Merge pull request #755 from influxdata/feature/fix-kapacitor-auth

Fix kapacitor auth with basic auth in header

CHANGELOG.md

@@ -1,6 +1,8 @@
 ## v1.1.0 [unreleased]
 
 ### Upcoming Bug Fixes
+  1. [#755](https://github.com/influxdata/chronograf/pull/755): Fix kapacitor basic auth proxying
+
 ### Upcoming Features
   1. [#660](https://github.com/influxdata/chronograf/issues/660): Add option to accept any certificate from InfluxDB.
   2. [#733](https://github.com/influxdata/chronograf/pull/733): Add optional Github organization membership checks to authentication

server/proxy.go

@@ -1,6 +1,7 @@
 package server
 
 import (
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -105,13 +106,17 @@ func (h *Service) KapacitorProxy(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if srv.Username != "" && srv.Password != "" {
-		u.User = url.UserPassword(srv.Username, srv.Password)
-	}
 	u.Path = path
 
 	director := func(req *http.Request) {
 		req.URL = u
+		// Because we are acting as a proxy, kapacitor needs to have the basic auth information set as
+		// a header directly
+		if srv.Username != "" && srv.Password != "" {
+			auth := "Basic " + srv.Username + ":" + srv.Password
+			header := base64.StdEncoding.EncodeToString([]byte(auth))
+			req.Header.Set("Authorization", header)
+		}
 	}
 	proxy := &httputil.ReverseProxy{
 		Director: director,