Skip to content

Commit

Permalink
remove authorizationUrl redirect (#824)
Browse files Browse the repository at this point in the history
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
  • Loading branch information
qiwzhang authored Jan 5, 2021
1 parent aa75c21 commit 621211d
Show file tree
Hide file tree
Showing 3 changed files with 0 additions and 174 deletions.
43 changes: 0 additions & 43 deletions src/nginx/error.cc
Original file line number Diff line number Diff line change
Expand Up @@ -47,16 +47,9 @@ ngx_str_t application_grpc = ngx_string("application/grpc");

ngx_str_t www_authenticate = ngx_string("WWW-Authenticate");
const u_char www_authenticate_lowcase[] = "www-authenticate";
ngx_str_t kLocation = ngx_string("Location");
const u_char kLocationLowcase[] = "location";
ngx_str_t missing_credential = ngx_string("Bearer");
ngx_str_t invalid_token = ngx_string("Bearer, error=\"invalid_token\"");

const char *kInvalidAuthToken =
"JWT validation failed: Missing or invalid credentials";
const char *kExpiredAuthToken =
"JWT validation failed: TIME_CONSTRAINT_FAILURE";

ngx_http_output_header_filter_pt ngx_http_next_header_filter;
ngx_http_output_body_filter_pt ngx_http_next_body_filter;

Expand Down Expand Up @@ -109,39 +102,6 @@ ngx_int_t ngx_esp_handle_www_authenticate(ngx_http_request_t *r,
return NGX_OK;
}

// If authentication fails, and authorization url is not empty,
// Reply 302 and authorization url.
ngx_int_t ngx_esp_handle_authorization_url(ngx_http_request_t *r,
ngx_esp_request_ctx_t *ctx) {
if (ctx && ctx->status.code() == Code::UNAUTHENTICATED &&
ctx->status.error_cause() == utils::Status::AUTH &&
(ctx->status.message() == kInvalidAuthToken ||
ctx->status.message() == kExpiredAuthToken)) {
std::string url = ctx->request_handler->GetAuthorizationUrl();
if (!url.empty()) {
r->headers_out.status = NGX_HTTP_MOVED_TEMPORARILY;

ngx_table_elt_t *loc;
loc = reinterpret_cast<ngx_table_elt_t *>(
ngx_list_push(&r->headers_out.headers));
if (loc == nullptr) {
return NGX_ERROR;
}

loc->key = kLocation;
loc->lowcase_key = const_cast<u_char *>(kLocationLowcase);
loc->hash = ngx_hash_key(const_cast<u_char *>(kLocationLowcase),
sizeof(kLocationLowcase) - 1);

ngx_str_copy_from_std(r->pool, url, &loc->value);
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ESP authorization_url: %V", &loc->value);
r->headers_out.location = loc;
}
}
return NGX_OK;
}

ngx_int_t ngx_esp_error_header_filter(ngx_http_request_t *r) {
ngx_esp_request_ctx_t *ctx = reinterpret_cast<ngx_esp_request_ctx_t *>(
ngx_http_get_module_ctx(r, ngx_esp_module));
Expand Down Expand Up @@ -170,9 +130,6 @@ ngx_int_t ngx_esp_error_header_filter(ngx_http_request_t *r) {
ngx_int_t ret;
ret = ngx_esp_handle_www_authenticate(r, ctx);
if (ret != NGX_OK) return ret;

ret = ngx_esp_handle_authorization_url(r, ctx);
if (ret != NGX_OK) return ret;
}

// Clear headers (refilled by subsequent NGX header filters)
Expand Down
1 change: 0 additions & 1 deletion src/nginx/t/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ nginx_suite(
"auth_ok_check_fail.t",
"auth_pass_user_info.t",
"auth_pkey_cache.t",
"auth_redirect.t",
"auth_remove_user_info.t",
"auth_unreachable_pkey.t",
"new_http.t",
Expand Down
130 changes: 0 additions & 130 deletions src/nginx/t/auth_redirect.t

This file was deleted.

0 comments on commit 621211d

Please sign in to comment.