1
0
Fork 0
mirror of https://github.com/Luzifer/nginx-sso.git synced 2024-12-30 01:31:18 +00:00

Add special group for all authenticated users

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2019-04-22 19:54:27 +02:00
parent 930a23f461
commit 5e46619865
Signed by: luzifer
GPG key ID: DC2729FDD34BE99E
2 changed files with 28 additions and 0 deletions

4
acl.go
View file

@ -148,6 +148,10 @@ func (a aclRuleSet) HasAccess(user string, groups []string, r *http.Request) acl
} }
} }
if str.StringInSlice("@_authenticated", a.Allow) && user != "" {
return accessAllow
}
// Neither user nor group are handled // Neither user nor group are handled
return accessDunno return accessDunno
} }

View file

@ -59,6 +59,30 @@ func TestRuleSetMatcher(t *testing.T) {
} }
} }
func TestGroupAuthenticated(t *testing.T) {
r := aclRuleSet{
Rules: []aclRule{
{
Field: "field_a",
MatchString: aclTestString("expected"),
},
},
Allow: []string{"@_authenticated"},
}
fields := map[string]string{
"field_a": "expected",
}
if r.HasAccess(aclTestUser, aclTestGroups, aclTestRequest(fields)) != accessAllow {
t.Error("Access was denied")
}
r.Allow = []string{"testgroup"}
if r.HasAccess(aclTestUser, aclTestGroups, aclTestRequest(fields)) == accessAllow {
t.Error("Access was allowed")
}
}
func TestInvertedRegexMatcher(t *testing.T) { func TestInvertedRegexMatcher(t *testing.T) {
fields := map[string]string{ fields := map[string]string{
"field_a": "expected", "field_a": "expected",