Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
6c9d8336
Unverified
Commit
6c9d8336
authored
Mar 20, 2020
by
Jon McKenzie
Committed by
GitHub
Mar 20, 2020
1
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
AuthProxy: Fixes bug where long username could not be cached (#22926)
parent
5df00abf
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
15 additions
and
9 deletions
+15
-9
pkg/middleware/auth_proxy/auth_proxy.go
+10
-2
pkg/middleware/auth_proxy/auth_proxy_test.go
+4
-5
pkg/middleware/middleware_test.go
+1
-2
No files found.
pkg/middleware/auth_proxy/auth_proxy.go
View file @
6c9d8336
package
authproxy
package
authproxy
import
(
import
(
"encoding/
base32
"
"encoding/
hex
"
"fmt"
"fmt"
"hash/fnv"
"net"
"net"
"net/mail"
"net/mail"
"reflect"
"reflect"
...
@@ -146,6 +147,13 @@ func (auth *AuthProxy) IsAllowedIP() (bool, *Error) {
...
@@ -146,6 +147,13 @@ func (auth *AuthProxy) IsAllowedIP() (bool, *Error) {
return
false
,
newError
(
"Proxy authentication required"
,
err
)
return
false
,
newError
(
"Proxy authentication required"
,
err
)
}
}
func
HashCacheKey
(
key
string
)
string
{
hasher
:=
fnv
.
New128a
()
// according to the documentation, Hash.Write cannot error, but linter is complaining
hasher
.
Write
([]
byte
(
key
))
// nolint: errcheck
return
hex
.
EncodeToString
(
hasher
.
Sum
(
nil
))
}
// getKey forms a key for the cache based on the headers received as part of the authentication flow.
// getKey forms a key for the cache based on the headers received as part of the authentication flow.
// Our configuration supports multiple headers. The main header contains the email or username.
// Our configuration supports multiple headers. The main header contains the email or username.
// And the additional ones that allow us to specify extra attributes: Name, Email or Groups.
// And the additional ones that allow us to specify extra attributes: Name, Email or Groups.
...
@@ -156,7 +164,7 @@ func (auth *AuthProxy) getKey() string {
...
@@ -156,7 +164,7 @@ func (auth *AuthProxy) getKey() string {
key
=
strings
.
Join
([]
string
{
key
,
header
},
"-"
)
// compose the key with any additional headers
key
=
strings
.
Join
([]
string
{
key
,
header
},
"-"
)
// compose the key with any additional headers
})
})
hashedKey
:=
base32
.
StdEncoding
.
EncodeToString
([]
byte
(
key
)
)
hashedKey
:=
HashCacheKey
(
key
)
return
fmt
.
Sprintf
(
CachePrefix
,
hashedKey
)
return
fmt
.
Sprintf
(
CachePrefix
,
hashedKey
)
}
}
...
...
pkg/middleware/auth_proxy/auth_proxy_test.go
View file @
6c9d8336
package
authproxy
package
authproxy
import
(
import
(
"encoding/base32"
"errors"
"errors"
"fmt"
"fmt"
"net/http"
"net/http"
...
@@ -79,7 +78,7 @@ func TestMiddlewareContext(t *testing.T) {
...
@@ -79,7 +78,7 @@ func TestMiddlewareContext(t *testing.T) {
Convey
(
"with a simple cache key"
,
func
()
{
Convey
(
"with a simple cache key"
,
func
()
{
// Set cache key
// Set cache key
key
:=
fmt
.
Sprintf
(
CachePrefix
,
base32
.
StdEncoding
.
EncodeToString
([]
byte
(
name
)
))
key
:=
fmt
.
Sprintf
(
CachePrefix
,
HashCacheKey
(
name
))
err
:=
store
.
Set
(
key
,
int64
(
33
),
0
)
err
:=
store
.
Set
(
key
,
int64
(
33
),
0
)
So
(
err
,
ShouldBeNil
)
So
(
err
,
ShouldBeNil
)
...
@@ -88,7 +87,7 @@ func TestMiddlewareContext(t *testing.T) {
...
@@ -88,7 +87,7 @@ func TestMiddlewareContext(t *testing.T) {
id
,
err
:=
auth
.
