Append redirection params (#2685)
This commit is contained in:
parent
56460d1d5b
commit
2b6c478f41
|
@ -86,7 +86,11 @@ request authorization from a central FastCGI server:
|
||||||
# Keep original request (LLNG server will received /lmauth)
|
# Keep original request (LLNG server will received /lmauth)
|
||||||
fastcgi_param X_ORIGINAL_URI $original_uri;
|
fastcgi_param X_ORIGINAL_URI $original_uri;
|
||||||
|
|
||||||
# Set dynamically rules (LLNG will poll it every 10 mn)
|
# Set redirection params
|
||||||
|
fastcgi_param HTTPS_REDIRECT "$https";
|
||||||
|
fastcgi_param PORT_REDIRECT $server_port;
|
||||||
|
|
||||||
|
# Set dynamically rules (LL::NG will poll it every 10 mn)
|
||||||
fastcgi_param RULES_URL http://rulesserver/my.json;
|
fastcgi_param RULES_URL http://rulesserver/my.json;
|
||||||
}
|
}
|
||||||
location /rules.json {
|
location /rules.json {
|
||||||
|
@ -138,6 +142,8 @@ FastCGI" configuration.
|
||||||
# used to make the authentication decision about this virtualhost
|
# used to make the authentication decision about this virtualhost
|
||||||
# Make sure the central FastCGI server can reach it
|
# Make sure the central FastCGI server can reach it
|
||||||
PerlSetVar RULES_URL http://app.tld/rules.json
|
PerlSetVar RULES_URL http://app.tld/rules.json
|
||||||
|
PerlSetVar HTTPS_REDIRECT HTTPS
|
||||||
|
PerlSetVar PORT_REDIRECT SERVER_PORT
|
||||||
...
|
...
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
|
@ -158,6 +164,8 @@ you can protect also an Express server. Example:
|
||||||
port: 9090,
|
port: 9090,
|
||||||
PARAMS: {
|
PARAMS: {
|
||||||
RULES_URL: 'http://my-server/rules.json'
|
RULES_URL: 'http://my-server/rules.json'
|
||||||
|
HTTPS_REDIRECT: 'ON',
|
||||||
|
PORT_REDIRECT: '443'
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -204,6 +212,8 @@ Simple example:
|
||||||
port => '9090',
|
port => '9090',
|
||||||
fcgi_auth_params => {
|
fcgi_auth_params => {
|
||||||
RULES_URL => 'https://my-server/my.json',
|
RULES_URL => 'https://my-server/my.json',
|
||||||
|
HTTPS_REDIRECT => 'ON',
|
||||||
|
PORT_REDIRECT => 443
|
||||||
},
|
},
|
||||||
# Optional rejection subroutine
|
# Optional rejection subroutine
|
||||||
#on_reject => \&on_reject;
|
#on_reject => \&on_reject;
|
||||||
|
@ -229,6 +239,7 @@ directory.
|
||||||
.. code-block:: nginx
|
.. code-block:: nginx
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
listen <port>;
|
||||||
server_name "~^(?<vhost>.+?)\.dev\.sso\.my\.domain$";
|
server_name "~^(?<vhost>.+?)\.dev\.sso\.my\.domain$";
|
||||||
location = /lmauth {
|
location = /lmauth {
|
||||||
internal;
|
internal;
|
||||||
|
@ -243,6 +254,9 @@ directory.
