mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-13 22:51:08 -05:00
Use authentification credentials from proxy's configuration as a default. (#951)
This commit is contained in:
Viacheslav Chimishuk
Matt Holt
parent
6490ff6224
commit
62e8c4b76b
2 changed files with 73 additions and 0 deletions
|
|
@ -110,6 +110,12 @@ func (p Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
|
||||||
if proxy == nil {
|
if proxy == nil {
|
||||||
proxy = NewSingleHostReverseProxy(nameURL, host.WithoutPathPrefix)
|
proxy = NewSingleHostReverseProxy(nameURL, host.WithoutPathPrefix)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// use upstream credentials by default
|
||||||
|
if outreq.Header.Get("Authorization") == "" && nameURL.User != nil {
|
||||||
|
pwd, _ := nameURL.User.Password()
|
||||||
|
outreq.SetBasicAuth(nameURL.User.Username(), pwd)
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
outreq.Host = host.Name
|
outreq.Host = host.Name
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -642,6 +642,73 @@ func TestHostHeaderReplacedUsingForward(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestBasicAuth(t *testing.T) {
|
||||||
|
basicAuthTestcase(t, nil, nil)
|
||||||
|
basicAuthTestcase(t, nil, url.UserPassword("username", "password"))
|
||||||
|
basicAuthTestcase(t, url.UserPassword("usename", "password"), nil)
|
||||||
|
basicAuthTestcase(t, url.UserPassword("unused", "unused"),
|
||||||
|
url.UserPassword("username", "password"))
|
||||||
|
}
|
||||||
|
|
||||||
|
func basicAuthTestcase(t *testing.T, upstreamUser, clientUser *url.Userinfo) {
|
||||||
|
backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
u, p, ok := r.BasicAuth()
|
||||||
|
|
||||||
|
if ok {
|
||||||
|
w.Write([]byte(u))
|
||||||
|
}
|
||||||
|
if ok && p != "" {
|
||||||
|
w.Write([]byte(":"))
|
||||||
|
w.Write([]byte(p))
|
||||||
|
}
|
||||||
|
}))
|
||||||
|
defer backend.Close()
|
||||||
|
|
||||||
|
backUrl, err := url.Parse(backend.URL)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Failed to parse URL: %v", err)
|
||||||
|
}
|
||||||
|
backUrl.User = upstreamUser
|
||||||
|
|
||||||
|
p := &Proxy{
|
||||||
|
Next: httpserver.EmptyNext,
|
||||||
|
Upstreams: []Upstream{newFakeUpstream(backUrl.String(), false)},
|
||||||
|
}
|
||||||
|
r, err := http.NewRequest("GET", "/foo", nil)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Failed to create request: %v", err)
|
||||||
|
}
|
||||||
|
if clientUser != nil {
|
||||||
|
u := clientUser.Username()
|
||||||
|
p, _ := clientUser.Password()
|
||||||
|
r.SetBasicAuth(u, p)
|
||||||
|
}
|
||||||
|
w := httptest.NewRecorder()
|
||||||
|
|
||||||
|
p.ServeHTTP(w, r)
|
||||||
|
|
||||||
|
if w.Code != 200 {
|
||||||
|
t.Fatalf("Invalid response code: %d", w.Code)
|
||||||
|
}
|
||||||
|
body, _ := ioutil.ReadAll(w.Body)
|
||||||
|
|
||||||
|
if clientUser != nil {
|
||||||
|
if string(body) != clientUser.String() {
|
||||||
|
t.Fatalf("Invalid auth info: %s", string(body))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if upstreamUser != nil {
|
||||||
|
if string(body) != upstreamUser.String() {
|
||||||
|
t.Fatalf("Invalid auth info: %s", string(body))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if string(body) != "" {
|
||||||
|
t.Fatalf("Invalid auth info: %s", string(body))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func newFakeUpstream(name string, insecure bool) *fakeUpstream {
|
func newFakeUpstream(name string, insecure bool) *fakeUpstream {
|
||||||
uri, _ := url.Parse(name)
|
uri, _ := url.Parse(name)
|
||||||
u := &fakeUpstream{
|
u := &fakeUpstream{
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue