Skip to content

Commit

Permalink
server: fix registration redirect for servers listenin at non-base URLs
Browse files Browse the repository at this point in the history
  • Loading branch information
ericchiang committed Aug 19, 2016
1 parent 7525e56 commit fa8f98a
Show file tree
Hide file tree
Showing 4 changed files with 52 additions and 7 deletions.
2 changes: 1 addition & 1 deletion server/cross_client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ func TestHandleAuthCrossClient(t *testing.T) {
}

for i, tt := range tests {
hdlr := handleAuthFunc(f.srv, idpcs, nil, true)
hdlr := handleAuthFunc(f.srv, url.URL{}, idpcs, nil, true)
w := httptest.NewRecorder()

query := url.Values{
Expand Down
5 changes: 3 additions & 2 deletions server/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"io"
"net/http"
"net/url"
"path"
"strings"
"time"

Expand Down Expand Up @@ -266,7 +267,7 @@ func renderLoginPage(w http.ResponseWriter, r *http.Request, srv OIDCServer, idp
execTemplate(w, tpl, td)
}

func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.Template, registrationEnabled bool) http.HandlerFunc {
func handleAuthFunc(srv OIDCServer, baseURL url.URL, idpcs []connector.Connector, tpl *template.Template, registrationEnabled bool) http.HandlerFunc {
idx := makeConnectorMap(idpcs)
return func(w http.ResponseWriter, r *http.Request) {
if r.Method != "GET" {
Expand Down Expand Up @@ -358,7 +359,7 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
if ok {
q := url.Values{}
q.Set("code", key)
ru := httpPathRegister + "?" + q.Encode()
ru := path.Join(baseURL.Path, httpPathRegister) + "?" + q.Encode()
w.Header().Set("Location", ru)
w.WriteHeader(http.StatusFound)
return
Expand Down
50 changes: 47 additions & 3 deletions server/http_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"encoding/json"
"errors"
"fmt"
"html/template"
"math/big"
"net/http"
"net/http/httptest"
Expand Down Expand Up @@ -54,7 +55,7 @@ func (c *fakeConnector) TrustedEmailProvider() bool {

func TestHandleAuthFuncMethodNotAllowed(t *testing.T) {
for _, m := range []string{"POST", "PUT", "DELETE"} {
hdlr := handleAuthFunc(nil, nil, nil, true)
hdlr := handleAuthFunc(nil, url.URL{}, nil, nil, true)
req, err := http.NewRequest(m, "http://example.com", nil)
if err != nil {
t.Errorf("case %s: unable to create HTTP request: %v", m, err)
Expand All @@ -72,13 +73,28 @@ func TestHandleAuthFuncMethodNotAllowed(t *testing.T) {
}
}

func newLocalConnector(t *testing.T, id string) connector.Connector {
config := connector.LocalConnectorConfig{ID: id}
tmpl, err := template.New(connector.LoginPageTemplateName).Parse("")
if err != nil {
t.Fatalf("creating login template: %v", err)
}
conn, err := config.Connector(url.URL{}, nil, tmpl)
if err != nil {
t.Fatalf("creating connector: %v", err)
}
return conn
}

func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
idpcs := []connector.Connector{
&fakeConnector{loginURL: "http://fake.example.com"},
newLocalConnector(t, "local"),
}

tests := []struct {
query url.Values
baseURL url.URL
wantCode int
wantLocation string
}{
Expand Down Expand Up @@ -210,6 +226,34 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
},
wantCode: http.StatusBadRequest,
},

// registration
{
query: url.Values{
"response_type": []string{"code"},
"redirect_uri": []string{"http://client.example.com/callback"},
"client_id": []string{"client.example.com"},
"connector_id": []string{"local"},
"register": []string{"1"},
"scope": []string{"openid"},
},
baseURL: url.URL{Scheme: "https", Host: "dex.example.com"}, // Root URL.
wantCode: http.StatusFound,
wantLocation: "/register?code=code-2",
},
{
query: url.Values{
"response_type": []string{"code"},
"redirect_uri": []string{"http://client.example.com/callback"},
"client_id": []string{"client.example.com"},
"connector_id": []string{"local"},
"register": []string{"1"},
"scope": []string{"openid"},
},
baseURL: url.URL{Scheme: "https", Host: "dex.example.com", Path: "/foobar"},
wantCode: http.StatusFound,
wantLocation: "/foobar/register?code=code-2",
},
}

for i, tt := range tests {
Expand All @@ -218,7 +262,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
t.Fatalf("error making test fixtures: %v", err)
}

hdlr := handleAuthFunc(f.srv, idpcs, nil, true)
hdlr := handleAuthFunc(f.srv, tt.baseURL, idpcs, nil, true)
w := httptest.NewRecorder()
u := fmt.Sprintf("http://server.example.com?%s", tt.query.Encode())
req, err := http.NewRequest("GET", u, nil)
Expand Down Expand Up @@ -322,7 +366,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
}

for i, tt := range tests {
hdlr := handleAuthFunc(f.srv, idpcs, nil, true)
hdlr := handleAuthFunc(f.srv, url.URL{}, idpcs, nil, true)
w := httptest.NewRecorder()
u := fmt.Sprintf("http://server.example.com?%s", tt.query.Encode())
req, err := http.NewRequest("GET", u, nil)
Expand Down
2 changes: 1 addition & 1 deletion server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,7 @@ func (s *Server) HTTPHandler() http.Handler {
}

handleFunc(httpPathDiscovery, handleDiscoveryFunc(s.ProviderConfig()))
handleFunc(httpPathAuth, handleAuthFunc(s, s.Connectors, s.LoginTemplate, s.EnableRegistration))
handleFunc(httpPathAuth, handleAuthFunc(s, s.IssuerURL, s.Connectors, s.LoginTemplate, s.EnableRegistration))
handleFunc(httpPathOOB, handleOOBFunc(s, s.OOBTemplate))
handleFunc(httpPathToken, handleTokenFunc(s))
handleFunc(httpPathKeys, handleKeysFunc(s.KeyManager, clock))
Expand Down

0 comments on commit fa8f98a

Please sign in to comment.