|
||||||
fastcgi_param HOST $http_host;
|
fastcgi_param HOST $http_host;
|
||||||
# Keep original request (LL::NG server will received /lmauth)
|
# Keep original request (LL::NG server will received /lmauth)
|
||||||
fastcgi_param X_ORIGINAL_URI $original_uri;
|
fastcgi_param X_ORIGINAL_URI $original_uri;
|
||||||
|
# Set redirection params
|
||||||
|
fastcgi_param HTTPS_REDIRECT "$https";
|
||||||
|
fastcgi_param PORT_REDIRECT $server_port;
|
||||||
}
|
}
|
||||||
location /rules.json {
|
location /rules.json {
|
||||||
auth_request off;
|
auth_request off;
|
||||||
|
|
|
@ -94,6 +94,10 @@ q"I refuse to compile 'rules.json' when useSafeJail isn't activated! Yes I know,
|
||||||
$class->locationRulesInit( undef, { $vhost => $json->{rules} } );
|
$class->locationRulesInit( undef, { $vhost => $json->{rules} } );
|
||||||
$class->headersInit( undef, { $vhost => $json->{headers} } );
|
$class->headersInit( undef, { $vhost => $json->{headers} } );
|
||||||
$class->tsv->{lastVhostUpdate}->{$vhost} = time;
|
$class->tsv->{lastVhostUpdate}->{$vhost} = time;
|
||||||
|
$class->tsv->{https}->{$vhost} = uc $req->env->{HTTPS_REDIRECT} eq 'ON'
|
||||||
|
if exists $req->env->{HTTPS_REDIRECT};
|
||||||
|
$class->tsv->{port}->{$vhost} = $req->env->{PORT_REDIRECT}
|
||||||
|
if exists $req->env->{PORT_REDIRECT};
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,9 +11,11 @@ BEGIN {
|
||||||
init(
|
init(
|
||||||
'Lemonldap::NG::Handler::Server',
|
'Lemonldap::NG::Handler::Server',
|
||||||
{
|
{
|
||||||
#logLevel => 'debug',
|
logLevel => 'debug',
|
||||||
vhostOptions => {
|
vhostOptions => {
|
||||||
'test3.example.com' => {
|
'test3.example.com' => {
|
||||||
|
vhostHttps => 0,
|
||||||
|
vhostPort => 80,
|
||||||
vhostDevOpsRulesUrl =>
|
vhostDevOpsRulesUrl =>
|
||||||
'http://donotuse.example.com/myfile.json',
|
'http://donotuse.example.com/myfile.json',
|
||||||
},
|
},
|
||||||
|
@ -23,6 +25,42 @@ init(
|
||||||
|
|
||||||
my $res;
|
my $res;
|
||||||
|
|
||||||
|
# Unauthorized queries
|
||||||
|
ok(
|
||||||
|
$res = $client->_get(
|
||||||
|
'/', undef,
|
||||||
|
'test3.example.com', undef,
|
||||||
|
VHOSTTYPE => 'DevOps',
|
||||||
|
RULES_URL => 'http://devops.example.com/file.json'
|
||||||
|
),
|
||||||
|
'Unauthorized query'
|
||||||
|
);
|
||||||
|
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
|
||||||
|
${ $res->[1] }[1] =~ m#http://auth\.example\.com/\?url=(.+?)%#;
|
||||||
|
ok( decode_base64 $1 eq 'http://test3.example.com/', 'Redirect URL found' )
|
||||||
|
or explain( decode_base64 $1, 'http://test3.example.com/' );
|
||||||
|
count(3);
|
||||||
|
|
||||||
|
Time::Fake->offset("+700s");
|
||||||
|
|
||||||
|
ok(
|
||||||
|
$res = $client->_get(
|
||||||
|
'/', undef,
|
||||||
|
'test3.example.com', undef,
|
||||||
|
HTTPS_REDIRECT => 'on',
|
||||||
|
PORT_REDIRECT => 8443,
|
||||||
|
VHOSTTYPE => 'DevOps',
|
||||||
|
RULES_URL => 'http://devops.example.com/file.json'
|
||||||
|
),
|
||||||
|
'Unauthorized query 2'
|
||||||
|
);
|
||||||
|
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
|
||||||
|
${ $res->[1] }[1] =~ m#http://auth\.example\.com/\?url=(.+?)%#;
|
||||||
|
ok( decode_base64 $1 eq 'https://test3.example.com:8443/',
|
||||||
|
'Redirect URL found' )
|
||||||
|
or explain( decode_base64 $1, 'https://test3.example.com:8443/' );
|
||||||
|
count(3);
|
||||||
|
|
||||||
# Authorized queries
|
# Authorized queries
|
||||||
ok(
|
ok(
|
||||||
$res = $client->_get(
|
$res = $client->_get(
|
||||||
|
|
Loading…
Reference in New Issue
Block a user