MCPcopy
hub / github.com/oauth2-proxy/oauth2-proxy / authOnlyAuthorize

Function authOnlyAuthorize

oauthproxy.go:1180–1199  ·  view source on GitHub ↗

authOnlyAuthorize handles special authorization logic that is only done on the AuthOnly endpoint for use with Nginx subrequest architectures.

(req *http.Request, s *sessionsapi.SessionState)

Source from the content-addressed store, hash-verified

1178// authOnlyAuthorize handles special authorization logic that is only done
1179// on the AuthOnly endpoint for use with Nginx subrequest architectures.
1180func authOnlyAuthorize(req *http.Request, s *sessionsapi.SessionState) bool {
1181 // Allow requests previously allowed to be bypassed
1182 if s == nil {
1183 return true
1184 }
1185
1186 constraints := []func(*http.Request, *sessionsapi.SessionState) bool{
1187 checkAllowedGroups,
1188 checkAllowedEmailDomains,
1189 checkAllowedEmails,
1190 }
1191
1192 for _, constraint := range constraints {
1193 if !constraint(req, s) {
1194 return false
1195 }
1196 }
1197
1198 return true
1199}
1200
1201// extractAllowedEntities aims to extract and split allowed entities linked by a key,
1202// from an HTTP request query. Output is a map[string]struct{} where keys are valuable,

Callers 2

AuthOnlyMethod · 0.85
ProxyMethod · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected