feat: public ingress domain url is added to allowed return urls in th…

…e config if available fix: fixed formating in src/charm.py fix: fixed formating and linting in src/utils.py fix: removed redundant urls from allowed return url in config fix: refactored code in _render_conf_file fix: removed mappers_path from config template rendering in _render_conf_file
canonical · Oct 26, 2023 · 8714f04 · 8714f04
1 parent 0a58128
commit 8714f04
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/src/charm.py b/src/charm.py
@@ -14,6 +14,7 @@
 from pathlib import Path
 from secrets import token_hex
 from typing import TYPE_CHECKING, Any, Dict, List, Optional, Tuple, Union
+from urllib.parse import urlparse
 
 import requests
 from charms.data_platform_libs.v0.data_interfaces import (
@@ -361,12 +362,21 @@ def _render_conf_file(self) -> str:
         login_ui_url = self._get_login_ui_endpoint_info("login_url")
         mappers = self._get_claims_mappers()
         cookie_secrets = self._get_secret()
+
+        allowed_return_urls = []
+        if self._public_url:
+            allowed_return_urls.append(
+                urlparse(self._public_url)
+                ._replace(path="*", params="", query="", fragment="")
+                .geturl()
+            )
+
         rendered = template.render(
             cookie_secrets=[cookie_secrets] if cookie_secrets else None,
             log_level=self._log_level,
             mappers=mappers,
-            default_browser_return_url=self._get_login_ui_endpoint_info("login_url"),
-            allowed_return_urls=[login_ui_url] if login_ui_url else [],
+            default_browser_return_url=login_ui_url,
+            allowed_return_urls=allowed_return_urls,
             identity_schemas=schemas,
             default_identity_schema_id=default_schema_id,
             login_ui_url=login_ui_url,

diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py
@@ -325,7 +325,6 @@ def test_on_pebble_ready_has_correct_config_when_database_is_created(
             ],
         },
         "selfservice": {
-            "allowed_return_urls": [login_databag["login_url"]],
             "default_browser_return_url": login_databag["login_url"],
             "flows": {
                 "error": {
@@ -717,7 +716,9 @@ def test_on_client_config_changed_with_ingress(
             ],
         },
         "selfservice": {
-            "allowed_return_urls": [login_databag["login_url"]],
+            "allowed_return_urls": [
+                "https://public/*",
+            ],
             "default_browser_return_url": login_databag["login_url"],
             "flows": {
                 "error": {
@@ -815,7 +816,6 @@ def test_on_client_config_changed_with_hydra(
             ],
         },
         "selfservice": {
-            "allowed_return_urls": [login_databag["login_url"]],
             "default_browser_return_url": login_databag["login_url"],
             "flows": {
                 "error": {
@@ -878,7 +878,6 @@ def test_on_client_config_changed_when_missing_hydra_relation_data(
             ],
         },
         "selfservice": {
-            "allowed_return_urls": [login_databag["login_url"]],
             "default_browser_return_url": login_databag["login_url"],
             "flows": {
                 "error": {