From 3d7633f4a6639a9218a40916290f8ae56add04e3 Mon Sep 17 00:00:00 2001 From: ctas582 Date: Wed, 10 Apr 2019 16:18:06 +0100 Subject: [PATCH] Forward all header values from forward auth response --- pkg/middlewares/auth/forward.go | 6 +++++- pkg/middlewares/auth/forward_test.go | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/pkg/middlewares/auth/forward.go b/pkg/middlewares/auth/forward.go index d856f089e..ce2fd5736 100644 --- a/pkg/middlewares/auth/forward.go +++ b/pkg/middlewares/auth/forward.go @@ -147,7 +147,11 @@ func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) { } for _, headerName := range fa.authResponseHeaders { - req.Header.Set(headerName, forwardResponse.Header.Get(headerName)) + headerKey := http.CanonicalHeaderKey(headerName) + req.Header.Del(headerKey) + if len(forwardResponse.Header[headerKey]) > 0 { + req.Header[headerKey] = append([]string(nil), forwardResponse.Header[headerKey]...) + } } req.RequestURI = req.URL.RequestURI() diff --git a/pkg/middlewares/auth/forward_test.go b/pkg/middlewares/auth/forward_test.go index ae0b6452c..cd3089eef 100644 --- a/pkg/middlewares/auth/forward_test.go +++ b/pkg/middlewares/auth/forward_test.go @@ -50,6 +50,8 @@ func TestForwardAuthSuccess(t *testing.T) { server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("X-Auth-User", "user@example.com") w.Header().Set("X-Auth-Secret", "secret") + w.Header().Add("X-Auth-Group", "group1") + w.Header().Add("X-Auth-Group", "group2") fmt.Fprintln(w, "Success") })) defer server.Close() @@ -57,12 +59,13 @@ func TestForwardAuthSuccess(t *testing.T) { next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { assert.Equal(t, "user@example.com", r.Header.Get("X-Auth-User")) assert.Empty(t, r.Header.Get("X-Auth-Secret")) + assert.Equal(t, []string{"group1", "group2"}, r.Header["X-Auth-Group"]) fmt.Fprintln(w, "traefik") }) auth := config.ForwardAuth{ Address: server.URL, - AuthResponseHeaders: []string{"X-Auth-User"}, + AuthResponseHeaders: []string{"X-Auth-User", "X-Auth-Group"}, } middleware, err := NewForward(context.Background(), next, auth, "authTest") require.NoError(t, err) @@ -71,6 +74,7 @@ func TestForwardAuthSuccess(t *testing.T) { defer ts.Close() req := testhelpers.MustNewRequest(http.MethodGet, ts.URL, nil) + req.Header.Set("X-Auth-Group", "admin_group") res, err := http.DefaultClient.Do(req) require.NoError(t, err) assert.Equal(t, http.StatusOK, res.StatusCode)