Skip to content

Commit

Permalink
Fix base URI not included in generated OpenID Connect URLs (#1524)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hmoffatt
hmoffatt committed Feb 5, 2024
1 parent 3898172 commit 73e661f
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 11 deletions.
23 changes: 13 additions & 10 deletions api/login.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -367,7 +367,8 @@ func oidcLogin(w http.ResponseWriter, r *http.Request) {
_, oauth, err := getOidcProvider(pid, ctx)
if err != nil {
log.Error(err.Error())
http.Redirect(w, r, "/auth/login", http.StatusTemporaryRedirect)
loginURL, _ := url.JoinPath(util.Config.WebHost, "auth/login")
http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
return
}
state := generateStateOauthCookie(w)
Expand Down Expand Up @@ -479,29 +480,31 @@ func getSecretFromFile(source string) (string, error) {
func oidcRedirect(w http.ResponseWriter, r *http.Request) {
pid := mux.Vars(r)["provider"]
oauthState, err := r.Cookie("oauthstate")
loginURL, _ := url.JoinPath(util.Config.WebHost, "auth/login")

if err != nil {
log.Error(err.Error())
http.Redirect(w, r, "/auth/login", http.StatusTemporaryRedirect)
http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
return
}

if r.FormValue("state") != oauthState.Value {
http.Redirect(w, r, "/auth/login", http.StatusTemporaryRedirect)
http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
return
}

ctx := context.Background()
_oidc, oauth, err := getOidcProvider(pid, ctx)
if err != nil {
log.Error(err.Error())
http.Redirect(w, r, "/auth/login", http.StatusTemporaryRedirect)
http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
return
}

provider, ok := util.Config.OidcProviders[pid]
if !ok {
log.Error(fmt.Errorf("no such provider: %s", pid))
http.Redirect(w, r, "/auth/login", http.StatusTemporaryRedirect)
http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
return
}

Expand All @@ -512,7 +515,7 @@ func oidcRedirect(w http.ResponseWriter, r *http.Request) {
oauth2Token, err := oauth.Exchange(ctx, code)
if err != nil {
log.Error(err.Error())
http.Redirect(w, r, "/auth/login", http.StatusTemporaryRedirect)
http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
return
}

Expand Down Expand Up @@ -551,7 +554,7 @@ func oidcRedirect(w http.ResponseWriter, r *http.Request) {

if err != nil {
log.Error(err.Error())
http.Redirect(w, r, "/auth/login", http.StatusTemporaryRedirect)
http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
return
}

Expand All @@ -566,18 +569,18 @@ func oidcRedirect(w http.ResponseWriter, r *http.Request) {
user, err = helpers.Store(r).CreateUserWithoutPassword(user)
if err != nil {
log.Error(err.Error())
http.Redirect(w, r, "/auth/login", http.StatusTemporaryRedirect)
http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
return
}
}

if !user.External {
log.Error(fmt.Errorf("OIDC user '%s' conflicts with local user", user.Username))
http.Redirect(w, r, "/auth/login", http.StatusTemporaryRedirect)
http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
return
}

createSession(w, r, user)

http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
http.Redirect(w, r, util.Config.WebHost, http.StatusTemporaryRedirect)
}
2 changes: 1 addition & 1 deletion web/src/views/Auth.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ export default {
},
async oidcSignIn(provider) {
document.location = `/api/auth/oidc/${provider}/login`;
document.location = `${document.baseURI}api/auth/oidc/${provider}/login`;
},
},
};
Expand Down

0 comments on commit 73e661f

Please sign in to comment.