authn: add replacer for users and cookies

2025-04-18 08:04:02 +03:00 · 2024-03-26 15:35:05 -04:00 · 2024-03-26 15:35:05 -04:00 · 78f2fed1bb
commit 78f2fed1bb
parent 5df664e24d
6 changed files with 34 additions and 31 deletions
--- a/.github/ISSUE_TEMPLATE/break-fix.md
+++ b/.github/ISSUE_TEMPLATE/break-fix.md
@ -21,7 +21,7 @@ Paste configuration here ...

 **Version Information**

-Provide output of `caddy list-modules -versions | grep git` below:
+Provide output of `caddy list-modules --versions | grep -E "(auth|security)"` below:

 ```
 Paste output here ...
--- a/caddyfile_authn.go
+++ b/caddyfile_authn.go
@ -16,6 +16,8 @@ package security

 import (
 	"fmt"
+	"strings"
+
 	"github.com/caddyserver/caddy/v2"
 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
 	"github.com/greenpau/caddy-security/pkg/util"
@ -25,7 +27,6 @@ import (
 	"github.com/greenpau/go-authcrunch/pkg/authn/ui"
 	"github.com/greenpau/go-authcrunch/pkg/authz/options"
 	"github.com/greenpau/go-authcrunch/pkg/errors"
-	"strings"
 )

 const (
@ -101,7 +102,7 @@ func parseCaddyfileAuthentication(d *caddyfile.Dispenser, repl *caddy.Replacer,
 					return err
 				}
 			case "cookie":
-				if err := parseCaddyfileAuthPortalCookie(d, repl, p, rootDirective, v); err != nil {
+				if err := parseCaddyfileAuthPortalCookie(d, repl, p, rootDirective, util.FindReplaceAll(repl, v)); err != nil {
 					return err
 				}
 			case "backend", "backends":
--- a/caddyfile_authn_cookie.go
+++ b/caddyfile_authn_cookie.go
@ -16,13 +16,14 @@ package security

 import (
 	"fmt"
+	"strconv"
+	"strings"
+
 	"github.com/caddyserver/caddy/v2"
 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
 	"github.com/greenpau/go-authcrunch/pkg/authn"
 	"github.com/greenpau/go-authcrunch/pkg/authn/cookie"
 	cfgutil "github.com/greenpau/go-authcrunch/pkg/util/cfg"
-	"strconv"
-	"strings"
 )

 func parseCaddyfileAuthPortalCookie(h *caddyfile.Dispenser, repl *caddy.Replacer, portal *authn.PortalConfig, rootDirective string, args []string) error {
--- a/caddyfile_identity_store.go
+++ b/caddyfile_identity_store.go
@ -15,41 +15,41 @@
 package security

 import (
+	"strings"
+
 	"github.com/caddyserver/caddy/v2"
 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
 	"github.com/greenpau/caddy-security/pkg/util"
 	"github.com/greenpau/go-authcrunch"
 	"github.com/greenpau/go-authcrunch/pkg/errors"
-	"strings"
 )

 // parseCaddyfileIdentityStore parses identity store configuration.
 //
 // Syntax:
 //
-//   <local|ldap> identity store <name> {
-//     type <local>
-//     file <file_path>
-//     realm <name>
-//     disabled
+//	<local|ldap> identity store <name> {
+//	  type <local>
+//	  file <file_path>
+//	  realm <name>
+//	  disabled
 //
-//     user <username> {
-//       name <full_name>
-//       email <address>
-//       password <plain_text_password> [overwrite]
-//       password bcrypt:<cost>:<hash> [overwrite]
-//       roles <role_name> [<role_name>]
-//     }
+//	  user <username> {
+//	    name <full_name>
+//	    email <address>
+//	    password <plain_text_password> [overwrite]
+//	    password bcrypt:<cost>:<hash> [overwrite]
+//	    roles <role_name> [<role_name>]
+//	  }
 //
-//     enable username recovery
-//     enable password recovery
-//     enable contact support
-//     support link <url>
-//     support email <email_address>
-//
-//     fallback role <role_name> [<role_name>]
-//   }
+//	  enable username recovery
+//	  enable password recovery
+//	  enable contact support
+//	  support link <url>
+//	  support email <email_address>
 //
+//	  fallback role <role_name> [<role_name>]
+//	}
 func parseCaddyfileIdentityStore(d *caddyfile.Dispenser, repl *caddy.Replacer, cfg *authcrunch.Config, kind, name string, shortcuts []string) error {
 	var disabled bool
 	m := make(map[string]interface{})
@ -142,10 +142,11 @@ func parseCaddyfileIdentityStore(d *caddyfile.Dispenser, repl *caddy.Replacer, c
 				return errors.ErrMalformedDirectiveValue.WithArgs(rd, args, "must contain single value")
 			}
 			userMap := make(map[string]interface{})
-			userMap["username"] = args[0]
+			username := util.FindReplace(repl, args[0])
+			userMap["username"] = username
 			for userNesting := d.Nesting(); d.NextBlock(userNesting); {
 				userPropName := d.Val()
-				userPropValue := d.RemainingArgs()
+				userPropValue := util.FindReplaceAll(repl, d.RemainingArgs())
 				switch userPropName {
 				case "email":
 					if len(userPropValue) != 1 {
--- a/go.mod
+++ b/go.mod
@ -7,7 +7,7 @@ require (
 	github.com/google/go-cmp v0.6.0
 	github.com/google/uuid v1.6.0
 	github.com/greenpau/caddy-trace v1.1.13
-	github.com/greenpau/go-authcrunch v1.1.2
+	github.com/greenpau/go-authcrunch v1.1.3
 	github.com/tidwall/gjson v1.17.1
 	go.uber.org/zap v1.27.0
 )
--- a/go.sum
+++ b/go.sum
@ -196,8 +196,8 @@ github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56
 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/greenpau/caddy-trace v1.1.13 h1:sQveqzDt+O1/ZpfpJddXJ5S2UHtcvSVDKZRgZ9wGo/k=
 github.com/greenpau/caddy-trace v1.1.13/go.mod h1:K6lD24evCjgCFqz8KYJbXMvMAQ8wFEG0+Z4EEqDU1dA=
-github.com/greenpau/go-authcrunch v1.1.2 h1:D3nFIMa0SvTRmUy5t4IgkRWf8kARpY91i7upPVvHYns=
-github.com/greenpau/go-authcrunch v1.1.2/go.mod h1:vW4Mjl2/QoD5tICLTz4v6mJ0GGxNBhj3VOJv/tk8uFQ=
+github.com/greenpau/go-authcrunch v1.1.3 h1:Adjmggv0ui3mVFspZFNiuwKt6CJzYfiogIFxft+KZBI=
+github.com/greenpau/go-authcrunch v1.1.3/go.mod h1:vW4Mjl2/QoD5tICLTz4v6mJ0GGxNBhj3VOJv/tk8uFQ=
 github.com/greenpau/versioned v1.0.30 h1:QILUlfTSyJnhT8Gw9lLonZmuP5ahNQoJizw7mo30IQ4=
 github.com/greenpau/versioned v1.0.30/go.mod h1:rtFCvaWWNbMH4CJnje/xicgmrM63j++rUh5juSu0k/A=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 h1:RtRsiaGvWxcwd8y3BiRZxsylPT8hLWZ5SPcfI+3IDNk=