Fix redirect url redirect_url when OIDC auth mode is enabled (#17628)

* fix redirect url for OIDC auth mode

Signed-off-by: Maksym Trofimenko <maksym@container-registry.com>

* portal lint_fix

Signed-off-by: mtrofimenko <gtpoxa@gmail.com>

* make linter happy

Signed-off-by: mtrofimenko <gtpoxa@gmail.com>

Signed-off-by: Maksym Trofimenko <maksym@container-registry.com>
Signed-off-by: mtrofimenko <gtpoxa@gmail.com>
Co-authored-by: Maksym Trofimenko <maksym@container-registry.com>
This commit is contained in:
Maksym Trofimenko 2022-10-21 07:38:13 +01:00 committed by GitHub
parent c4146667f1
commit 486bdb6b99
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 5 deletions

View File

@ -35,6 +35,7 @@ import (
const tokenKey = "oidc_token"
const stateKey = "oidc_state"
const userInfoKey = "oidc_user_info"
const redirectURLKey = "oidc_redirect_url"
const oidcUserComment = "Onboarded via OIDC provider"
// OIDCController handles requests for OIDC login, callback and user onboard
@ -62,6 +63,7 @@ func (oc *OIDCController) RedirectLogin() {
oc.SendInternalServerError(err)
return
}
oc.SetSession(redirectURLKey, oc.Ctx.Request.URL.Query().Get("redirect_url"))
oc.SetSession(stateKey, state)
log.Debugf("State dumped to session: %s", state)
// Force to use the func 'Redirect' of beego.Controller
@ -85,7 +87,12 @@ func (oc *OIDCController) Callback() {
oc.SendBadRequestError(errors.Errorf("OIDC callback returned error: %s - %s", errorCode, errorDescription))
return
}
var redirectURLStr string
redirectURL := oc.GetSession(redirectURLKey)
if redirectURL != nil {
redirectURLStr = redirectURL.(string)
oc.DelSession(redirectURLKey)
}
code := oc.Ctx.Request.URL.Query().Get("code")
ctx := oc.Ctx.Request.Context()
token, err := oidc.ExchangeToken(ctx, code)
@ -144,7 +151,7 @@ func (oc *OIDCController) Callback() {
u = userRec
} else {
oc.SetSession(userInfoKey, string(ouDataStr))
oc.Controller.Redirect(fmt.Sprintf("/oidc-onboard?username=%s", username), http.StatusFound)
oc.Controller.Redirect(fmt.Sprintf("/oidc-onboard?username=%s&redirect_url=%s", username, redirectURLStr), http.StatusFound)
// Once redirected, no further actions are done
return
}
@ -170,7 +177,11 @@ func (oc *OIDCController) Callback() {
return
}
oc.PopulateUserSession(*u)
oc.Controller.Redirect("/", http.StatusFound)
if redirectURLStr == "" {
redirectURLStr = "/"
}
oc.Controller.Redirect(redirectURLStr, http.StatusFound)
}
func userOnboard(ctx context.Context, oc *OIDCController, info *oidc.UserInfo, username string, tokenBytes []byte) (*models.User, bool) {

View File

@ -22,7 +22,7 @@
</label>
<div class="login-group">
<ng-container *ngIf="isOidcLoginMode && steps === 1">
<a href="/c/oidc/login">
<a href="/c/oidc/login?redirect_url={{ redirectUrl }}">
<button
type="button"
id="log_oidc"

View File

@ -12,6 +12,7 @@ import { errorHandler } from '../shared/units/shared.utils';
})
export class OidcOnboardComponent implements OnInit {
url: string;
redirectUrl: string;
errorMessage: string = '';
oidcUsername = new UntypedFormControl('');
errorOpen: boolean = false;
@ -23,6 +24,7 @@ export class OidcOnboardComponent implements OnInit {
ngOnInit() {
this.route.queryParams.subscribe(params => {
this.redirectUrl = params['redirect_url'] || '';
this.oidcUsername.setValue(params['username'] || '');
});
}
@ -31,7 +33,12 @@ export class OidcOnboardComponent implements OnInit {
.oidcSave({ username: this.oidcUsername.value })
.subscribe(
res => {
this.router.navigate([CommonRoutes.HARBOR_DEFAULT]);
if (this.redirectUrl === '') {
// Routing to the default location
this.router.navigateByUrl(CommonRoutes.HARBOR_DEFAULT);
} else {
this.router.navigateByUrl(this.redirectUrl);
}
},
error => {
this.errorMessage = errorHandler(error);