diff --git a/components/local-app/main.go b/components/local-app/main.go index 932bdb4eb692eb..c81c3237547c21 100644 --- a/components/local-app/main.go +++ b/components/local-app/main.go @@ -93,12 +93,21 @@ func main() { }, }, &cli.BoolFlag{ - Name: "verbose", + Name: "verbose", + Usage: "Enable verbose logging", EnvVars: []string{ "GITPOD_LCA_VERBOSE", }, Value: false, }, + &cli.DurationFlag{ + Name: "auth-timeout", + Usage: "Auth timeout in seconds", + EnvVars: []string{ + "GITPOD_LCA_AUTH_TIMEOUT", + }, + Value: 30, + }, }, Commands: []*cli.Command{ { @@ -107,7 +116,8 @@ func main() { if c.Bool("mock-keyring") { keyring.MockInit() } - return run(c.String("gitpod-host"), c.String("ssh_config"), c.Int("api-port"), c.Bool("allow-cors-from-port"), c.Bool("auto-tunnel"), c.String("auth-redirect-url"), c.Bool("verbose")) + return run(c.String("gitpod-host"), c.String("ssh_config"), c.Int("api-port"), c.Bool("allow-cors-from-port"), + c.Bool("auto-tunnel"), c.String("auth-redirect-url"), c.Bool("verbose"), c.Duration("auth-timeout")) }, Flags: []cli.Flag{ &cli.PathFlag{ @@ -131,7 +141,7 @@ func DefaultCommand(name string) cli.ActionFunc { } } -func run(origin, sshConfig string, apiPort int, allowCORSFromPort bool, autoTunnel bool, authRedirectUrl string, verbose bool) error { +func run(origin, sshConfig string, apiPort int, allowCORSFromPort bool, autoTunnel bool, authRedirectUrl string, verbose bool, authTimeout time.Duration) error { if verbose { logrus.SetLevel(logrus.DebugLevel) } @@ -155,7 +165,7 @@ func run(origin, sshConfig string, apiPort int, allowCORSFromPort bool, autoTunn var b *bastion.Bastion - client, err := connectToServer(auth.LoginOpts{GitpodURL: origin, RedirectURL: authRedirectUrl}, func() { + client, err := connectToServer(auth.LoginOpts{GitpodURL: origin, RedirectURL: authRedirectUrl, AuthTimeout: authTimeout}, func() { if b != nil { b.FullUpdate() } diff --git a/components/local-app/pkg/auth/auth.go b/components/local-app/pkg/auth/auth.go index 9787d82ec4e1f7..6bf5fd5064bbc2 100644 --- a/components/local-app/pkg/auth/auth.go +++ b/components/local-app/pkg/auth/auth.go @@ -15,6 +15,7 @@ import ( "net/http" "net/url" "strings" + "time" jwt "github.com/dgrijalva/jwt-go" gitpod "github.com/gitpod-io/gitpod/gitpod-protocol" @@ -95,6 +96,7 @@ func DeleteToken(host string) error { type LoginOpts struct { GitpodURL string RedirectURL string + AuthTimeout time.Duration } const html = ` @@ -201,6 +203,7 @@ func Login(ctx context.Context, opts LoginOpts) (token string, err error) { return "", xerrors.Errorf("cannot open browser to URL %s: %s\n", authorizationURL, err) } + authTimeout := time.NewTimer(opts.AuthTimeout * time.Second) var query url.Values var code, approved string select { @@ -211,6 +214,8 @@ func Login(ctx context.Context, opts LoginOpts) (token string, err error) { case query = <-queryChan: code = query.Get("code") approved = query.Get("approved") + case <-authTimeout.C: + return "", xerrors.Errorf("auth timeout after %d seconds", uint32(opts.AuthTimeout)) } if approved == "no" { diff --git a/components/server/src/oauth-server/oauth-controller.ts b/components/server/src/oauth-server/oauth-controller.ts index bfff827bee8cb4..a5d7d2a4b2cde4 100644 --- a/components/server/src/oauth-server/oauth-controller.ts +++ b/components/server/src/oauth-server/oauth-controller.ts @@ -51,7 +51,7 @@ export class OAuthController { // Let the local app know they rejected the approval const rt = req.query.redirect_uri; - if (!rt || !rt.startsWith("http://localhost:")) { + if (!rt || !rt.startsWith("http://127.0.0.1:")) { log.error(`/oauth/authorize: invalid returnTo URL: "${rt}"`) res.sendStatus(400); return false;