From 1ac638824219afbc3d4f0954944a2c6b398b6f8b Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 18 Jul 2023 01:26:56 +0200 Subject: [PATCH] Misc fixes after tests on the battlefield --- access.lua | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/access.lua b/access.lua index ad491cb..ad612ca 100644 --- a/access.lua +++ b/access.lua @@ -189,7 +189,7 @@ end function check_has_access(permission) if permission == nil then - logger:debug("No permission matching request for "..ngx.var.uri) + logger:debug("No permission matching request for "..ngx.var.uri.." ... Assuming access is denied") return false end @@ -230,7 +230,8 @@ if permission ~= nil and ngx.req.get_headers()["Authorization"] ~= nil then if perm_user_remote_user_var_in_nginx_conf == nil or perm_user_remote_user_var_in_nginx_conf == true then -- Ignore if not a Basic auth header -- otherwise, we interpret this as a Auth header spoofing attempt and clear it - _, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$") + local auth_header_from_client = ngx.req.get_headers()["Authorization"] + _, _, b64_cred = string.find(auth_header_from_client, "^Basic%s+(.+)$") if b64_cred ~= nil then ngx.req.clear_header("Authorization") end @@ -285,7 +286,8 @@ if has_access then -- 2nd case : no access ... redirect to portal / login form else - portal_url = conf["domain_portal_urls"][ngx.var.host] + portal_url = "https://" .. conf["domain_portal_urls"][ngx.var.host] + logger:debug("Redirecting to portal : " .. portal_url) if portal_url == nil then ngx.status = 400 ngx.header.content_type = "plain/text"