fix: don't append '?redirect=' to the redirect url by default
This commit is contained in:
Marcell FÜLÖP
parent
aba3b8f100
commit
23f71b184f
25
auth/oidc.go
25
auth/oidc.go
@ -8,7 +8,9 @@ import (
|
|||||||
"math"
|
"math"
|
||||||
"math/big"
|
"math/big"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/coreos/go-oidc/v3/oidc"
|
"github.com/coreos/go-oidc/v3/oidc"
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
@ -45,12 +47,13 @@ func (a OIDCAuth) LoginPage() bool {
|
|||||||
|
|
||||||
// OAuthClient describes the oidc connector parameters.
|
// OAuthClient describes the oidc connector parameters.
|
||||||
type OAuthClient struct {
|
type OAuthClient struct {
|
||||||
ClientID string `json:"clientID"`
|
ClientID string `json:"clientID"`
|
||||||
ClientSecret string `json:"clientSecret"`
|
ClientSecret string `json:"clientSecret"`
|
||||||
Issuer string `json:"issuer"`
|
Issuer string `json:"issuer"`
|
||||||
RedirectURL string `json:"redirectURL"`
|
RedirectURL string `json:"redirectURL"`
|
||||||
OAuth2Config oauth2.Config `json:"-"`
|
RedirectURLAppendQuery bool `json:"redirectURLAppendQuery"`
|
||||||
Verifier *oidc.IDTokenVerifier `json:"-"`
|
OAuth2Config oauth2.Config `json:"-"`
|
||||||
|
Verifier *oidc.IDTokenVerifier `json:"-"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// InitClient configures the connector via oidc discovery.
|
// InitClient configures the connector via oidc discovery.
|
||||||
@ -79,12 +82,14 @@ func (o *OAuthClient) InitAuthFlow(w http.ResponseWriter, r *http.Request) {
|
|||||||
rand2, _ := rand.Int(rand.Reader, big.NewInt(math.MaxInt32))
|
rand2, _ := rand.Int(rand.Reader, big.NewInt(math.MaxInt32))
|
||||||
state := fmt.Sprintf("%x", rand1)
|
state := fmt.Sprintf("%x", rand1)
|
||||||
nonce := fmt.Sprintf("%x", rand2)
|
nonce := fmt.Sprintf("%x", rand2)
|
||||||
o.OAuth2Config.RedirectURL += "?redirect=" + r.URL.Path
|
if strings.HasPrefix(r.URL.Path, "/files/") && o.RedirectURLAppendQuery {
|
||||||
url := o.OAuth2Config.AuthCodeURL(state, oidc.Nonce(nonce))
|
o.OAuth2Config.RedirectURL += "?redirect=" + url.QueryEscape(r.URL.Path)
|
||||||
|
}
|
||||||
|
redirect := o.OAuth2Config.AuthCodeURL(state, oidc.Nonce(nonce))
|
||||||
|
|
||||||
log.Println("oidc init flow ", url)
|
log.Println("oidc init flow ", redirect)
|
||||||
w.Header().Set("Set-Cookie", "state="+state+"; path=/")
|
w.Header().Set("Set-Cookie", "state="+state+"; path=/")
|
||||||
http.Redirect(w, r, url, http.StatusMovedPermanently)
|
http.Redirect(w, r, redirect, http.StatusMovedPermanently)
|
||||||
}
|
}
|
||||||
|
|
||||||
// HandleAuthCallback manages code exchange and obtains the id token.
|
// HandleAuthCallback manages code exchange and obtains the id token.
|
||||||
|
|||||||
@ -45,6 +45,7 @@ func addConfigFlags(flags *pflag.FlagSet) {
|
|||||||
flags.String("oidc.clientSecret", "", "Open ID Connect Client Secret for auth.method=oidc")
|
flags.String("oidc.clientSecret", "", "Open ID Connect Client Secret for auth.method=oidc")
|
||||||
flags.String("oidc.issuer", "", "Open ID Connect Configuration Issuer URL for auth.method=oidc")
|
flags.String("oidc.issuer", "", "Open ID Connect Configuration Issuer URL for auth.method=oidc")
|
||||||
flags.String("oidc.redirectURL", "", "Open ID Connect Redirect URL for auth.method=oidc")
|
flags.String("oidc.redirectURL", "", "Open ID Connect Redirect URL for auth.method=oidc")
|
||||||
|
flags.Bool("oidc.redirectURLAppendQuery", false, "Whether to append '?redirect=...' to the redirectURL")
|
||||||
|
|
||||||
flags.String("branding.name", "", "replace 'File Browser' by this name")
|
flags.String("branding.name", "", "replace 'File Browser' by this name")
|
||||||
flags.String("branding.color", "", "set the theme color")
|
flags.String("branding.color", "", "set the theme color")
|
||||||
@ -132,13 +133,15 @@ func getAuthentication(flags *pflag.FlagSet, defaults ...interface{}) (settings.
