Implement support for authentication via Auth Proxy

Auth Proxy allows to authenticate a user using an HTTP header provided by an external authentication service. This provides a way to authenticate users in miniflux using authentication schemes not supported by miniflux itself (LDAP, non-Google OAuth2 providers, etc.) and to implement SSO for multiple applications behind single authentication service. Auth Proxy header is checked for the '/' endpoint only, as the rest are protected by the miniflux user/app sessions. Closes #534 Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2025-09-15 18:57:04 +00:00 · 2020-01-29 13:45:59 +03:00 · 2020-01-29 13:45:59 +03:00 · 7389c79c52
commit 7389c79c52
parent d5adf8b9f6
5 changed files with 159 additions and 1 deletions
--- a/config/config_test.go
+++ b/config/config_test.go
@ -1257,3 +1257,73 @@ Invalid text
 		t.Fatal(err)
 	}
 }
+
+func TestAuthProxyHeader(t *testing.T) {
+	os.Clearenv()
+	os.Setenv("AUTH_PROXY_HEADER", "X-Forwarded-User")
+
+	parser := NewParser()
+	opts, err := parser.ParseEnvironmentVariables()
+	if err != nil {
+		t.Fatalf(`Parsing failure: %v`, err)
+	}
+
+	expected := "X-Forwarded-User"
+	result := opts.AuthProxyHeader()
+
+	if result != expected {
+		t.Fatalf(`Unexpected AUTH_PROXY_HEADER value, got %q instead of %q`, result, expected)
+	}
+}
+
+func TestDefaultAuthProxyHeaderValue(t *testing.T) {
+	os.Clearenv()
+
+	parser := NewParser()
+	opts, err := parser.ParseEnvironmentVariables()
+	if err != nil {
+		t.Fatalf(`Parsing failure: %v`, err)
+	}
+
+	expected := defaultAuthProxyHeader
+	result := opts.AuthProxyHeader()
+
+	if result != expected {
+		t.Fatalf(`Unexpected AUTH_PROXY_HEADER value, got %q instead of %q`, result, expected)
+	}
+}
+
+func TestAuthProxyUserCreationWhenUnset(t *testing.T) {
+	os.Clearenv()
+
+	parser := NewParser()
+	opts, err := parser.ParseEnvironmentVariables()
+	if err != nil {
+		t.Fatalf(`Parsing failure: %v`, err)
+	}
+
+	expected := false
+	result := opts.IsAuthProxyUserCreationAllowed()
+
+	if result != expected {
+		t.Fatalf(`Unexpected AUTH_PROXY_USER_CREATION value, got %v instead of %v`, result, expected)
+	}
+}
+
+func TestAuthProxyUserCreationAdmin(t *testing.T) {
+	os.Clearenv()
+	os.Setenv("AUTH_PROXY_USER_CREATION", "1")
+
+	parser := NewParser()
+	opts, err := parser.ParseEnvironmentVariables()
+	if err != nil {
+		t.Fatalf(`Parsing failure: %v`, err)
+	}
+
+	expected := true
+	result := opts.IsAuthProxyUserCreationAllowed()
+
+	if result != expected {
+		t.Fatalf(`Unexpected AUTH_PROXY_USER_CREATION value, got %v instead of %v`, result, expected)
+	}
+}