stuff

Azure · Jul 10, 2023 · c60c1d6 · c60c1d6
1 parent 4a1fa79
commit c60c1d6
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 44 deletions.
diff --git a/pkg/portal/middleware/intAAD.go b/pkg/portal/middleware/intAAD.go
@@ -5,8 +5,6 @@ package middleware
 
 import (
 	"context"
-	"encoding/json"
-	"errors"
 	"net/http"
 
 	"github.com/sirupsen/logrus"
@@ -21,17 +19,15 @@ const (
 // IntAAD effectively disable authentication for testing purposes
 type IntAAD struct {
 	// used to auth test traffic
-	sessionKey []byte
-	log        *logrus.Entry
+	sessionKey     []byte
+	log            *logrus.Entry
+	elevatedGroups []string
 }
 
-func NewIntAAD(sessionkey []byte, log *logrus.Entry) (IntAAD, error) {
-	if len(sessionkey) != 32 {
-		return IntAAD{}, errors.New("session key is not 32 bytes long")
-	}
+func NewIntAAD(groups []string, log *logrus.Entry) (IntAAD, error) {
 	return IntAAD{
-		sessionKey: sessionkey,
-		log:        log,
+		elevatedGroups: groups,
+		log:            log,
 	}, nil
 }
 
@@ -54,41 +50,10 @@ func (a IntAAD) AAD(h http.Handler) http.Handler {
 		for _, v := range r.Cookies() {
 			a.log.Errorf("cookies name %s value %s", v.Name, v.Value)
 		}
-		groups := ""
-		username := ""
-
-		//here we use cookies because selenium doesn't allow us to set headers
-		for _, v := range r.Cookies() {
-			switch v.Name {
-			case IntUsernameKey:
-				userInfo := userinfo{}
-				json.Unmarshal([]byte(v.Value), &userInfo)
-				a.log.Errorf("username is %s", userInfo.Username)
-				a.log.Errorf("groups are %s", userInfo.Groups)
-				if string(userInfo.Password) != string(a.sessionKey) {
-					a.log.Debug("password did not match")
-					h.ServeHTTP(w, r)
-					return
-				}
-				username = userInfo.Username
-				groups = userInfo.Groups
-
-			case IntPasswordKey:
-				if v.Value != string(a.sessionKey) {
-					//discard all values and continue
-					a.log.Errorf("session key is different from the expected one")
-
-					groups = ""
-					username = ""
-					h.ServeHTTP(w, r)
-					return
-				}
-			}
-		}
 
 		ctx := r.Context()
-		ctx = context.WithValue(ctx, ContextKeyUsername, username)
-		ctx = context.WithValue(ctx, ContextKeyGroups, groups)
+		ctx = context.WithValue(ctx, ContextKeyUsername, "test")
+		ctx = context.WithValue(ctx, ContextKeyGroups, a.elevatedGroups)
 		r = r.WithContext(ctx)
 
 		h.ServeHTTP(w, r)

diff --git a/pkg/portal/portal.go b/pkg/portal/portal.go
@@ -165,7 +165,7 @@ func (p *portal) setupRouter(kconfig *kubeconfig.Kubeconfig, prom *prometheus.Pr
 	disableOauthOption := os.Getenv("DISABLE_OAUTH")
 	if disableOauthOption == "true" || env.IsLocalDevelopmentMode() || env.IsCI() {
 		p.baseAccessLog.Error("running in int")
-		p.aad, err = middleware.NewIntAAD(p.sessionKey, p.audit)
+		p.aad, err = middleware.NewIntAAD(p.elevatedGroupIDs, p.audit)
 	} else {
 		p.log.Error("not running in int")
 		p.aad, err = middleware.NewAAD(p.log, p.audit, p.env, p.baseAccessLog, p.hostname, p.sessionKey, p.clientID, p.clientKey, p.clientCerts, allGroups,