1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-09-15 18:57:04 +00:00

Implement support for authentication via Auth Proxy

Auth Proxy allows to authenticate a user using an HTTP header provided
by an external authentication service. This provides a way to
authenticate users in miniflux using authentication schemes not
supported by miniflux itself (LDAP, non-Google OAuth2 providers, etc.)
and to implement SSO for multiple applications behind single
authentication service.

Auth Proxy header is checked for the '/' endpoint only, as the rest are
protected by the miniflux user/app sessions.

Closes #534

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
This commit is contained in:
Pavel Borzenkov 2020-01-29 13:45:59 +03:00 committed by Frédéric Guillot
parent d5adf8b9f6
commit 7389c79c52
5 changed files with 159 additions and 1 deletions

View file

@ -1257,3 +1257,73 @@ Invalid text
t.Fatal(err)
}
}
func TestAuthProxyHeader(t *testing.T) {
os.Clearenv()
os.Setenv("AUTH_PROXY_HEADER", "X-Forwarded-User")
parser := NewParser()
opts, err := parser.ParseEnvironmentVariables()
if err != nil {
t.Fatalf(`Parsing failure: %v`, err)
}
expected := "X-Forwarded-User"
result := opts.AuthProxyHeader()
if result != expected {
t.Fatalf(`Unexpected AUTH_PROXY_HEADER value, got %q instead of %q`, result, expected)
}
}
func TestDefaultAuthProxyHeaderValue(t *testing.T) {
os.Clearenv()
parser := NewParser()
opts, err := parser.ParseEnvironmentVariables()
if err != nil {
t.Fatalf(`Parsing failure: %v`, err)
}
expected := defaultAuthProxyHeader
result := opts.AuthProxyHeader()
if result != expected {
t.Fatalf(`Unexpected AUTH_PROXY_HEADER value, got %q instead of %q`, result, expected)
}
}
func TestAuthProxyUserCreationWhenUnset(t *testing.T) {
os.Clearenv()
parser := NewParser()
opts, err := parser.ParseEnvironmentVariables()
if err != nil {
t.Fatalf(`Parsing failure: %v`, err)
}
expected := false
result := opts.IsAuthProxyUserCreationAllowed()
if result != expected {
t.Fatalf(`Unexpected AUTH_PROXY_USER_CREATION value, got %v instead of %v`, result, expected)
}
}
func TestAuthProxyUserCreationAdmin(t *testing.T) {
os.Clearenv()
os.Setenv("AUTH_PROXY_USER_CREATION", "1")
parser := NewParser()
opts, err := parser.ParseEnvironmentVariables()
if err != nil {
t.Fatalf(`Parsing failure: %v`, err)
}
expected := true
result := opts.IsAuthProxyUserCreationAllowed()
if result != expected {
t.Fatalf(`Unexpected AUTH_PROXY_USER_CREATION value, got %v instead of %v`, result, expected)
}
}