mirror of
https://github.com/nais/wonderwall.git
synced 2026-05-07 00:46:56 +00:00
fix: use 303 instead of 307 for redirects
This commit is contained in:
Trong Huu Nguyen
@@ -146,7 +146,7 @@ func (s *Standalone) Login(w http.ResponseWriter, r *http.Request) {
|
||||
"redirect_after_login": canonicalRedirect,
|
||||
}
|
||||
mw.LogEntryFrom(r).WithFields(fields).Info("login: redirecting to identity provider")
|
||||
http.Redirect(w, r, login.AuthCodeURL(), http.StatusTemporaryRedirect)
|
||||
http.Redirect(w, r, login.AuthCodeURL(), http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (s *Standalone) LoginCallback(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -216,7 +216,7 @@ func (s *Standalone) LoginCallback(w http.ResponseWriter, r *http.Request) {
|
||||
mw.LogEntryFrom(r).WithFields(fields).Info("callback: successful login")
|
||||
metrics.ObserveLogin(tokens.IDToken.GetAmrClaim(), redirect)
|
||||
cookie.Clear(w, cookie.Retry, s.GetCookieOptions(r))
|
||||
http.Redirect(w, r, redirect, http.StatusTemporaryRedirect)
|
||||
http.Redirect(w, r, redirect, http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (s *Standalone) Logout(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -255,7 +255,7 @@ func (s *Standalone) logout(w http.ResponseWriter, r *http.Request, globalLogout
|
||||
if globalLogout {
|
||||
logger.Debug("logout: redirecting to identity provider for global/single-logout")
|
||||
metrics.ObserveLogout(metrics.LogoutOperationSelfInitiated)
|
||||
http.Redirect(w, r, logout.SingleLogoutURL(idToken), http.StatusTemporaryRedirect)
|
||||
http.Redirect(w, r, logout.SingleLogoutURL(idToken), http.StatusSeeOther)
|
||||
} else {
|
||||
logger.Info("logout: successful local logout")
|
||||
metrics.ObserveLogout(metrics.LogoutOperationLocal)
|
||||
@@ -268,7 +268,7 @@ func (s *Standalone) LogoutCallback(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
cookie.Clear(w, cookie.Retry, s.GetCookieOptions(r))
|
||||
mw.LogEntryFrom(r).Debugf("logout/callback: redirecting to %s", redirect)
|
||||
http.Redirect(w, r, redirect, http.StatusTemporaryRedirect)
|
||||
http.Redirect(w, r, redirect, http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (s *Standalone) LogoutFrontChannel(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
@@ -129,7 +129,7 @@ func (s *SSOProxy) Login(w http.ResponseWriter, r *http.Request) {
|
||||
"redirect_after_login": canonicalRedirect,
|
||||
}).Info("login: redirecting to sso server")
|
||||
|
||||
http.Redirect(w, r, ssoServerLoginURL, http.StatusTemporaryRedirect)
|
||||
http.Redirect(w, r, ssoServerLoginURL, http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (s *SSOProxy) LoginCallback(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -138,7 +138,7 @@ func (s *SSOProxy) LoginCallback(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
func (s *SSOProxy) Logout(w http.ResponseWriter, r *http.Request) {
|
||||
target := s.GetSSOServerURL().JoinPath(paths.OAuth2, paths.Logout)
|
||||
http.Redirect(w, r, target.String(), http.StatusTemporaryRedirect)
|
||||
http.Redirect(w, r, target.String(), http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (s *SSOProxy) LogoutCallback(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
@@ -49,7 +49,7 @@ func TestLogin(t *testing.T) {
|
||||
assert.NotEmpty(t, loginURL.Query().Get("code_challenge"))
|
||||
|
||||
resp = get(t, rpClient, loginURL.String())
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
|
||||
callbackURL := resp.Location
|
||||
assert.Equal(t, loginURL.Query().Get("state"), callbackURL.Query().Get("state"))
|
||||
@@ -436,7 +436,7 @@ func localLogin(t *testing.T, rpClient *http.Client, idp *mock.IdentityProvider)
|
||||
assert.NoError(t, err)
|
||||
|
||||
resp := get(t, rpClient, loginURL.String())
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
|
||||
cookies := rpClient.Jar.Cookies(loginURL)
|
||||
sessionCookie := getCookieFromJar(cookie.Session, cookies)
|
||||
@@ -455,7 +455,7 @@ func authorize(t *testing.T, rpClient *http.Client, idp *mock.IdentityProvider)
|
||||
|
||||
// Follow redirect to authorize with identity provider
|
||||
resp = get(t, rpClient, resp.Location.String())
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
|
||||
return resp
|
||||
}
|
||||
@@ -466,7 +466,7 @@ func callback(t *testing.T, rpClient *http.Client, authorizeResponse response) *
|
||||
|
||||
// Follow redirect to callback
|
||||
resp := get(t, rpClient, callbackURL.String())
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
