NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit7eb2bec

authored

fix: redirect from oauth2 authorization page (#12241)

At the moment it just says "you are not authorized", but we want toautomatically redirect to the login page.

1 parentc3a7b13 commit7eb2becCopy full SHA for 7eb2bec

File tree

3 files changed

+30

-15

lines changed

enterprise/coderd
- coderd.go
- oauth2.go
site/src/pages/LoginPage
- LoginPage.tsx

3 files changed

+30

-15

lines changed

`‎enterprise/coderd/coderd.go`

Lines changed: 25 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -153,6 +153,15 @@ func New(ctx context.Context, options Options) (_ API, err error) {`
`153`	`153`	`Optional:false,`
`154`	`154`	`SessionTokenFunc:nil,// Default behavior`
`155`	`155`	`})`
	`156`	`+// Same as above but it redirects to the login page.`
	`157`	`+apiKeyMiddlewareRedirect:=httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{`
	`158`	`+DB:options.Database,`
	`159`	`+OAuth2Configs:oauthConfigs,`
	`160`	`+RedirectToLogin:true,`
	`161`	`+DisableSessionExpiryRefresh:options.DeploymentValues.DisableSessionExpiryRefresh.Value(),`
	`162`	`+Optional:false,`
	`163`	`+SessionTokenFunc:nil,// Default behavior`
	`164`	`+})`
`156`	`165`	`apiKeyMiddlewareOptional:=httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{`
`157`	`166`	`DB:options.Database,`
`158`	`167`	`OAuth2Configs:oauthConfigs,`
`@@ -168,25 +177,30 @@ func New(ctx context.Context, options Options) (_ API, err error) {`
`168`	`177`	`}`
`169`	`178`
`170`	`179`	`api.AGPL.RootHandler.Group(func(r chi.Router) {`
`171`		`-//Oauth2 linking routes do not make sense under the /api/v2 path.`
	`180`	`+//OAuth2 linking routes do not make sense under the /api/v2 path.`
`172`	`181`	`r.Route("/oauth2",func(r chi.Router) {`
`173`	`182`	`r.Use(`
`174`	`183`	`api.oAuth2ProviderMiddleware,`
`175`	`184`	`// Fetch the app as system because in the /tokens route there will be no`
`176`	`185`	`// authenticated user.`
`177`	`186`	`httpmw.AsAuthzSystem(httpmw.ExtractOAuth2ProviderApp(options.Database)),`
`178`	`187`	`)`
`179`		`-r.Group(func(r chi.Router) {`
`180`		`-r.Use(apiKeyMiddleware)`
`181`		`-r.Get("/authorize",api.postOAuth2ProviderAppAuthorize())`
`182`		`-// DELETE on /tokens is not part of the OAuth2 spec. It is our own`
`183`		`-// route used to revoke permissions from an application. It is here for`
`184`		`-// parity with POST on /tokens.`
`185`		`-r.Delete("/tokens",api.deleteOAuth2ProviderAppTokens())`
	`188`	`+r.Route("/authorize",func(r chi.Router) {`
	`189`	`+r.Use(apiKeyMiddlewareRedirect)`
	`190`	`+r.Get("/",api.getOAuth2ProviderAppAuthorize())`
	`191`	`+})`
	`192`	`+r.Route("/tokens",func(r chi.Router) {`
	`193`	`+r.Group(func(r chi.Router) {`
	`194`	`+r.Use(apiKeyMiddleware)`
	`195`	`+// DELETE on /tokens is not part of the OAuth2 spec. It is our own`
	`196`	`+// route used to revoke permissions from an application. It is here for`
	`197`	`+// parity with POST on /tokens.`
	`198`	`+r.Delete("/",api.deleteOAuth2ProviderAppTokens())`
	`199`	`+})`
	`200`	`+// The POST /tokens endpoint will be called from an unauthorized client so we`
	`201`	`+// cannot require an API key.`
	`202`	`+r.Post("/",api.postOAuth2ProviderAppToken())`
`186`	`203`	`})`
`187`		`-// The /tokens endpoint will be called from an unauthorized client so we`
`188`		`-// cannot require an API key.`
`189`		`-r.Post("/tokens",api.postOAuth2ProviderAppToken())`
`190`	`204`	`})`
`191`	`205`	`})`
`192`	`206`

`‎enterprise/coderd/oauth2.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -292,7 +292,7 @@ func (api API) deleteOAuth2ProviderAppSecret(rw http.ResponseWriter, r http.Re`
`292`	`292`	`// @Param scope query string false "Token scopes (currently ignored)"`
`293`	`293`	`// @Success 302`
`294`	`294`	`// @Router /oauth2/authorize [post]`
`295`		`-func (api*API)postOAuth2ProviderAppAuthorize() http.HandlerFunc {`
	`295`	`+func (api*API)getOAuth2ProviderAppAuthorize() http.HandlerFunc {`
`296`	`296`	`returnidentityprovider.Authorize(api.Database,api.AccessURL)`
`297`	`297`	`}`
`298`	`298`

`‎site/src/pages/LoginPage/LoginPage.tsx`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,8 @@ export const LoginPage: FC = () => {`
`25`	`25`	`// If the redirect is going to a workspace application, and we`
`26`	`26`	`// are missing authentication, then we need to change the href location`
`27`	`27`	`// to trigger a HTTP request. This allows the BE to generate the auth`
`28`		`-// cookie required.`
	`28`	`+// cookie required. Similarly for the OAuth2 exchange as the authorization`
	`29`	`+// page is served by the backend.`
`29`	`30`	`// If no redirect is present, then ignore this branched logic.`
`30`	`31`	`if(redirectTo!==""&&redirectTo!=="/"){`
`31`	`32`	`try{`
`@@ -39,8 +40,8 @@ export const LoginPage: FC = () => {`
`39`	`40`	`}catch{`
`40`	`41`	`// Do nothing`
`41`	`42`	`}`
`42`		`-// Path based apps.`
`43`		`-if(redirectTo.includes("/apps/")){`
	`43`	`+// Path based apps and OAuth2.`
	`44`	`+if(redirectTo.includes("/apps/")\|\|redirectTo.includes("/oauth2/")){`
`44`	`45`	`window.location.href=redirectTo;`
`45`	`46`	`returnnull;`
`46`	`47`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit7eb2bec

File tree

3 files changed

3 files changed

`‎enterprise/coderd/coderd.go`

`‎enterprise/coderd/oauth2.go`

`‎site/src/pages/LoginPage/LoginPage.tsx`

0 commit comments