From 1747da05717f367b262446ecc54b212d12d98b68 Mon Sep 17 00:00:00 2001
From: Titoko <titoko@titoko.fr>
Date: Thu, 17 Dec 2020 17:06:19 +0100
Subject: [PATCH] Update access.lua

---
 access.lua  | 12 ++++++------
 helpers.lua | 29 ++++++++++++++++-------------
 2 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/access.lua b/access.lua
index b655b72..5b4c1d4 100644
--- a/access.lua
+++ b/access.lua
@@ -319,13 +319,13 @@ end
 if hlp.has_access(permission) then
 
     if is_logged_in then
-        -- If the user is logged in, we set some additional headers
-        hlp.set_headers()
+        -- If the user is logged in, refresh_cache
+        hlp.refresh_user_cache()
 
-        -- If Basic Authorization header are disabled for this permission,
-        -- remove them from the response
-        if not permission["auth_header"] then
-            ngx.req.clear_header("Authorization")
+        -- If Basic Authorization header are enable for this permission,
+        -- add it to the response
+        if permission["auth_header"] then
+            hlp.set_headers()
         end
     end
 
diff --git a/helpers.lua b/helpers.lua
index 7b6ffa1..5a1d94d 100644
--- a/helpers.lua
+++ b/helpers.lua
@@ -416,7 +416,21 @@ end
 -- Set the authentication headers in order to pass credentials to the
 -- application underneath.
 function set_headers(user)
+    local user = user or authUser
+    -- Set `authorization` header to enable HTTP authentification
+    ngx.req.set_header("Authorization", "Basic "..ngx.encode_base64(
+      user..":"..cache:get(user.."-password")
+    ))
 
+    -- Set optionnal additional headers (typically to pass email address)
+    for k, v in pairs(conf["additional_headers"]) do
+        ngx.req.set_header(k, cache:get(user.."-"..v))
+    end
+
+end
+
+
+function refresh_user_cache(user)
     -- We definitely don't want to pass credentials on a non-encrypted
     -- connection.
     if ngx.var.scheme ~= "https" then
@@ -473,17 +487,6 @@ function set_headers(user)
         password = cache:get(user.."-password")
         cache:set(user.."-password", password, conf["session_timeout"])
     end
-
-    -- Set `authorization` header to enable HTTP authentification
-    ngx.req.set_header("Authorization", "Basic "..ngx.encode_base64(
-      user..":"..cache:get(user.."-password")
-    ))
-
-    -- Set optionnal additional headers (typically to pass email address)
-    for k, v in pairs(conf["additional_headers"]) do
-        ngx.req.set_header(k, cache:get(user.."-"..v))
-    end
-
 end
 
 
@@ -636,7 +639,7 @@ function get_data_for(view)
 
         -- Be sure cache is loaded
         if user then
-            set_headers(user)
+            refresh_user_cache(user)
 
             local mails = get_mails(user)
             data = {
@@ -973,7 +976,7 @@ function edit_user()
                  then
                      delete_user_info_cache(user)
                      -- Ugly trick to force cache reloading
-                     set_headers(user)
+                     refresh_user_cache(user)
                      flash("win", t("information_updated"))
                      return redirect(conf.portal_url.."portal.html")