From 7f3cef6dad95e6d535d99b9505e5165a1707142b Mon Sep 17 00:00:00 2001 From: Rob Archibald Date: Tue, 24 Jan 2017 14:52:09 -0800 Subject: [PATCH] Send JSON-encoded user session data through X-User header. --- nginxauth.go | 47 +++++++++++++++++++++++++++++++++++------------ nginxauth_test.go | 10 +++++----- 2 files changed, 40 insertions(+), 17 deletions(-) diff --git a/nginxauth.go b/nginxauth.go index 6834ecf..757b1eb 100644 --- a/nginxauth.go +++ b/nginxauth.go @@ -1,6 +1,7 @@ package main import ( + "encoding/json" "fmt" "github.com/gorilla/handlers" "github.com/robarchibald/configReader" @@ -177,23 +178,45 @@ func (s *nginxauth) method(name string, handler func(authStore authStorer, w htt func auth(authStore authStorer, w http.ResponseWriter, r *http.Request) { session, err := authStore.GetSession() if err != nil { - http.Error(w, "Authentication required: "+err.Error(), http.StatusUnauthorized) - if a, ok := err.(*authError); ok { - fmt.Println(a.Trace()) - } - } else { - addUserHeader(session, w) + authErr(w, r, err) + return + } + + user, err := json.Marshal(&userLogin{Email: session.Email, UserID: session.UserID, FullName: session.FullName}) + if err != nil { + authErr(w, r, err) + return + } + + addUserHeader(string(user), w) +} + +func authErr(w http.ResponseWriter, r *http.Request, err error) { + http.Error(w, "Authentication required: "+err.Error(), http.StatusUnauthorized) + if a, ok := err.(*authError); ok { + fmt.Println(a.Trace()) } } func authBasic(authStore authStorer, w http.ResponseWriter, r *http.Request) { session, err := authStore.GetBasicAuth() if err != nil { - w.Header().Set("WWW-Authenticate", "Basic realm='Endfirst.com'") - http.Error(w, "Authentication required: "+err.Error(), http.StatusUnauthorized) - } else { - addUserHeader(session, w) + basicErr(w, r, err) + return } + + user, err := json.Marshal(&userLogin{Email: session.Email, UserID: session.UserID, FullName: session.FullName}) + if err != nil { + basicErr(w, r, err) + return + } + + addUserHeader(string(user), w) +} + +func basicErr(w http.ResponseWriter, r *http.Request, err error) { + w.Header().Set("WWW-Authenticate", "Basic realm='Endfirst.com'") + http.Error(w, "Authentication required: "+err.Error(), http.StatusUnauthorized) } func login(authStore authStorer, w http.ResponseWriter, r *http.Request) { @@ -234,6 +257,6 @@ func run(method func() error, w http.ResponseWriter) { } } -func addUserHeader(session *loginSession, w http.ResponseWriter) { - w.Header().Add("X-User", session.Email) +func addUserHeader(userJSON string, w http.ResponseWriter) { + w.Header().Add("X-User", userJSON) } diff --git a/nginxauth_test.go b/nginxauth_test.go index b70b204..9c73300 100644 --- a/nginxauth_test.go +++ b/nginxauth_test.go @@ -43,9 +43,9 @@ func TestAuth(t *testing.T) { } w = httptest.NewRecorder() - storer = &mockAuthStorer{SessionReturn: &loginSession{Email: "test@test.com"}} + storer = &mockAuthStorer{SessionReturn: &loginSession{UserID: 1, Email: "test@test.com", FullName: "Name"}} auth(storer, w, nil) - if w.Header().Get("X-User") != "test@test.com" || storer.LastRun != "GetSession" { + if w.Header().Get("X-User") != `{"UserID":1,"Email":"test@test.com","FullName":"Name"}` || storer.LastRun != "GetSession" { t.Error("expected User header to be set", w.Header().Get("X-User"), storer.LastRun) } } @@ -61,7 +61,7 @@ func TestAuthBasic(t *testing.T) { w = httptest.NewRecorder() storer = &mockAuthStorer{SessionReturn: &loginSession{Email: "test@test.com"}} authBasic(storer, w, nil) - if w.Header().Get("X-User") != "test@test.com" || storer.LastRun != "GetBasicAuth" { + if w.Header().Get("X-User") != `{"UserID":0,"Email":"test@test.com","FullName":""}` || storer.LastRun != "GetBasicAuth" { t.Error("expected User header to be set", w.Header().Get("X-User"), storer.LastRun) } } @@ -129,8 +129,8 @@ func TestVerifyEmail(t *testing.T) { func TestAddUserHeader(t *testing.T) { w := httptest.NewRecorder() - addUserHeader(&loginSession{Email: "test@test.com"}, w) - if w.Header().Get("X-User") != "test@test.com" { + addUserHeader(`{"name": "value"}`, w) + if w.Header().Get("X-User") != `{"name": "value"}` { t.Error("expected halfauth header", w.Header()) } }