUsername)
|
||||
assert.Equal(t, s.AccessToken, ss.AccessToken)
|
||||
@ -112,7 +112,7 @@ func TestSessionStateSerializationNoCipher(t *testing.T) {
|
||||
// only email should have been serialized
|
||||
ss, err := sessions.DecodeSessionState(encoded, nil)
|
||||
assert.Equal(t, nil, err)
|
||||
assert.Equal(t, "user@domain.com", ss.User)
|
||||
assert.Equal(t, "", ss.User)
|
||||
assert.Equal(t, s.Email, ss.Email)
|
||||
assert.Equal(t, s.PreferredUsername, ss.PreferredUsername)
|
||||
assert.Equal(t, "", ss.AccessToken)
|
||||
@ -226,7 +226,7 @@ func TestDecodeSessionState(t *testing.T) {
|
||||
{
|
||||
SessionState: sessions.SessionState{
|
||||
Email: "user@domain.com",
|
||||
User: "user@domain.com",
|
||||
User: "",
|
||||
},
|
||||
Encoded: `{"Email":"user@domain.com"}`,
|
||||
},
|
||||
|
Loading…
Reference in New Issue
Block a user