trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

outposts/proxy: handle redirect loop in start handler, show error message 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-21 10:07:08 +01:00
parent e53114a645
commit f10b57ba0b
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal/outpost/proxyv2/application/mode_forward.go
View File

@ -60,11 +60,6 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
s.Values[constants.SessionLoopDetection] = 1 s.Values[constants.SessionLoopDetection] = 1
} else { } else {
s.Values[constants.SessionLoopDetection] = val.(int) + 1 s.Values[constants.SessionLoopDetection] = val.(int) + 1
if val.(int) > 10 {
a.log.Error("Stopped redirect loop")
rw.WriteHeader(http.StatusBadRequest)
return
}
} }
} }
err = s.Save(r, rw) err = s.Save(r, rw)

7
internal/outpost/proxyv2/application/oauth.go
View File

@ -16,6 +16,13 @@ func (a *Application) handleRedirect(rw http.ResponseWriter, r *http.Request) {
if err != nil { if err != nil {
a.log.WithError(err).Warning("failed to save session") a.log.WithError(err).Warning("failed to save session")
} }
if loop, ok := s.Values[constants.SessionLoopDetection]; ok {
if loop.(int) > 10 {
rw.WriteHeader(http.StatusBadRequest)
a.ErrorPage(rw, r, "Detected redirect loop, make sure /akprox is accessible without authentication.")
return
}
}
http.Redirect(rw, r, a.oauthConfig.AuthCodeURL(state), http.StatusFound) http.Redirect(rw, r, a.oauthConfig.AuthCodeURL(state), http.StatusFound)
} }