Login
()
id
,
err
:=
auth
.
Login
()
So
(
err
,
ShouldBeNil
)
So
(
err
,
ShouldBeNil
)
So
(
auth
.
getKey
(),
ShouldEqual
,
"auth-proxy-sync-ttl:
NVQXE23FNRXWO===
"
)
So
(
auth
.
getKey
(),
ShouldEqual
,
"auth-proxy-sync-ttl:
0a7f3374e9659b10980fd66247b0cf2f
"
)
So
(
id
,
ShouldEqual
,
33
)
So
(
id
,
ShouldEqual
,
33
)
})
})
...
@@ -97,7 +96,7 @@ func TestMiddlewareContext(t *testing.T) {
...
@@ -97,7 +96,7 @@ func TestMiddlewareContext(t *testing.T) {
group
:=
"grafana-core-team"
group
:=
"grafana-core-team"
req
.
Header
.
Add
(
"X-WEBAUTH-GROUPS"
,
group
)
req
.
Header
.
Add
(
"X-WEBAUTH-GROUPS"
,
group
)
key
:=
fmt
.
Sprintf
(
CachePrefix
,
base32
.
StdEncoding
.
EncodeToString
([]
byte
(
name
+
"-"
+
group
)
))
key
:=
fmt
.
Sprintf
(
CachePrefix
,
HashCacheKey
(
name
+
"-"
+
group
))
err
:=
store
.
Set
(
key
,
int64
(
33
),
0
)
err
:=
store
.
Set
(
key
,
int64
(
33
),
0
)
So
(
err
,
ShouldBeNil
)
So
(
err
,
ShouldBeNil
)
...
@@ -105,7 +104,7 @@ func TestMiddlewareContext(t *testing.T) {
...
@@ -105,7 +104,7 @@ func TestMiddlewareContext(t *testing.T) {
id
,
err
:=
auth
.
Login
()
id
,
err
:=
auth
.
Login
()
So
(
err
,
ShouldBeNil
)
So
(
err
,
ShouldBeNil
)
So
(
auth
.
getKey
(),
ShouldEqual
,
"auth-proxy-sync-ttl:
NVQXE23FNRXWOLLHOJQWMYLOMEWWG33SMUWXIZLBNU======
"
)
So
(
auth
.
getKey
(),
ShouldEqual
,
"auth-proxy-sync-ttl:
14f69b7023baa0ac98c96b31cec07bc0
"
)
So
(
id
,
ShouldEqual
,
33
)
So
(
id
,
ShouldEqual
,
33
)
})
})
...
...
pkg/middleware/middleware_test.go
View file @
6c9d8336
...
@@ -2,7 +2,6 @@ package middleware
...
@@ -2,7 +2,6 @@ package middleware
import
(
import
(
"context"
"context"
"encoding/base32"
"errors"
"errors"
"fmt"
"fmt"
"net/http"
"net/http"
...
@@ -364,7 +363,7 @@ func TestMiddlewareContext(t *testing.T) {
...
@@ -364,7 +363,7 @@ func TestMiddlewareContext(t *testing.T) {
return
nil
return
nil
})
})
key
:=
fmt
.
Sprintf
(
authproxy
.
CachePrefix
,
base32
.
StdEncoding
.
EncodeToString
([]
byte
(
name
+
"-"
+
group
)
))
key
:=
fmt
.
Sprintf
(
authproxy
.
CachePrefix
,
authproxy
.
HashCacheKey
(
name
+
"-"
+
group
))
err
:=
sc
.
remoteCacheService
.
Set
(
key
,
int64
(
33
),
0
)
err
:=
sc
.
remoteCacheService
.
Set
(
key
,
int64
(
33
),
0
)
So
(
err
,
ShouldBeNil
)
So
(
err
,
ShouldBeNil
)
sc
.
fakeReq
(
"GET"
,
"/"
)
sc
.
fakeReq
(
"GET"
,
"/"
)
...
...
Kornkitt Poolsup
@Doratong24
mentioned in commit
a04ef6ce
Mar 05, 2021
mentioned in commit
a04ef6ce
mentioned in commit a04ef6cefc2f24f901f525263f65cf395e6cff28
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment