From c9836b032aa86c5046eaf3dbd7c162b5d609155b Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Sun, 28 Jan 2018 21:27:23 +0100 Subject: [PATCH] Pass through the ResponseWriter to allow cookie renewal Signed-off-by: Knut Ahlers --- auth_simple.go | 2 +- auth_token.go | 2 +- auth_yubikey.go | 2 +- main.go | 4 ++-- registry.go | 6 +++--- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/auth_simple.go b/auth_simple.go index abbc087..1f497ef 100644 --- a/auth_simple.go +++ b/auth_simple.go @@ -53,7 +53,7 @@ func (a *authSimple) Configure(yamlSource []byte) error { // a cookie, header or other methods // If no user was detected the errNoValidUserFound needs to be // returned -func (a authSimple) DetectUser(r *http.Request) (string, []string, error) { +func (a authSimple) DetectUser(res http.ResponseWriter, r *http.Request) (string, []string, error) { var user string if a.EnableBasicAuth { diff --git a/auth_token.go b/auth_token.go index ac86264..20d9e74 100644 --- a/auth_token.go +++ b/auth_token.go @@ -47,7 +47,7 @@ func (a *authToken) Configure(yamlSource []byte) error { // a cookie, header or other methods // If no user was detected the errNoValidUserFound needs to be // returned -func (a authToken) DetectUser(r *http.Request) (string, []string, error) { +func (a authToken) DetectUser(res http.ResponseWriter, r *http.Request) (string, []string, error) { authHeader := r.Header.Get("Authorization") if !strings.HasPrefix(authHeader, "Token ") { diff --git a/auth_yubikey.go b/auth_yubikey.go index 4567537..2e0057e 100644 --- a/auth_yubikey.go +++ b/auth_yubikey.go @@ -55,7 +55,7 @@ func (a *authYubikey) Configure(yamlSource []byte) error { // a cookie, header or other methods // If no user was detected the errNoValidUserFound needs to be // returned -func (a authYubikey) DetectUser(r *http.Request) (string, []string, error) { +func (a authYubikey) DetectUser(res http.ResponseWriter, r *http.Request) (string, []string, error) { sess, err := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-")) if err != nil { return "", nil, errNoValidUserFound diff --git a/main.go b/main.go index c3f9668..1778b69 100644 --- a/main.go +++ b/main.go @@ -106,7 +106,7 @@ func main() { } func handleAuthRequest(res http.ResponseWriter, r *http.Request) { - user, groups, err := detectUser(r) + user, groups, err := detectUser(res, r) switch err { case errNoValidUserFound: @@ -128,7 +128,7 @@ func handleAuthRequest(res http.ResponseWriter, r *http.Request) { } func handleLoginRequest(res http.ResponseWriter, r *http.Request) { - if _, _, err := detectUser(r); err == nil { + if _, _, err := detectUser(res, r); err == nil { // There is already a valid user http.Redirect(res, r, r.URL.Query().Get("go"), http.StatusFound) return diff --git a/registry.go b/registry.go index e41a446..3846321 100644 --- a/registry.go +++ b/registry.go @@ -24,7 +24,7 @@ type authenticator interface { // a cookie, header or other methods // If no user was detected the errNoValidUserFound needs to be // returned - DetectUser(r *http.Request) (user string, groups []string, err error) + DetectUser(res http.ResponseWriter, r *http.Request) (user string, groups []string, err error) // Login is called when the user submits the login form and needs // to authenticate the user or throw an error. If the user has @@ -94,12 +94,12 @@ func initializeAuthenticators(yamlSource []byte) error { return nil } -func detectUser(r *http.Request) (string, []string, error) { +func detectUser(res http.ResponseWriter, r *http.Request) (string, []string, error) { authenticatorRegistryMutex.RLock() defer authenticatorRegistryMutex.RUnlock() for _, a := range activeAuthenticators { - user, groups, err := a.DetectUser(r) + user, groups, err := a.DetectUser(res, r) switch err { case nil: return user, groups, err