delete the zrok-access cookie if not oauth

This commit is contained in:
Kenneth Bingham 2024-01-09 13:05:37 -05:00
parent 0cb436801a
commit 25ac8a76f4
No known key found for this signature in database
GPG Key ID: 31709281860130B6

View File

@ -157,6 +157,7 @@ func authHandler(handler http.Handler, pcfg *Config, key []byte, ctx ziti.Contex
switch scheme { switch scheme {
case string(sdk.None): case string(sdk.None):
logrus.Debugf("auth scheme none '%v'", shrToken) logrus.Debugf("auth scheme none '%v'", shrToken)
deleteCookie(w, r)
handler.ServeHTTP(w, r) handler.ServeHTTP(w, r)
return return
@ -202,6 +203,7 @@ func authHandler(handler http.Handler, pcfg *Config, key []byte, ctx ziti.Contex
return return
} }
deleteCookie(w, r)
handler.ServeHTTP(w, r) handler.ServeHTTP(w, r)
case string(sdk.Oauth): case string(sdk.Oauth):
@ -360,6 +362,14 @@ func SetZrokCookie(w http.ResponseWriter, cookieDomain, email, accessToken, prov
}) })
} }
func deleteCookie(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("zrok-access")
if err == nil {
cookie.MaxAge = -1
http.SetCookie(w, cookie)
}
}
func basicAuthRequired(w http.ResponseWriter, realm string) { func basicAuthRequired(w http.ResponseWriter, realm string) {
w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`) w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`)
w.WriteHeader(401) w.WriteHeader(401)