outposts/proxy: Fix invalid redirect on external hosts containing path components (#8915)

* outposts/proxy: Fix invalid redirect on external hosts containing path components

Signed-off-by: Max <github@germancoding.com>

* outposts/proxy: Fix test for changed redirect logic

Signed-off-by: Max <github@germancoding.com>

---------

Signed-off-by: Max <github@germancoding.com>

internal/outpost/proxyv2/application/mode_proxy_test.go

@@ -56,7 +56,7 @@ func TestProxy_Redirect_Subdirectory(t *testing.T) {
 	loc, _ := rr.Result().Location()
 	assert.Equal(
 		t,
-		"https://ext.t.goauthentik.io/subdir/outpost.goauthentik.io/start?rd=https%3A%2F%2Fext.t.goauthentik.io%2Ffoo",
+		"https://ext.t.goauthentik.io/subdir/outpost.goauthentik.io/start?rd=https%3A%2F%2Fext.t.goauthentik.io%2Fsubdir%2Ffoo",
 		loc.String(),
 	)
 }

internal/outpost/proxyv2/application/utils.go

@@ -3,7 +3,6 @@ package application
 import (
 	"net/http"
 	"net/url"
-	"path"
 	"strconv"
 	"strings"
 
@@ -11,22 +10,12 @@ import (
 	"goauthentik.io/internal/outpost/proxyv2/constants"
 )
 
-func urlPathSet(originalUrl string, newPath string) string {
-	u, err := url.Parse(originalUrl)
-	if err != nil {
-		return originalUrl
-	}
-	u.Path = newPath
-	return u.String()
-}
-
 func urlJoin(originalUrl string, newPath string) string {
-	u, err := url.Parse(originalUrl)
+	u, err := url.JoinPath(originalUrl, newPath)
 	if err != nil {
 		return originalUrl
 	}
-	u.Path = path.Join(u.Path, newPath)
+	return u
-	return u.String()
 }
 
 func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
@@ -46,7 +35,7 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	redirectUrl := urlPathSet(a.proxyConfig.ExternalHost, r.URL.Path)
+	redirectUrl := urlJoin(a.proxyConfig.ExternalHost, r.URL.Path)
 
 	if a.Mode() == api.PROXYMODE_FORWARD_DOMAIN {
 		dom := strings.TrimPrefix(*a.proxyConfig.CookieDomain, ".")