proxy: use print funcmap function to override text/template print

Signed-off-by: Jason Hutchinson <[email protected]>
ory · Aug 16, 2018 · 76b2d9d · 76b2d9d
1 parent 079171f
commit 76b2d9d
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 27 deletions.
diff --git a/proxy/credentials_issuer_headers.go b/proxy/credentials_issuer_headers.go
@@ -19,7 +19,16 @@ type CredentialsHeaders struct {
 
 func NewCredentialsIssuerHeaders() *CredentialsHeaders {
 	return &CredentialsHeaders{
-		rulesCache: template.New("rules").Option("missingkey=zero"),
+		rulesCache: template.New("rules").
+			Option("missingkey=zero").
+			Funcs(template.FuncMap{
+				"print": func(i interface{}) string {
+					if i == nil {
+						return ""
+					}
+					return fmt.Sprintf("%v", i)
+				},
+			}),
 	}
 }
 
@@ -38,8 +47,6 @@ func (a *CredentialsHeaders) Issue(r *http.Request, session *AuthenticationSessi
 		return errors.WithStack(err)
 	}
 
-	convertedSession := convertSession(session)
-
 	for hdr, templateString := range cfg {
 		var tmpl *template.Template
 		var err error
@@ -54,7 +61,7 @@ func (a *CredentialsHeaders) Issue(r *http.Request, session *AuthenticationSessi
 		}
 
 		headerValue := bytes.Buffer{}
-		err = tmpl.Execute(&headerValue, convertedSession)
+		err = tmpl.Execute(&headerValue, session)
 		if err != nil {
 			return errors.Wrapf(err, `error executing header template "%s" in rule "%s"`, templateString, rl.ID)
 		}
@@ -63,21 +70,3 @@ func (a *CredentialsHeaders) Issue(r *http.Request, session *AuthenticationSessi
 
 	return nil
 }
-
-type authSession struct {
-	Subject string
-	Extra   map[string]string
-}
-
-func convertSession(in *AuthenticationSession) *authSession {
-	out := authSession{
-		Subject: in.Subject,
-		Extra:   map[string]string{},
-	}
-
-	for k, v := range in.Extra {
-		out.Extra[k] = fmt.Sprintf("%s", v)
-	}
-
-	return &out
-}
diff --git a/proxy/credentials_issuer_headers_test.go b/proxy/credentials_issuer_headers_test.go
@@ -22,35 +22,35 @@ func TestCredentialsIssuerHeaders(t *testing.T) {
 		"Simple Subject": {
 			Session: &AuthenticationSession{Subject: "foo"},
 			Rule:    &rule.Rule{ID: "test-rule"},
-			Config:  json.RawMessage([]byte(`{"X-User": "{{ .Subject }}"}`)),
+			Config:  json.RawMessage([]byte(`{"X-User": "{{ print .Subject }}"}`)),
 			Request: &http.Request{Header: http.Header{}},
 			Match:   http.Header{"X-User": []string{"foo"}},
 		},
 		"Complex Subject": {
 			Session: &AuthenticationSession{Subject: "foo"},
 			Rule:    &rule.Rule{ID: "test-rule2"},
-			Config:  json.RawMessage([]byte(`{"X-User": "realm:resources:users:{{ .Subject }}"}`)),
+			Config:  json.RawMessage([]byte(`{"X-User": "realm:resources:users:{{ print .Subject }}"}`)),
 			Request: &http.Request{Header: http.Header{}},
 			Match:   http.Header{"X-User": []string{"realm:resources:users:foo"}},
 		},
 		"Subject & Extras": {
 			Session: &AuthenticationSession{Subject: "foo", Extra: map[string]interface{}{"iss": "issuer", "aud": "audience"}},
 			Rule:    &rule.Rule{ID: "test-rule3"},
-			Config:  json.RawMessage([]byte(`{"X-User": "{{ .Subject }}", "X-Issuer": "{{ .Extra.iss }}", "X-Audience": "{{ .Extra.aud }}"}`)),
+			Config:  json.RawMessage([]byte(`{"X-User": "{{ print .Subject }}", "X-Issuer": "{{ print .Extra.iss }}", "X-Audience": "{{ print .Extra.aud }}"}`)),
 			Request: &http.Request{Header: http.Header{}},
 			Match:   http.Header{"X-User": []string{"foo"}, "X-Issuer": []string{"issuer"}, "X-Audience": []string{"audience"}},
 		},
 		"All In One Header": {
 			Session: &AuthenticationSession{Subject: "foo", Extra: map[string]interface{}{"iss": "issuer", "aud": "audience"}},
 			Rule:    &rule.Rule{ID: "test-rule4"},
-			Config:  json.RawMessage([]byte(`{"X-Kitchen-Sink": "{{ .Subject }} {{ .Extra.iss }} {{ .Extra.aud }}"}`)),
+			Config:  json.RawMessage([]byte(`{"X-Kitchen-Sink": "{{ print .Subject }} {{ print .Extra.iss }} {{ print .Extra.aud }}"}`)),
 			Request: &http.Request{Header: http.Header{}},
 			Match:   http.Header{"X-Kitchen-Sink": []string{"foo issuer audience"}},
 		},
 		"Scrub Incoming Headers": {
 			Session: &AuthenticationSession{Subject: "anonymous"},
 			Rule:    &rule.Rule{ID: "test-rule5"},
-			Config:  json.RawMessage([]byte(`{"X-User": "{{ .Subject }}", "X-Issuer": "{{ .Extra.iss }}", "X-Audience": "{{ .Extra.aud }}"}`)),
+			Config:  json.RawMessage([]byte(`{"X-User": "{{ print .Subject }}", "X-Issuer": "{{ print .Extra.iss }}", "X-Audience": "{{ print .Extra.aud }}"}`)),
 			Request: &http.Request{Header: http.Header{"X-User": []string{"admin"}, "X-Issuer": []string{"issuer"}, "X-Audience": []string{"audience"}}},
 			Match:   http.Header{"X-User": []string{"anonymous"}, "X-Issuer": []string{""}, "X-Audience": []string{""}},
 		},