|
||||
cookies := rpClient.Jar.Cookies(callbackURL)
|
||||
sessionCookie := getCookieFromJar(cookie.Session, cookies)
|
||||
@@ -491,7 +491,7 @@ func selfInitiatedLogout(t *testing.T, rpClient *http.Client, idp *mock.Identity
|
||||
assert.NoError(t, err)
|
||||
|
||||
resp := get(t, rpClient, logoutURL.String())
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
|
||||
cookies := rpClient.Jar.Cookies(logoutURL)
|
||||
sessionCookie := getCookieFromJar(cookie.Session, cookies)
|
||||
@@ -507,7 +507,7 @@ func logout(t *testing.T, rpClient *http.Client, idp *mock.IdentityProvider) {
|
||||
|
||||
// Follow redirect to endsession endpoint at identity provider
|
||||
resp = get(t, rpClient, resp.Location.String())
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
|
||||
// Get post-logout redirect URI after successful logout at identity provider
|
||||
logoutCallbackURI := resp.Location
|
||||
@@ -521,7 +521,7 @@ func logout(t *testing.T, rpClient *http.Client, idp *mock.IdentityProvider) {
|
||||
|
||||
// Follow redirect back to logout callback
|
||||
resp = get(t, rpClient, logoutCallbackURI.String())
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
|
||||
// Get post-logout redirect URI after redirect back to logout callback
|
||||
assert.Equal(t, "https://google.com", resp.Location.String())
|
||||
|
||||
@@ -93,7 +93,7 @@ func (rp *ReverseProxy) Handler(src ReverseProxySource, w http.ResponseWriter, r
|
||||
}
|
||||
|
||||
logger.WithFields(fields).Info("default: unauthenticated: request matches auto-login; redirecting to login...")
|
||||
http.Redirect(w, r, loginUrl, http.StatusTemporaryRedirect)
|
||||
http.Redirect(w, r, loginUrl, http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -51,7 +51,7 @@ func TestReverseProxy(t *testing.T) {
|
||||
target := idp.RelyingPartyServer.URL + "/"
|
||||
|
||||
resp := get(t, rpClient, target)
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
|
||||
// redirect should point to local login endpoint
|
||||
loginLocation := resp.Location
|
||||
@@ -59,7 +59,7 @@ func TestReverseProxy(t *testing.T) {
|
||||
|
||||
// follow redirect to local login endpoint
|
||||
resp = get(t, rpClient, loginLocation.String())
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
|
||||
// redirect should point to identity provider
|
||||
authorizeLocation := resp.Location
|
||||
@@ -70,7 +70,7 @@ func TestReverseProxy(t *testing.T) {
|
||||
|
||||
// follow redirect to identity provider for login
|
||||
resp = get(t, rpClient, authorizeLocation.String())
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
|
||||
// redirect should point back to relying party
|
||||
callbackLocation := resp.Location
|
||||
@@ -85,7 +85,7 @@ func TestReverseProxy(t *testing.T) {
|
||||
|
||||
// follow redirect back to relying party
|
||||
resp = get(t, rpClient, callbackLocation.String())
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
|
||||
// finally, follow redirect back to original target, now with a session
|
||||
targetLocation := resp.Location
|
||||
@@ -274,7 +274,7 @@ func TestReverseProxy(t *testing.T) {
|
||||
target := idp.RelyingPartyServer.URL + path
|
||||
resp := get(t, rpClient, target)
|
||||
|
||||
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
|
||||
assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
|
||||
})
|
||||
}
|
||||
})
|
||||
|
||||
@@ -295,7 +295,7 @@ func (ip *IdentityProviderHandler) Authorize(w http.ResponseWriter, r *http.Requ
|
||||
|
||||
u.RawQuery = v.Encode()
|
||||
|
||||
http.Redirect(w, r, u.String(), http.StatusTemporaryRedirect)
|
||||
http.Redirect(w, r, u.String(), http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (ip *IdentityProviderHandler) Jwks(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -572,7 +572,7 @@ func (ip *IdentityProviderHandler) EndSession(w http.ResponseWriter, r *http.Req
|
||||
return
|
||||
}
|
||||
|
||||
http.Redirect(w, r, u.String(), http.StatusTemporaryRedirect)
|
||||
http.Redirect(w, r, u.String(), http.StatusSeeOther)
|
||||
}
|
||||
|
||||
type relyingPartyServer struct {
|
||||
|
||||
@@ -94,7 +94,7 @@ func New(src Source, cfg *config.Config) chi.Router {
|
||||
|
||||
if cfg.SSO.IsServer() {
|
||||
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
|
||||
http.Redirect(w, r, paths.OAuth2+paths.Login, http.StatusTemporaryRedirect)
|
||||
http.Redirect(w, r, paths.OAuth2+paths.Login, http.StatusSeeOther)
|
||||
})
|
||||
}
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user