Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit9d2b805

Browse files
authored
fix: prevent infinite redirect oauth auth flow (#10430)
* fix: prevent infinite redirect oauth auth flow
1 parent7fc1a65 commit9d2b805

File tree

2 files changed

+38
-3
lines changed

2 files changed

+38
-3
lines changed

‎coderd/externalauth.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -268,8 +268,9 @@ func (api *API) externalAuthCallback(externalAuthConfig *externalauth.Config) ht
268268

269269
redirect:=state.Redirect
270270
ifredirect=="" {
271-
// This is a nicely rendered screen on the frontend
272-
redirect=fmt.Sprintf("/external-auth/%s",externalAuthConfig.ID)
271+
// This is a nicely rendered screen on the frontend. Passing the query param lets the
272+
// FE know not to enter the authentication loop again, and instead display an error.
273+
redirect=fmt.Sprintf("/external-auth/%s?redirected=true",externalAuthConfig.ID)
273274
}
274275
http.Redirect(rw,r,redirect,http.StatusTemporaryRedirect)
275276
}

‎site/src/pages/ExternalAuthPage/ExternalAuthPage.tsx

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,16 +6,21 @@ import {
66
}from"api/api";
77
import{usePermissions}from"hooks";
88
import{typeFC}from"react";
9-
import{useParams}from"react-router-dom";
9+
import{useParams,useSearchParams}from"react-router-dom";
1010
importExternalAuthPageViewfrom"./ExternalAuthPageView";
1111
import{ApiErrorResponse}from"api/errors";
1212
import{isAxiosError}from"axios";
13+
importBoxfrom"@mui/material/Box";
14+
importButtonfrom"@mui/material/Button";
15+
import{SignInLayout}from"components/SignInLayout/SignInLayout";
16+
import{Welcome}from"components/Welcome/Welcome";
1317

1418
constExternalAuthPage:FC=()=>{
1519
const{ provider}=useParams();
1620
if(!provider){
1721
thrownewError("provider must exist");
1822
}
23+
const[searchParams]=useSearchParams();
1924
constpermissions=usePermissions();
2025
constqueryClient=useQueryClient();
2126
constgetExternalAuthProviderQuery=useQuery({
@@ -72,6 +77,35 @@ const ExternalAuthPage: FC = () => {
7277
!getExternalAuthProviderQuery.data.authenticated&&
7378
!getExternalAuthProviderQuery.data.device
7479
){
80+
constredirectedParam=searchParams?.get("redirected");
81+
if(redirectedParam&&redirectedParam.toLowerCase()==="true"){
82+
// The auth flow redirected the user here. If we redirect back to the
83+
// callback, that resets the flow and we'll end up in an infinite loop.
84+
// So instead, show an error, as the user expects to be authenticated at
85+
// this point.
86+
// TODO: Unsure what to do about the device auth flow, should we also
87+
// show an error there?
88+
return(
89+
<SignInLayout>
90+
<Welcomemessage="Failed to validate oauth access token"/>
91+
<BoxtextAlign="center">
92+
Attempted to validate the user&apos;s oauth access token from the
93+
authentication flow. This situation may occur as a result of an
94+
external authentication provider misconfiguration. Verify the
95+
external authentication validation URL is accurately configured.
96+
</Box>
97+
<br/>
98+
<Button
99+
onClick={()=>{
100+
// Redirect to the auth flow again. *crosses fingers*
101+
window.location.href=`/external-auth/${provider}/callback`;
102+
}}
103+
>
104+
Retry
105+
</Button>
106+
</SignInLayout>
107+
);
108+
}
75109
window.location.href=`/external-auth/${provider}/callback`;
76110
returnnull;
77111
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp