colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/oauth2_proxy: actually pass provider-specific options

Browse Source 
Syntax errors prevented important parameters from being passed to
oauth2_proxy, which could have permitted unauthorised access to
services behind the proxy.
This commit is contained in:
Rhys 2017-07-17 08:03:51 +10:00 committed by Franz Pletz
parent 17c8fe21fd
commit 8777174d60
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/modules/services/security/oauth2_proxy.nix
View File

@ -21,21 +21,20 @@ let
'';
github = cfg: ''
$(optionalString (!isNull cfg.github.org) "--github-org=${cfg.github.org}") \
$(optionalString (!isNull cfg.github.team) "--github-org=${cfg.github.team}") \
${optionalString (!isNull cfg.github.org) "--github-org=${cfg.github.org}"} \
${optionalString (!isNull cfg.github.team) "--github-org=${cfg.github.team}"} \
'';
google = cfg: ''
--google-admin-email=${cfg.google.adminEmail} \
--google-service-account=${cfg.google.serviceAccountJSON} \
$(repeatedArgs (group: "--google-group=${group}") cfg.google.groups) \
${repeatedArgs (group: "--google-group=${group}") cfg.google.groups} \
'';
};
authenticatedEmailsFile = pkgs.writeText "authenticated-emails" cfg.email.addresses;
getProviderOptions = cfg: provider:
if providerSpecificOptions ? provider then providerSpecificOptions.provider cfg else "";
getProviderOptions = cfg: provider: providerSpecificOptions.${provider} or (_: "") cfg;
mkCommandLine = cfg: ''
--provider='${cfg.provider}' \