basicauth: Store name of authenticated user (#1426)

* Store name of authenticated user in basicauth for use by upstream middleware such as fastcgi and cgi. * Use request context to transfer name of authorized user from basicauth to upstream middleware. Test retrieval of name from context. * Remove development code that was inadvertently left in place * Use keys of type httpserver.CtxKey to access Context values
2025-11-03 19:17:29 -05:00 · 2017-02-17 17:37:58 -05:00 · 2017-02-17 17:37:58 -05:00 · 977a3c3226
commit 977a3c3226
parent 82cbd7a96b
3 changed files with 28 additions and 5 deletions
--- a/caddyhttp/basicauth/basicauth.go
+++ b/caddyhttp/basicauth/basicauth.go
@ -7,6 +7,7 @@ package basicauth
 import (
 	"bufio"
 	"context"
 	"crypto/sha1"
 	"crypto/subtle"
 	"fmt"
@ -60,6 +61,11 @@ func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error
 			// remove credentials from request to avoid leaking upstream
 			r.Header.Del("Authorization")
 			// let upstream middleware (e.g. fastcgi and cgi) know about authenticated
 			// user; this replaces the request with a wrapped instance
 			r = r.WithContext(context.WithValue(r.Context(),
 				httpserver.CtxKey("remote_user"), username))
 		}
 	}
--- a/caddyhttp/basicauth/basicauth_test.go
+++ b/caddyhttp/basicauth/basicauth_test.go
@ -14,19 +14,31 @@ import (
 )
 func TestBasicAuth(t *testing.T) {
 	var i int
 	// This handler is registered for tests in which the only authorized user is
 	// "okuser"
 	upstreamHandler := func(w http.ResponseWriter, r *http.Request) (int, error) {
 		remoteUser, _ := r.Context().Value(httpserver.CtxKey("remote_user")).(string)
 		if remoteUser != "okuser" {
 			t.Errorf("Test %d: expecting remote user 'okuser', got '%s'", i, remoteUser)
 		}
 		return http.StatusOK, nil
 	}
 	rw := BasicAuth{
-		Next: httpserver.HandlerFunc(contentHandler),
+		Next: httpserver.HandlerFunc(upstreamHandler),
 		Rules: []Rule{
 			{Username: "okuser", Password: PlainMatcher("okpass"), Resources: []string{"/testing"}},
 		},
 	}
-	tests := []struct {
+	type testType struct {
 		from     string
 		result   int
 		user     string
 		password string
-	}{
+	}
 	tests := []testType{
 		{"/testing", http.StatusOK, "okuser", "okpass"},
 		{"/testing", http.StatusUnauthorized, "baduser", "okpass"},
 		{"/testing", http.StatusUnauthorized, "okuser", "badpass"},
@ -37,7 +49,8 @@ func TestBasicAuth(t *testing.T) {
 		{"/testing", http.StatusUnauthorized, "", ""},
 	}
-	for i, test := range tests {
+	var test testType
 	for i, test = range tests {
 		req, err := http.NewRequest("GET", test.from, nil)
 		if err != nil {
 			t.Fatalf("Test %d: Could not create HTTP request: %v", i, err)
--- a/caddyhttp/fastcgi/fastcgi.go
+++ b/caddyhttp/fastcgi/fastcgi.go
@ -220,6 +220,10 @@ func (h Handler) buildEnv(r *http.Request, rule Rule, fpath string) (map[string]
 		reqURI = origURI
 	}
 	// Retrieve name of remote user that was set by some downstream middleware,
 	// possibly basicauth.
 	remoteUser, _ := r.Context().Value(httpserver.CtxKey("remote_user")).(string) // Blank if not set
 	// Some variables are unused but cleared explicitly to prevent
 	// the parent environment from interfering.
 	env = map[string]string{
@ -235,7 +239,7 @@ func (h Handler) buildEnv(r *http.Request, rule Rule, fpath string) (map[string]
 		"REMOTE_HOST":       ip, // For speed, remote host lookups disabled
 		"REMOTE_PORT":       port,
 		"REMOTE_IDENT":      "", // Not used
-		"REMOTE_USER":       "", // Not used
+		"REMOTE_USER":       remoteUser,
 		"REQUEST_METHOD":    r.Method,
 		"SERVER_NAME":       h.ServerName,
 		"SERVER_PORT":       h.ServerPort,