habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

outposts: fix oauth state when using signature routing (#3616)

Browse Source 
* fix oauth state when using signature routing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more retires

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L
2022-09-19 21:38:34 +02:00
committed by GitHub
parent 9fb5092fdc
commit 47daaf969a
5 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/outpost/proxyv2/application/mode_forward.go
View File

@ -37,9 +37,11 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
http.Error(rw, "configuration error", http.StatusInternalServerError)
return
}
tr := r.Clone(r.Context())
tr.URL = fwd
if strings.EqualFold(fwd.Query().Get(CallbackSignature), "true") {
a.log.Debug("handling OAuth Callback from querystring signature")
a.handleAuthCallback(rw, r)
a.handleAuthCallback(rw, tr)
return
} else if strings.EqualFold(fwd.Query().Get(LogoutSignature), "true") {
a.log.Debug("handling OAuth Logout from querystring signature")
@ -57,8 +59,6 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
a.log.Trace("path can be accessed without authentication")
return
}
tr := r.Clone(r.Context())
tr.URL = fwd
a.handleAuthStart(rw, r)
// set the redirect flag to the current URL we have, since we redirect
// to a (possibly) different domain, but we want to be redirected back
@ -88,9 +88,11 @@ func (a *Application) forwardHandleCaddy(rw http.ResponseWriter, r *http.Request
http.Error(rw, "configuration error", http.StatusInternalServerError)
return
}
tr := r.Clone(r.Context())
tr.URL = fwd
if strings.EqualFold(fwd.Query().Get(CallbackSignature), "true") {
a.log.Debug("handling OAuth Callback from querystring signature")
a.handleAuthCallback(rw, r)
a.handleAuthCallback(rw, tr)
return
} else if strings.EqualFold(fwd.Query().Get(LogoutSignature), "true") {
a.log.Debug("handling OAuth Logout from querystring signature")
@ -108,8 +110,6 @@ func (a *Application) forwardHandleCaddy(rw http.ResponseWriter, r *http.Request
a.log.Trace("path can be accessed without authentication")
return
}
tr := r.Clone(r.Context())
tr.URL = fwd
a.handleAuthStart(rw, r)
// set the redirect flag to the current URL we have, since we redirect
// to a (possibly) different domain, but we want to be redirected back