|
|||||||
secret := mustGetString(flags, "oidc.clientSecret")
|
secret := mustGetString(flags, "oidc.clientSecret")
|
||||||
url := mustGetString(flags, "oidc.issuer")
|
url := mustGetString(flags, "oidc.issuer")
|
||||||
redirect := mustGetString(flags, "oidc.redirectURL")
|
redirect := mustGetString(flags, "oidc.redirectURL")
|
||||||
|
appendQuery := mustGetBool(flags, "oidc.redirectURLAppendQuery")
|
||||||
|
|
||||||
if id != "" && secret != "" && url != "" && redirect != "" {
|
if id != "" && secret != "" && url != "" && redirect != "" {
|
||||||
oidcAuth.OIDC = &auth.OAuthClient{
|
oidcAuth.OIDC = &auth.OAuthClient{
|
||||||
ClientID: id,
|
ClientID: id,
|
||||||
ClientSecret: secret,
|
ClientSecret: secret,
|
||||||
Issuer: url,
|
Issuer: url,
|
||||||
RedirectURL: redirect,
|
RedirectURL: redirect,
|
||||||
|
RedirectURLAppendQuery: appendQuery,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
auther = oidcAuth
|
auther = oidcAuth
|
||||||
|
|||||||
@ -45,10 +45,11 @@ type oldConf struct {
|
|||||||
Host string `json:"host" yaml:"host" toml:"host"`
|
Host string `json:"host" yaml:"host" toml:"host"`
|
||||||
} `json:"recaptcha" yaml:"recaptcha" toml:"recaptcha"`
|
} `json:"recaptcha" yaml:"recaptcha" toml:"recaptcha"`
|
||||||
OIDC struct {
|
OIDC struct {
|
||||||
ClientID string `json:"clientID" yaml:"clientID" toml:"clientID"`
|
ClientID string `json:"clientID" yaml:"clientID" toml:"clientID"`
|
||||||
ClientSecret string `json:"clientSecret" yaml:"clientSecret" toml:"clientSecret"`
|
ClientSecret string `json:"clientSecret" yaml:"clientSecret" toml:"clientSecret"`
|
||||||
Issuer string `json:"issuer" yaml:"issuer" toml:"issuer"`
|
Issuer string `json:"issuer" yaml:"issuer" toml:"issuer"`
|
||||||
RedirectURL string `json:"redirectURL" yaml:"redirectURL" toml:"redirectURL"`
|
RedirectURL string `json:"redirectURL" yaml:"redirectURL" toml:"redirectURL"`
|
||||||
|
RedirectURLAppendQuery bool `json:"redirectURLAppendQuery" yaml:"redirectURLAppendQuery" toml:"redirectURLAppendQuery"`
|
||||||
} `json:"oidc" yaml:"oidc" toml:"oidc"`
|
} `json:"oidc" yaml:"oidc" toml:"oidc"`
|
||||||
Auth oldAuth `json:"auth" yaml:"auth" toml:"auth"`
|
Auth oldAuth `json:"auth" yaml:"auth" toml:"auth"`
|
||||||
}
|
}
|
||||||
@ -159,10 +160,11 @@ func importConf(db *storm.DB, path string, sto *storage.Storage) error {
|
|||||||
case "oidc":
|
case "oidc":
|
||||||
auther = &auth.OIDCAuth{
|
auther = &auth.OIDCAuth{
|
||||||
OIDC: &auth.OAuthClient{
|
OIDC: &auth.OAuthClient{
|
||||||
ClientID: cfg.OIDC.ClientID,
|
ClientID: cfg.OIDC.ClientID,
|
||||||
ClientSecret: cfg.OIDC.ClientSecret,
|
ClientSecret: cfg.OIDC.ClientSecret,
|
||||||
Issuer: cfg.OIDC.Issuer,
|
Issuer: cfg.OIDC.Issuer,
|
||||||
RedirectURL: cfg.OIDC.RedirectURL,
|
RedirectURL: cfg.OIDC.RedirectURL,
|
||||||
|
RedirectURLAppendQuery: cfg.OIDC.RedirectURLAppendQuery,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
s.AuthMethod = auth.MethodOIDCAuth
|
s.AuthMethod = auth.MethodOIDCAuth
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user