From 81cfd24962cf465f9c8a9dc11809f164fe298943 Mon Sep 17 00:00:00 2001 From: Jan Rotter Date: Sun, 26 Sep 2021 22:25:34 +0200 Subject: [PATCH] Store the group membership in the session This change puts the groups from the htpasswd-user-group in the session during the manual sign in process. This fixes the issue with being unable to properly authenticate using the manual sign in form when certain group membership is required (e.g. when the --gitlab-group option is used). --- oauthproxy.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/oauthproxy.go b/oauthproxy.go index fb6ef0bc..d45bc692 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -78,6 +78,7 @@ type OAuthProxy struct { sessionStore sessionsapi.SessionStore ProxyPrefix string basicAuthValidator basic.Validator + basicAuthGroups []string SkipProviderButton bool skipAuthPreflight bool skipJwtBearerTokens bool @@ -200,6 +201,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr trustedIPs: trustedIPs, basicAuthValidator: basicAuthValidator, + basicAuthGroups: opts.HtpasswdUserGroups, sessionChain: sessionChain, headersChain: headersChain, preAuthChain: preAuthChain, @@ -534,7 +536,7 @@ func (p *OAuthProxy) isTrustedIP(req *http.Request) bool { return p.trustedIPs.Has(remoteAddr) } -// SignInPage writes the sing in template to the response +// SignInPage writes the sign in template to the response func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code int) { prepareNoCache(rw) err := p.ClearSessionCookie(rw, req) @@ -589,7 +591,7 @@ func (p *OAuthProxy) SignIn(rw http.ResponseWriter, req *http.Request) { user, ok := p.ManualSignIn(req) if ok { - session := &sessionsapi.SessionState{User: user} + session := &sessionsapi.SessionState{User: user, Groups: p.basicAuthGroups} err = p.SaveSession(rw, req, session) if err != nil { logger.Printf("Error saving session: %v", err)