From 744f250d05c4eee602a6207fe03a33f64bcfa2bc Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 18 Feb 2022 10:32:22 +0100 Subject: [PATCH] providers/proxy: always set rd param in addition to session to prevent wrong url in session Signed-off-by: Jens Langhammer --- internal/outpost/proxyv2/application/utils.go | 5 ++++- internal/outpost/proxyv2/application/utils_test.go | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/internal/outpost/proxyv2/application/utils.go b/internal/outpost/proxyv2/application/utils.go index c19392873..7f53c8647 100644 --- a/internal/outpost/proxyv2/application/utils.go +++ b/internal/outpost/proxyv2/application/utils.go @@ -42,8 +42,11 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) { a.log.WithError(err).Warning("failed to save session before redirect") } + urlArgs := url.Values{ + "rd": []string{redirectUrl}, + } authUrl := urlJoin(a.proxyConfig.ExternalHost, "/outpost.goauthentik.io/start") - http.Redirect(rw, r, authUrl, http.StatusFound) + http.Redirect(rw, r, authUrl+"?"+urlArgs.Encode(), http.StatusFound) } // getClaims Get claims which are currently in session diff --git a/internal/outpost/proxyv2/application/utils_test.go b/internal/outpost/proxyv2/application/utils_test.go index a10ac20ac..6f4e84aa1 100644 --- a/internal/outpost/proxyv2/application/utils_test.go +++ b/internal/outpost/proxyv2/application/utils_test.go @@ -21,7 +21,7 @@ func TestRedirectToStart_Proxy(t *testing.T) { assert.Equal(t, http.StatusFound, rr.Code) loc, _ := rr.Result().Location() - assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String()) + assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start?rd=https%3A%2F%2Ftest.goauthentik.io%2Ffoo%2Fbar%2Fbaz", loc.String()) s, _ := a.sessions.Get(req, constants.SeesionName) assert.Equal(t, "https://test.goauthentik.io/foo/bar/baz", s.Values[constants.SessionRedirect]) @@ -38,7 +38,7 @@ func TestRedirectToStart_Forward(t *testing.T) { assert.Equal(t, http.StatusFound, rr.Code) loc, _ := rr.Result().Location() - assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String()) + assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start?rd=https%3A%2F%2Ftest.goauthentik.io%2Ffoo%2Fbar%2Fbaz", loc.String()) s, _ := a.sessions.Get(req, constants.SeesionName) assert.Equal(t, "https://test.goauthentik.io/foo/bar/baz", s.Values[constants.SessionRedirect]) @@ -56,7 +56,7 @@ func TestRedirectToStart_Forward_Domain_Invalid(t *testing.T) { assert.Equal(t, http.StatusFound, rr.Code) loc, _ := rr.Result().Location() - assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String()) + assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start?rd=https%3A%2F%2Ftest.goauthentik.io", loc.String()) s, _ := a.sessions.Get(req, constants.SeesionName) assert.Equal(t, "https://test.goauthentik.io", s.Values[constants.SessionRedirect]) @@ -74,7 +74,7 @@ func TestRedirectToStart_Forward_Domain(t *testing.T) { assert.Equal(t, http.StatusFound, rr.Code) loc, _ := rr.Result().Location() - assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String()) + assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start?rd=https%3A%2F%2Ftest.goauthentik.io", loc.String()) s, _ := a.sessions.Get(req, constants.SeesionName) assert.Equal(t, "https://test.goauthentik.io", s.Values[constants.SessionRedirect])