extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-06-20 17:58:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

[management] allow impersonation via pats (#3739)

Browse Source
This commit is contained in:
Pascal Fischer 2025-04-25 16:40:54 +02:00 committed by GitHub
parent dbf81a145e
commit 38ada44a0e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
management/server/http/middleware/auth_middleware.go
View File

@ -167,6 +167,11 @@ func (m *AuthMiddleware) checkPATFromRequest(r *http.Request, auth []string) (*h
IsPAT: true, IsPAT: true,
} }
if impersonate, ok := r.URL.Query()["account"]; ok && len(impersonate) == 1 {
userAuth.AccountId = impersonate[0]
userAuth.IsChild = ok
}
return nbcontext.SetUserAuthInRequest(r, userAuth), nil return nbcontext.SetUserAuthInRequest(r, userAuth), nil
} }

5
management/server/http/middleware/auth_middleware_test.go
View File

@ -242,14 +242,15 @@ func TestAuthMiddleware_Handler_Child(t *testing.T) {
}, },
}, },
{ {
name: "Valid PAT Token ignores child", name: "Valid PAT Token accesses child",
path: "/test?account=xyz", path: "/test?account=xyz",
authHeader: "Token " + PAT, authHeader: "Token " + PAT,
expectedUserAuth: &nbcontext.UserAuth{ expectedUserAuth: &nbcontext.UserAuth{
AccountId: accountID, AccountId: "xyz",
UserId: userID, UserId: userID,
Domain: testAccount.Domain, Domain: testAccount.Domain,
DomainCategory: testAccount.DomainCategory, DomainCategory: testAccount.DomainCategory,
IsChild: true,
IsPAT: true, IsPAT: true,
}, },
}, },