Merge pull request #2779 from owncloud/claim-selector-basic-auth

2026-01-06 04:09:40 -06:00 · 2021-12-06 11:01:09 +01:00
parent 0d34ed55f0 d85def9b88
commit a73fd54b85
2 changed files with 25 additions and 3 deletions
--- a/proxy/pkg/proxy/policy/selector.go
+++ b/proxy/pkg/proxy/policy/selector.go
@@ -165,19 +165,33 @@ func NewMigrationSelector(cfg *config.MigrationSelectorConf, ss accounts.Account
 func NewClaimsSelector(cfg *config.ClaimsSelectorConf) Selector {
 	return func(r *http.Request) (s string, err error) {

+		selectorCookie := func(r *http.Request) string {
+			selectorCookie, err := r.Cookie(cfg.SelectorCookieName)
+			if err == nil {
+				// TODO check we know the routing policy?
+				return selectorCookie.Value
+			}
+			return ""
+		}
+
 		// first, try to route by selector
 		if claims := oidc.FromContext(r.Context()); claims != nil {
 			if p, ok := claims[oidc.OcisRoutingPolicy].(string); ok && p != "" {
 				// TODO check we know the routing policy?
 				return p, nil
 			}
+
+			// basic auth requests don't have a routing claim, so check for the cookie
+			if s := selectorCookie(r); s != "" {
+				return s, nil
+			}
+
 			return cfg.DefaultPolicy, nil
 		}

 		// use cookie if provided
-		selectorCookie, err := r.Cookie(cfg.SelectorCookieName)
-		if err == nil {
-			return selectorCookie.Value, nil
+		if s := selectorCookie(r); s != "" {
+			return s, nil
 		}

 		return cfg.UnauthenticatedPolicy, nil