Append redirection params (#2685)
This commit is contained in:
parent
56460d1d5b
commit
2b6c478f41
|
@ -86,7 +86,11 @@ request authorization from a central FastCGI server:
|
|||
# Keep original request (LLNG server will received /lmauth)
|
||||
fastcgi_param X_ORIGINAL_URI $original_uri;
|
||||
|
||||
# Set dynamically rules (LLNG will poll it every 10 mn)
|
||||
# Set redirection params
|
||||
fastcgi_param HTTPS_REDIRECT "$https";
|
||||
fastcgi_param PORT_REDIRECT $server_port;
|
||||
|
||||
# Set dynamically rules (LL::NG will poll it every 10 mn)
|
||||
fastcgi_param RULES_URL http://rulesserver/my.json;
|
||||
}
|
||||
location /rules.json {
|
||||
|
@ -138,6 +142,8 @@ FastCGI" configuration.
|
|||
# used to make the authentication decision about this virtualhost
|
||||
# Make sure the central FastCGI server can reach it
|
||||
PerlSetVar RULES_URL http://app.tld/rules.json
|
||||
PerlSetVar HTTPS_REDIRECT HTTPS
|
||||
PerlSetVar PORT_REDIRECT SERVER_PORT
|
||||
...
|
||||
</VirtualHost>
|
||||
|
||||
|
@ -158,6 +164,8 @@ you can protect also an Express server. Example:
|
|||
port: 9090,
|
||||
PARAMS: {
|
||||
RULES_URL: 'http://my-server/rules.json'
|
||||
HTTPS_REDIRECT: 'ON',
|
||||
PORT_REDIRECT: '443'
|
||||
}
|
||||
});
|
||||
|
||||
|
@ -204,6 +212,8 @@ Simple example:
|
|||
port => '9090',
|
||||
fcgi_auth_params => {
|
||||
RULES_URL => 'https://my-server/my.json',
|
||||
HTTPS_REDIRECT => 'ON',
|
||||
PORT_REDIRECT => 443
|
||||
},
|
||||
# Optional rejection subroutine
|
||||
#on_reject => \&on_reject;
|
||||
|
@ -229,6 +239,7 @@ directory.
|
|||
.. code-block:: nginx
|
||||
|
||||
server {
|
||||
listen <port>;
|
||||
server_name "~^(?<vhost>.+?)\.dev\.sso\.my\.domain$";
|
||||
location = /lmauth {
|
||||
internal;
|
||||
|
@ -243,6 +254,9 @@ directory.
|
|||
fastcgi_param HOST $http_host;
|
||||
# Keep original request (LL::NG server will received /lmauth)
|
||||
fastcgi_param X_ORIGINAL_URI $original_uri;
|
||||
# Set redirection params
|
||||
fastcgi_param HTTPS_REDIRECT "$https";
|
||||
fastcgi_param PORT_REDIRECT $server_port;
|
||||
}
|
||||
location /rules.json {
|
||||
auth_request off;
|
||||
|
|
|
@ -94,6 +94,10 @@ q"I refuse to compile 'rules.json' when useSafeJail isn't activated! Yes I know,
|
|||
$class->locationRulesInit( undef, { $vhost => $json->{rules} } );
|
||||
$class->headersInit( undef, { $vhost => $json->{headers} } );
|
||||
$class->tsv->{lastVhostUpdate}->{$vhost} = time;
|
||||
$class->tsv->{https}->{$vhost} = uc $req->env->{HTTPS_REDIRECT} eq 'ON'
|
||||
if exists $req->env->{HTTPS_REDIRECT};
|
||||
$class->tsv->{port}->{$vhost} = $req->env->{PORT_REDIRECT}
|
||||
if exists $req->env->{PORT_REDIRECT};
|
||||
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -11,9 +11,11 @@ BEGIN {
|
|||
init(
|
||||
'Lemonldap::NG::Handler::Server',
|
||||
{
|
||||
#logLevel => 'debug',
|
||||
logLevel => 'debug',
|
||||
vhostOptions => {
|
||||
'test3.example.com' => {
|
||||
vhostHttps => 0,
|
||||
vhostPort => 80,
|
||||
vhostDevOpsRulesUrl =>
|
||||
'http://donotuse.example.com/myfile.json',
|
||||
},
|
||||
|
@ -23,6 +25,42 @@ init(
|
|||
|
||||
my $res;
|
||||
|
||||
# Unauthorized queries
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/', undef,
|
||||
'test3.example.com', undef,
|
||||
VHOSTTYPE => 'DevOps',
|
||||
RULES_URL => 'http://devops.example.com/file.json'
|
||||
),
|
||||
'Unauthorized query'
|
||||
);
|
||||
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
|
||||
${ $res->[1] }[1] =~ m#http://auth\.example\.com/\?url=(.+?)%#;
|
||||
ok( decode_base64 $1 eq 'http://test3.example.com/', 'Redirect URL found' )
|
||||
or explain( decode_base64 $1, 'http://test3.example.com/' );
|
||||
count(3);
|
||||
|
||||
Time::Fake->offset("+700s");
|
||||
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/', undef,
|
||||
'test3.example.com', undef,
|
||||
HTTPS_REDIRECT => 'on',
|
||||
PORT_REDIRECT => 8443,
|
||||
VHOSTTYPE => 'DevOps',
|
||||
RULES_URL => 'http://devops.example.com/file.json'
|
||||
),
|
||||
'Unauthorized query 2'
|
||||
);
|
||||
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
|
||||
${ $res->[1] }[1] =~ m#http://auth\.example\.com/\?url=(.+?)%#;
|
||||
ok( decode_base64 $1 eq 'https://test3.example.com:8443/',
|
||||
'Redirect URL found' )
|
||||
or explain( decode_base64 $1, 'https://test3.example.com:8443/' );
|
||||
count(3);
|
||||
|
||||
# Authorized queries
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
|
|
Loading…
Reference in New Issue