Skip to content

Commit

Permalink
fix: Do not skip approval screen by default (dexidp#2897)
Browse files Browse the repository at this point in the history
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
  • Loading branch information
nabokihms authored and michaelliau committed Oct 4, 2023
1 parent d9ab8dd commit 531f678
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 18 deletions.
2 changes: 1 addition & 1 deletion server/handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -523,7 +523,7 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
authReq.ConnectorID, claims.Username, claims.PreferredUsername, email, claims.Groups)

// we can skip the redirect to /approval and go ahead and send code if it's not required
if s.skipApproval || !authReq.ForceApprovalPrompt {
if s.skipApproval && !authReq.ForceApprovalPrompt {
return "", true, nil
}

Expand Down
58 changes: 41 additions & 17 deletions server/handlers_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ import (
"net/http/httptest"
"net/url"
"path"
"strings"
"testing"
"time"

Expand Down Expand Up @@ -339,6 +338,7 @@ func TestHandlePasswordLoginWithSkipApproval(t *testing.T) {
name string
skipApproval bool
authReq storage.AuthRequest
expectedRes string
}{
{
name: "Force approval",
Expand All @@ -351,6 +351,7 @@ func TestHandlePasswordLoginWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: true,
},
expectedRes: "/approval",
},
{
name: "Skip approval by server config",
Expand All @@ -363,9 +364,10 @@ func TestHandlePasswordLoginWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: true,
},
expectedRes: "/approval",
},
{
name: "Skip approval by auth request",
name: "No skip",
skipApproval: false,
authReq: storage.AuthRequest{
ID: authReqID,
Expand All @@ -375,6 +377,20 @@ func TestHandlePasswordLoginWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: false,
},
expectedRes: "/approval",
},
{
name: "Skip approval",
skipApproval: true,
authReq: storage.AuthRequest{
ID: authReqID,
ConnectorID: connID,
RedirectURI: "cb",
Expiry: expiry,
ResponseTypes: resTypes,
ForceApprovalPrompt: false,
},
expectedRes: "/auth/mockPw/cb",
},
}

Expand Down Expand Up @@ -410,15 +426,11 @@ func TestHandlePasswordLoginWithSkipApproval(t *testing.T) {
require.Equal(t, 303, rr.Code)

resp := rr.Result()
cbPath := strings.Split(resp.Header.Get("Location"), "?")[0]

if tc.skipApproval || !tc.authReq.ForceApprovalPrompt {
require.Equal(t, "/auth/mockPw/cb", cbPath)
} else {
require.Equal(t, "/approval", cbPath)
}
defer resp.Body.Close()

resp.Body.Close()
cb, _ := url.Parse(resp.Header.Get("Location"))
require.Equal(t, tc.expectedRes, cb.Path)
}
}

Expand All @@ -435,6 +447,7 @@ func TestHandleConnectorCallbackWithSkipApproval(t *testing.T) {
name string
skipApproval bool
authReq storage.AuthRequest
expectedRes string
}{
{
name: "Force approval",
Expand All @@ -447,6 +460,7 @@ func TestHandleConnectorCallbackWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: true,
},
expectedRes: "/approval",
},
{
name: "Skip approval by server config",
Expand All @@ -459,6 +473,7 @@ func TestHandleConnectorCallbackWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: true,
},
expectedRes: "/approval",
},
{
name: "Skip approval by auth request",
Expand All @@ -471,6 +486,20 @@ func TestHandleConnectorCallbackWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: false,
},
expectedRes: "/approval",
},
{
name: "Skip approval",
skipApproval: true,
authReq: storage.AuthRequest{
ID: authReqID,
ConnectorID: connID,
RedirectURI: "cb",
Expiry: expiry,
ResponseTypes: resTypes,
ForceApprovalPrompt: false,
},
expectedRes: "/callback/cb",
},
}

Expand All @@ -492,14 +521,9 @@ func TestHandleConnectorCallbackWithSkipApproval(t *testing.T) {
require.Equal(t, 303, rr.Code)

resp := rr.Result()
cbPath := strings.Split(resp.Header.Get("Location"), "?")[0]

if tc.skipApproval || !tc.authReq.ForceApprovalPrompt {
require.Equal(t, "/callback/cb", cbPath)
} else {
require.Equal(t, "/approval", cbPath)
}
defer resp.Body.Close()

resp.Body.Close()
cb, _ := url.Parse(resp.Header.Get("Location"))
require.Equal(t, tc.expectedRes, cb.Path)
}
}

0 comments on commit 531f678

Please sign in to comment.