Hide cookie for Nginx (#583)

_example/etc/nginx-lua-headers.conf

@@ -18,9 +18,10 @@
     auth_request_set $headervalue9 $upstream_http_headervalue9;
     auth_request_set $headername10 $upstream_http_headername10;
     auth_request_set $headervalue10 $upstream_http_headervalue10;
+    auth_request_set $lmcookie $upstream_http_cookie;
     access_by_lua_block {
       i = 1
-      ngx.req.set_header("Control",ngx.var.headername1)
+      ngx.req.set_header("Cookie",ngx.var.cookie)
       while true do
         if ngx.var["headername"..i] ~= nil then
           ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i])

_example/test/index.pl

@@ -107,17 +107,30 @@ print
 
 foreach ( sort keys %$headers ) {
     next if $_ =~ /(Accept|Cache|User-Agent|Connection|Keep-Alive)/i;
-    print "<tr>
-    <td>$_</td>
+    print qq{<tr>
+    <td id="h-$_">$_</td>
     <td><tt>\$ENV{$headers->{$_}}</tt></td>
     <td><tt>\$_SERVER{$headers->{$_}}</tt></td>
-    <td><ul class=\"list-unstyled\">";
-    foreach ( split( /;/, $ENV{ $headers->{$_} } ) ) {
-        print "<li>$_</li>" if $_ ne " ";
+    <td id="v-$_">};
+    my @tmp;
+    if (    $ENV{ $headers->{$_} }
+        and @tmp = grep /\S/, split( /;/, $ENV{ $headers->{$_} } ) )
+    {
+        if ($#tmp) {
+            print '<ul class="list-unstyled">';
+            foreach (@tmp) {
+                print "<li>$_</li>";
+            }
+            print '</ul>';
+        }
+        else {
+            print $ENV{ $headers->{$_} };
+        }
     }
-    print "☒" unless $ENV{ $headers->{$_} };
-    print "</ul></td>
-    </tr>\n";
+    else {
+        print "☒",;
+    }
+    print "</td></tr>\n";
 }
 print "</tbody></table>\n";
 print "</div>\n";

e2e-tests/lmConf-1.js

@@ -98,7 +98,8 @@
   "domain": "example.com",
   "exportedHeaders": {
     "test1.example.com": {
-      "Auth-User": "$uid"
+      "Auth-User": "$uid",
+      "Ip-Addr": "$ipAddr"
     },
     "test2.example.com": {
       "Auth-User": "$uid"
@@ -162,4 +163,4 @@
   "timeout": 72000,
   "userDB": "Demo",
   "whatToTrace": "_whatToTrace"
-}
+}

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/API/PSGI/Server.pm

@@ -4,6 +4,8 @@ use strict;
 
 use base 'Lemonldap::NG::Handler::API::PSGI';
 
+*cgiName = *Lemonldap::NG::Handler::API::PSGI::cgiName;
+
 # In server mode, headers are not passed to a PSGI application but returned
 # to the server
 
@@ -13,9 +15,18 @@ use base 'Lemonldap::NG::Handler::API::PSGI';
 sub set_header_in {
     my ( $class, %headers ) = @_;
     for my $k ( keys %headers ) {
-        $Lemonldap::NG::Handler::API::PSGI::request->{respHeaders}->{$k} =
+        $Lemonldap::NG::Handler::API::PSGI::request->{ cgiName($k) } =
+          $Lemonldap::NG::Handler::API::PSGI::request->{respHeaders}->{$k} =
           $headers{$k};
     }
 }
 
+sub unset_header_in {
+    my ( $class, $header ) = @_;
+    delete $Lemonldap::NG::Handler::API::PSGI::request->{respHeaders}
+      ->{$header};
+    $header =~ s/-/_/g;
+    delete $Lemonldap::NG::Handler::API::PSGI::request->{ cgiName($header) };
+}
+
 1;

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Nginx.pm

@@ -59,10 +59,10 @@ sub router {
     my ( $self, $req ) = @_;
     my $hdrs = $req->{respHeaders};
     $req->{respHeaders} = {};
-    my @convertedHdrs = ( 'Content-Length', 0 );
+    my @convertedHdrs = ( 'Content-Length' => 0, Cookie => $req->cookies );
     my $i = 0;
     foreach my $k ( keys %$hdrs ) {
-        if ( $k eq 'Lm-Remote-User' ) {
+        if ( $k =~ /^(?:Lm-Remote-User|Cookie)$/ ) {
             push @convertedHdrs, $k, $hdrs->{$k};
         }
         else {

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Server.pm

@@ -15,7 +15,7 @@ sub _run {
     return sub {
         my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] );
         my $res = $self->_authAndTrace($req);
-        push @{ $res->[1] }, %{ $req->{respHeaders} };
+        push @{ $res->[1] }, %{ $req->{respHeaders} }, Cookie => $req->{Cookie};
         return $res;
     };
 }