mirror of
https://github.com/miniflux/v2.git
synced 2025-09-15 18:57:04 +00:00
Implement support for authentication via Auth Proxy
Auth Proxy allows to authenticate a user using an HTTP header provided by an external authentication service. This provides a way to authenticate users in miniflux using authentication schemes not supported by miniflux itself (LDAP, non-Google OAuth2 providers, etc.) and to implement SSO for multiple applications behind single authentication service. Auth Proxy header is checked for the '/' endpoint only, as the rest are protected by the miniflux user/app sessions. Closes #534 Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
This commit is contained in:
parent
d5adf8b9f6
commit
7389c79c52
5 changed files with 159 additions and 1 deletions
|
@ -1257,3 +1257,73 @@ Invalid text
|
|||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAuthProxyHeader(t *testing.T) {
|
||||
os.Clearenv()
|
||||
os.Setenv("AUTH_PROXY_HEADER", "X-Forwarded-User")
|
||||
|
||||
parser := NewParser()
|
||||
opts, err := parser.ParseEnvironmentVariables()
|
||||
if err != nil {
|
||||
t.Fatalf(`Parsing failure: %v`, err)
|
||||
}
|
||||
|
||||
expected := "X-Forwarded-User"
|
||||
result := opts.AuthProxyHeader()
|
||||
|
||||
if result != expected {
|
||||
t.Fatalf(`Unexpected AUTH_PROXY_HEADER value, got %q instead of %q`, result, expected)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDefaultAuthProxyHeaderValue(t *testing.T) {
|
||||
os.Clearenv()
|
||||
|
||||
parser := NewParser()
|
||||
opts, err := parser.ParseEnvironmentVariables()
|
||||
if err != nil {
|
||||
t.Fatalf(`Parsing failure: %v`, err)
|
||||
}
|
||||
|
||||
expected := defaultAuthProxyHeader
|
||||
result := opts.AuthProxyHeader()
|
||||
|
||||
if result != expected {
|
||||
t.Fatalf(`Unexpected AUTH_PROXY_HEADER value, got %q instead of %q`, result, expected)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAuthProxyUserCreationWhenUnset(t *testing.T) {
|
||||
os.Clearenv()
|
||||
|
||||
parser := NewParser()
|
||||
opts, err := parser.ParseEnvironmentVariables()
|
||||
if err != nil {
|
||||
t.Fatalf(`Parsing failure: %v`, err)
|
||||
}
|
||||
|
||||
expected := false
|
||||
result := opts.IsAuthProxyUserCreationAllowed()
|
||||
|
||||
if result != expected {
|
||||
t.Fatalf(`Unexpected AUTH_PROXY_USER_CREATION value, got %v instead of %v`, result, expected)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAuthProxyUserCreationAdmin(t *testing.T) {
|
||||
os.Clearenv()
|
||||
os.Setenv("AUTH_PROXY_USER_CREATION", "1")
|
||||
|
||||
parser := NewParser()
|
||||
opts, err := parser.ParseEnvironmentVariables()
|
||||
if err != nil {
|
||||
t.Fatalf(`Parsing failure: %v`, err)
|
||||
}
|
||||
|
||||
expected := true
|
||||
result := opts.IsAuthProxyUserCreationAllowed()
|
||||
|
||||
if result != expected {
|
||||
t.Fatalf(`Unexpected AUTH_PROXY_USER_CREATION value, got %v instead of %v`, result, expected)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue