Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug 2026573: use rd for redirect #234

Closed
wants to merge 2 commits into from
+48 −1
Closed

Bug 2026573: use rd for redirect #234

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bbb2516
set redirect to req.RequestURI if ProxyPrefix is not equal to /oauth …
clyang82 Nov 9, 2021
e105658
Add unit tests
clyang82 Dec 7, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion oauthproxy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -504,7 +504,7 @@ func (p *OAuthProxy) ManualSignIn(rw http.ResponseWriter, req *http.Request) (st
}

func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error) {
if p.SkipProviderButton {
if p.SkipProviderButton && p.ProxyPrefix != "/oauth" {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you mind to add some tests here as well?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. Thanks.

redirect = req.RequestURI
return
}
Expand Down
47 changes: 47 additions & 0 deletions oauthproxy_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -493,6 +493,53 @@ func TestSignInPageIncludesTargetRedirect(t *testing.T) {
}
}

func TestGetRedirect(t *testing.T) {
testCases := []struct {
name string
options func() *Options
requestURI string
expected string
}{
{
name: "Redirect to root",
options: func() *Options {
return testOptions()
},
requestURI: "/oauth2/start",
expected: "/",
},
{
name: "Redirect to root",
options: func() *Options {
opts := testOptions()
opts.SkipProviderButton = true
opts.ProxyPrefix = "/oauth"
return opts
},
requestURI: "/oauth/start",
expected: "/",
},
{
name: "Redirect to custom uri",
options: func() *Options {
opts := testOptions()
opts.SkipProviderButton = true
opts.ProxyPrefix = "/oauth2"
return opts
},
requestURI: "/oauth2/start",
expected: "/oauth2/start",
},
Comment on lines +511 to +532
Copy link

@stlaz stlaz Dec 21, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do these scenarios behave differently? Why is the /oauth-prefixed path special-cased in the code above?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/oauth is default value for ProxyPrefix. the expected redirect is /. that is our case. I have described it in the description.

/oauth2 is custom value for ProxyPrefix. Keep the behaviour as it is.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still don't see the reason why we should treat /oauth differently than any other prefix

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not know if my case is used by other customers. my case is using default setting with skip-provider-button=true. so it always redirects to oauth/start. it should be redirected to /. You can see there is not such fix introduced in #18 in upstream - https://github.com/bitly/oauth2_proxy/blob/fa2771998a98a5bfdfa3c3503757668ac4f1c8ec/oauthproxy.go#L422

}
for _, tc := range testCases {
req, _ := http.NewRequest("GET", tc.requestURI, strings.NewReader(""))
req.RequestURI = tc.requestURI
oauthProxy := NewOAuthProxy(tc.options(), func(s string) bool { return true })
redirect, _ := oauthProxy.GetRedirect(req)
assert.Equal(t, tc.expected, redirect)
}
}

func TestSignInPageDirectAccessRedirectsToRoot(t *testing.T) {
sip_test := NewSignInPageTest()
code, body := sip_test.GetEndpoint("/oauth2/sign_in")
Expand Down