providers/proxy: rework redirect mechanism (#8594)

* providers/proxy: rework redirect mechanism Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add session id, don't tie to state in session Signed-off-by: Jens Langhammer <jens@goauthentik.io> * handle state failing to parse Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * save session after creating state Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include task expiry in status Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix redirect URL detection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-05-06 03:07:08 +02:00
parent 3e4fea875a
commit c45bb8e985
16 changed files with 272 additions and 190 deletions
--- a/internal/outpost/proxyv2/application/test.go
+++ b/internal/outpost/proxyv2/application/test.go
@ -2,6 +2,9 @@ package application

 import (
 	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"

 	"goauthentik.io/api/v3"
 	"goauthentik.io/internal/outpost/ak"
@ -45,11 +48,11 @@ func newTestApplication() *Application {
 			Name:                       ak.TestSecret(),
 			ClientId:                   api.PtrString(ak.TestSecret()),
 			ClientSecret:               api.PtrString(ak.TestSecret()),
+			CookieDomain:               api.PtrString(""),
 			CookieSecret:               api.PtrString(ak.TestSecret()),
 			ExternalHost:               "https://ext.t.goauthentik.io",
 			InternalHost:               api.PtrString("http://backend"),
 			InternalHostSslValidation:  api.PtrBool(true),
-			CookieDomain:               api.PtrString(""),
 			Mode:                       api.PROXYMODE_FORWARD_SINGLE.Ptr(),
 			SkipPathRegex:              api.PtrString("/skip.*"),
 			BasicAuthEnabled:           api.PtrBool(true),
@ -67,3 +70,25 @@ func newTestApplication() *Application {
 	ts.apps = append(ts.apps, a)
 	return a
 }
+
+func (a *Application) assertState(t *testing.T, req *http.Request, response *httptest.ResponseRecorder) (*url.URL, *OAuthState) {
+	loc, _ := response.Result().Location()
+	q := loc.Query()
+	state := q.Get("state")
+	a.log.WithField("actual", state).Warning("actual state")
+	// modify request to set state so we can parse it
+	nr := req.Clone(req.Context())
+	nrq := nr.URL.Query()
+	nrq.Set("state", state)
+	nr.URL.RawQuery = nrq.Encode()
+	// parse state
+	parsed := a.stateFromRequest(nr)
+	if parsed == nil {
+		panic("Could not parse state")
+	}
+
+	// Remove state from URL
+	q.Del("state")
+	loc.RawQuery = q.Encode()
+	return loc, parsed
+}