mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-13 22:51:08 -05:00
basicauth: Don't remove Authorization header on good auth (fixes #1508)
This commit is contained in:
parent
5a41e8bc1a
commit
6aa0e30af3
2 changed files with 5 additions and 9 deletions
|
@ -62,13 +62,8 @@ func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error
|
||||||
// by this point, authentication was successful
|
// by this point, authentication was successful
|
||||||
isAuthenticated = true
|
isAuthenticated = true
|
||||||
|
|
||||||
// remove credentials from request to avoid leaking upstream
|
// let upstream middleware (e.g. fastcgi and cgi) know about authenticated user
|
||||||
r.Header.Del("Authorization")
|
r = r.WithContext(context.WithValue(r.Context(), caddy.CtxKey("remote_user"), username))
|
||||||
|
|
||||||
// let upstream middleware (e.g. fastcgi and cgi) know about authenticated
|
|
||||||
// user; this replaces the request with a wrapped instance
|
|
||||||
r = r.WithContext(context.WithValue(r.Context(),
|
|
||||||
caddy.CtxKey("remote_user"), username))
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -92,8 +92,9 @@ func TestBasicAuth(t *testing.T) {
|
||||||
t.Errorf("Test %d: response should have a 'Www-Authenticate' header", i)
|
t.Errorf("Test %d: response should have a 'Www-Authenticate' header", i)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if got, want := req.Header.Get("Authorization"), ""; got != want {
|
if req.Header.Get("Authorization") == "" {
|
||||||
t.Errorf("Test %d: Expected Authorization header to be stripped from request after successful authentication, but is: %s", i, got)
|
// see issue #1508: https://github.com/mholt/caddy/issues/1508
|
||||||
|
t.Errorf("Test %d: Expected Authorization header to be retained after successful auth, but was empty", i)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue