You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by mh...@apache.org on 2017/06/10 03:41:26 UTC

[incubator-openwhisk-apigateway] branch master updated: Pass OAuth Headers (#221)

This is an automated email from the ASF dual-hosted git repository.

mhamann pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-apigateway.git


The following commit(s) were added to refs/heads/master by this push:
     new 12ae2d1  Pass OAuth Headers (#221)
12ae2d1 is described below

commit 12ae2d1668e1fe284f566eb836fe8d5aeb0760ba
Author: Luke Farrell <lm...@duke.edu>
AuthorDate: Fri Jun 9 23:41:24 2017 -0400

    Pass OAuth Headers (#221)
    
    * store Oauth token info in ngx
    
    * rname headers
---
 scripts/lua/oauth/google.lua             | 29 ++++++++++++++++++-----------
 scripts/lua/policies/security/apiKey.lua |  3 +++
 scripts/lua/policies/security/oauth2.lua |  2 +-
 3 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/scripts/lua/oauth/google.lua b/scripts/lua/oauth/google.lua
index 74f5454..c1b2011 100644
--- a/scripts/lua/oauth/google.lua
+++ b/scripts/lua/oauth/google.lua
@@ -25,15 +25,19 @@ local request = require "lib/request"
 local utils = require "lib/utils"
 local redis = require "lib/redis"
 
-local _M = {} 
+local _M = {}
 function _M.process (dataStore, token)
 
-  local result = dataStore:getOAuthToken(dataStore, 'google', token) 
-  
+  local result = dataStore:getOAuthToken('google', token)
+
   local httpc = http.new()
-  if result ~= ngx.null then 
-    return cjson.decode(result)
-  end 
+  if result ~= ngx.null then
+    json_resp = cjson.decode(result)
+    ngx.header['X-OIDC-Sub'] = json_resp['sub']
+    ngx.header['X-OIDC-Email'] = json_resp['email']
+    ngx.header['X-OIDC-Scope'] = json_resp['scope']
+    return json_resp
+  end
 
   local request_options = {
     headers = {
@@ -41,7 +45,7 @@ function _M.process (dataStore, token)
     },
     ssl_verify = false
   }
-  
+
   local envUrl = os.getenv('TOKEN_GOOGLE_URL')
   envUrl = envUrl ~= nil and envUrl or 'https://www.googleapis.com/oauth2/v3/tokeninfo'
   local request_uri = utils.concatStrings({envUrl, "?access_token=", token})
@@ -52,15 +56,18 @@ function _M.process (dataStore, token)
     request.err(500, 'OAuth provider error.')
     return nil
   end
-  local json_resp = cjson.decode(res.body) 
-  if json_resp['error_description'] ~= nil then 
+  local json_resp = cjson.decode(res.body)
+  if json_resp['error_description'] ~= nil then
     return nil
   end
-  
+
   dataStore:saveOAuthToken('google', token, cjson.encode(json_resp), json_resp['expires'])
   -- convert Google's response
   -- Read more about the fields at: https://developers.google.com/identity/protocols/OpenIDConnect#obtainuserinfo
+  ngx.header['X-OIDC-Sub'] = json_resp['sub']
+  ngx.header['X-OIDC-Email'] = json_resp['email']
+  ngx.header['X-OIDC-Scope'] = json_resp['scope']
   return json_resp
 end
 
-return _M 
+return _M
diff --git a/scripts/lua/policies/security/apiKey.lua b/scripts/lua/policies/security/apiKey.lua
index 2746619..f462abb 100644
--- a/scripts/lua/policies/security/apiKey.lua
+++ b/scripts/lua/policies/security/apiKey.lua
@@ -76,7 +76,10 @@ function processWithHashFunction(dataStore, securityObj, hashFunction)
   local name = (securityObj.name == nil) and ((securityObj.header == nil) and 'x-api-key' or securityObj.header) or securityObj.name
   local queryString = ngx.req.get_uri_args()
   local location = (securityObj.location == nil) and 'header' or securityObj.location
+-- backwards compatible with "header" argument for name value. "name" argument takes precedent if both provided
+  local name = (securityObj.name == nil and securityObj.header == nil) and 'x-api-key' or (securityObj.name or securityObj.header)
   local apiKey = nil
+
   if location == "header" then
     apiKey = ngx.var[utils.concatStrings({'http_', name}):gsub("-", "_")]
   end
diff --git a/scripts/lua/policies/security/oauth2.lua b/scripts/lua/policies/security/oauth2.lua
index ecd62cf..eebf536 100644
--- a/scripts/lua/policies/security/oauth2.lua
+++ b/scripts/lua/policies/security/oauth2.lua
@@ -74,7 +74,7 @@ function exchange(dataStore, token, provider)
       print("error loading provider.")
       return nil
     end
-   
+
     local result = impl.process(dataStore, token)
     if result == nil then
       request.err('401', 'OAuth token didn\'t work or provider doesn\'t support OpenID connect')

-- 
To stop receiving notification emails like this one, please contact
['"commits@openwhisk.apache.org" <co...@openwhisk.apache.org>'].