From 05cfb121ec3f214c0e45206c188f34bad4d4eb8c Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 4 Nov 2024 16:58:53 -0500 Subject: forwardauth: Skip copying missing response headers (#6608) --- .../forward_auth_authelia.caddyfiletest | 102 +++++++++++++++- .../forward_auth_rename_headers.caddyfiletest | 132 +++++++++++++++++++-- 2 files changed, 221 insertions(+), 13 deletions(-) (limited to 'caddytest') diff --git a/caddytest/integration/caddyfile_adapt/forward_auth_authelia.caddyfiletest b/caddytest/integration/caddyfile_adapt/forward_auth_authelia.caddyfiletest index a05703280..240bdc62f 100644 --- a/caddytest/integration/caddyfile_adapt/forward_auth_authelia.caddyfiletest +++ b/caddytest/integration/caddyfile_adapt/forward_auth_authelia.caddyfiletest @@ -1,6 +1,6 @@ app.example.com { forward_auth authelia:9091 { - uri /api/verify?rd=https://authelia.example.com + uri /api/authz/forward-auth copy_headers Remote-User Remote-Groups Remote-Name Remote-Email } @@ -39,6 +39,13 @@ app.example.com { ] }, "routes": [ + { + "handle": [ + { + "handler": "vars" + } + ] + }, { "handle": [ { @@ -47,19 +54,104 @@ app.example.com { "set": { "Remote-Email": [ "{http.reverse_proxy.header.Remote-Email}" - ], + ] + } + } + } + ], + "match": [ + { + "not": [ + { + "vars": { + "{http.reverse_proxy.header.Remote-Email}": [ + "" + ] + } + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "headers", + "request": { + "set": { "Remote-Groups": [ "{http.reverse_proxy.header.Remote-Groups}" - ], + ] + } + } + } + ], + "match": [ + { + "not": [ + { + "vars": { + "{http.reverse_proxy.header.Remote-Groups}": [ + "" + ] + } + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "headers", + "request": { + "set": { "Remote-Name": [ "{http.reverse_proxy.header.Remote-Name}" - ], + ] + } + } + } + ], + "match": [ + { + "not": [ + { + "vars": { + "{http.reverse_proxy.header.Remote-Name}": [ + "" + ] + } + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "headers", + "request": { + "set": { "Remote-User": [ "{http.reverse_proxy.header.Remote-User}" ] } } } + ], + "match": [ + { + "not": [ + { + "vars": { + "{http.reverse_proxy.header.Remote-User}": [ + "" + ] + } + } + ] + } ] } ] @@ -80,7 +172,7 @@ app.example.com { }, "rewrite": { "method": "GET", - "uri": "/api/verify?rd=https://authelia.example.com" + "uri": "/api/authz/forward-auth" }, "upstreams": [ { diff --git a/caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.caddyfiletest b/caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.caddyfiletest index 65228174d..c2be2ed43 100644 --- a/caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.caddyfiletest +++ b/caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.caddyfiletest @@ -28,6 +28,13 @@ forward_auth localhost:9000 { ] }, "routes": [ + { + "handle": [ + { + "handler": "vars" + } + ] + }, { "handle": [ { @@ -36,22 +43,131 @@ forward_auth localhost:9000 { "set": { "1": [ "{http.reverse_proxy.header.A}" - ], - "3": [ - "{http.reverse_proxy.header.C}" - ], - "5": [ - "{http.reverse_proxy.header.E}" - ], + ] + } + } + } + ], + "match": [ + { + "not": [ + { + "vars": { + "{http.reverse_proxy.header.A}": [ + "" + ] + } + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "headers", + "request": { + "set": { "B": [ "{http.reverse_proxy.header.B}" - ], + ] + } + } + } + ], + "match": [ + { + "not": [ + { + "vars": { + "{http.reverse_proxy.header.B}": [ + "" + ] + } + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "headers", + "request": { + "set": { + "3": [ + "{http.reverse_proxy.header.C}" + ] + } + } + } + ], + "match": [ + { + "not": [ + { + "vars": { + "{http.reverse_proxy.header.C}": [ + "" + ] + } + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "headers", + "request": { + "set": { "D": [ "{http.reverse_proxy.header.D}" ] } } } + ], + "match": [ + { + "not": [ + { + "vars": { + "{http.reverse_proxy.header.D}": [ + "" + ] + } + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "headers", + "request": { + "set": { + "5": [ + "{http.reverse_proxy.header.E}" + ] + } + } + } + ], + "match": [ + { + "not": [ + { + "vars": { + "{http.reverse_proxy.header.E}": [ + "" + ] + } + } + ] + } ] } ] -- cgit v1.2.3