create custom forward request authenticator#949
Conversation
|
|
vladr11
force-pushed
the
forward-request-authenticator
branch
from
2d4b289 to
c9310a7
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #949 +/- ##
==========================================
- Coverage 78.05% 77.57% -0.49%
==========================================
Files 83 84 +1
Lines 3992 4089 +97
==========================================
+ Hits 3116 3172 +56
- Misses 597 628 +31
- Partials 279 289 +10 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
aeneasr
left a comment
aeneasr
left a comment
There was a problem hiding this comment.
Not sure if you have done that already, but could you also please create a PR against ory/docs to document this new functionality? :)
.schema/config.schema.json
Outdated
There was a problem hiding this comment.
I would prefer calling this remote_json similar to the authorizer, as we expect a JSON response from the upstream! :)
There was a problem hiding this comment.
Renamed the authenticator into remote_json
aeneasr
force-pushed
the
forward-request-authenticator
branch
from
c9310a7 to
598f646
Compare
vladr11
force-pushed
the
forward-request-authenticator
branch
from
598f646 to
2b78ace
Compare
Created a new PR into ory/docs: ory/docs#827 |
vladr11
force-pushed
the
forward-request-authenticator
branch
from
2b78ace to
96fa276
Compare
vladr11
force-pushed
the
forward-request-authenticator
branch
from
96fa276 to
73f7fb1
Compare
|
A polite reminder here, as the change requests have been addressed 😄 Fixed linting issues, as well. |
|
A polite ping here again 😉 |
|
@hperl could you please help review this one? :) |
aeneasr
force-pushed
the
forward-request-authenticator
branch
from
73f7fb1 to
54d6d85
Compare
hperl
left a comment
hperl
left a comment
There was a problem hiding this comment.
Thanks for the PR. It looks very good already, I left just a few comments :)
There was a problem hiding this comment.
Minor: Please break long lines into multiple lines, e.g., after the dots.
There was a problem hiding this comment.
I think by reassigning r.Body you will leak the original body, which will not be closed. Usually, the HTTP server takes care of closing the body after the handler is done, but in this case we are replacing the body with a NopCloser and are leaving the original r.Body unclosed. I think it should be fine to manually Close() the original body here, but I'd feel more comfortable having a test for this.
There was a problem hiding this comment.
Added a manual close to the original body stream. Not sure how to add a specific test for it.
There was a problem hiding this comment.
Are these checks really necessary, given that you already set the default values in the JSON schema?
There was a problem hiding this comment.
ioutil is deprecated. Please replace with calls from the io package. (Here and elsewhere). Thanks :)
There was a problem hiding this comment.
| json.RawMessage(fmt.Sprintf(`{"check_session_url": "%s"}`, testServer.URL)), | |
| json.RawMessage(fmt.Sprintf(`{"service_url": "%s"}`, testServer.URL)), |
;)
…ault to the auth service
- Split long lines on multiple lines - Remove unnecessary checks - Move schema to new location in `spec` directory - Replace ioutil with io packages - Add manual close to the original request body stream.
vladr11
force-pushed
the
forward-request-authenticator
branch
from
54d6d85 to
53ead8f
Compare
6 participants
Adds a new authenticator which forwards the requests to an upstream service to perform the authentication. This adds the possibility to authenticate a request where the request body is needed.
Related issue(s)
Related to issue #841
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security. vulnerability, I
confirm that I got green light (please contact
security@ory.sh) from the maintainers to push
the changes.
works.