github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-06 16:36:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(handler/sso/proxy): only set default query parameters for login handler

Browse Source
This commit is contained in:
Trong Huu Nguyen
2023-04-13 09:20:34 +02:00
parent a2d8d6f7c3
commit 9cb648917b
1 changed files with 11 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
pkg/handler/handler_sso_proxy.go
View File

@@ -53,18 +53,6 @@ func NewSSOProxy(cfg *config.Config, crypter crypto.Crypter) (*SSOProxy, error)
return nil, fmt.Errorf("parsing sso server url: %w", err)
}
query := serverURL.Query()
if len(cfg.OpenID.ACRValues) > 0 {
query.Set(openidclient.SecurityLevelURLParameter, cfg.OpenID.ACRValues)
}
if len(cfg.OpenID.UILocales) > 0 {
query.Set(openidclient.LocaleURLParameter, cfg.OpenID.UILocales)
}
serverURL.RawQuery = query.Encode()
upstream := &urllib.URL{
Host: cfg.UpstreamHost,
Scheme: "http",
@@ -114,7 +102,15 @@ func (s *SSOProxy) Login(w http.ResponseWriter, r *http.Request) {
target := s.GetSSOServerURL()
targetQuery := target.Query()
// override default query parameters
// set default query parameters
if len(s.Config.OpenID.ACRValues) > 0 {
targetQuery.Set(openidclient.SecurityLevelURLParameter, s.Config.OpenID.ACRValues)
}
if len(s.Config.OpenID.UILocales) > 0 {
targetQuery.Set(openidclient.LocaleURLParameter, s.Config.OpenID.UILocales)
}
// override default query parameters, if provided in request
reqQuery := r.URL.Query()
if reqQuery.Has(openidclient.SecurityLevelURLParameter) {
targetQuery.Set(openidclient.SecurityLevelURLParameter, reqQuery.Get(openidclient.SecurityLevelURLParameter))
@@ -141,7 +137,7 @@ func (s *SSOProxy) LoginCallback(w http.ResponseWriter, r *http.Request) {
}
func (s *SSOProxy) Logout(w http.ResponseWriter, r *http.Request) {
target := s.SSOServerURL.JoinPath(paths.OAuth2, paths.Logout)
target := s.GetSSOServerURL().JoinPath(paths.OAuth2, paths.Logout)
http.Redirect(w, r, target.String(), http.StatusTemporaryRedirect)
}
@@ -154,7 +150,7 @@ func (s *SSOProxy) LogoutFrontChannel(w http.ResponseWriter, r *http.Request) {
}
func (s *SSOProxy) LogoutLocal(w http.ResponseWriter, r *http.Request) {
target := s.SSOServerURL.JoinPath(paths.OAuth2, paths.LogoutLocal)
target := s.GetSSOServerURL().JoinPath(paths.OAuth2, paths.LogoutLocal)
http.Redirect(w, r, target.String(), http.StatusTemporaryRedirect)
}