habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

outposts/proxy: reduce possibility for redirect loops, keep single state (#3831)

Browse Source 
use single state, redirect when start url is hit with active session

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L
2022-10-20 21:27:34 +02:00
committed by GitHub
parent a1ce8100e9
commit d53733b6fc
6 changed files with 44 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/outpost/proxyv2/application/mode_forward_traefik_test.go
View File

@ -52,7 +52,7 @@ func TestForwardHandleTraefik_Single_Headers(t *testing.T) {
"client_id": []string{*a.proxyConfig.ClientId},
"redirect_uri": []string{"https://ext.t.goauthentik.io/outpost.goauthentik.io/callback?X-authentik-auth-callback=true"},
"response_type": []string{"code"},
"state": []string{s.Values[constants.SessionOAuthState].([]string)[0]},
"state": []string{s.Values[constants.SessionOAuthState].(string)},
}
assert.Equal(t, fmt.Sprintf("http://fake-auth.t.goauthentik.io/auth?%s", shouldUrl.Encode()), loc.String())
assert.Equal(t, "http://test.goauthentik.io/app", s.Values[constants.SessionRedirect])
@ -137,7 +137,7 @@ func TestForwardHandleTraefik_Domain_Header(t *testing.T) {
"client_id": []string{*a.proxyConfig.ClientId},
"redirect_uri": []string{"https://ext.t.goauthentik.io/outpost.goauthentik.io/callback?X-authentik-auth-callback=true"},
"response_type": []string{"code"},
"state": []string{s.Values[constants.SessionOAuthState].([]string)[0]},
"state": []string{s.Values[constants.SessionOAuthState].(string)},
}
assert.Equal(t, fmt.Sprintf("http://fake-auth.t.goauthentik.io/auth?%s", shouldUrl.Encode()), loc.String())
assert.Equal(t, "http://test.goauthentik.io/app", s.Values[constants.SessionRedirect])