fix: don't append '?redirect=' to the redirect url by default

2023-02-20 20:21:03 +00:00 · 2023-02-20 20:21:03 +00:00 · 23f71b184f
commit 23f71b184f
parent aba3b8f100
3 changed files with 32 additions and 22 deletions
--- a/auth/oidc.go
+++ b/auth/oidc.go
@ -8,7 +8,9 @@ import (
 	"math"
 	"math/big"
 	"net/http"
+	"net/url"
 	"os"
+	"strings"

 	"github.com/coreos/go-oidc/v3/oidc"
 	"golang.org/x/oauth2"
@ -49,6 +51,7 @@ type OAuthClient struct {
 	ClientSecret           string                `json:"clientSecret"`
 	Issuer                 string                `json:"issuer"`
 	RedirectURL            string                `json:"redirectURL"`
+	RedirectURLAppendQuery bool                  `json:"redirectURLAppendQuery"`
 	OAuth2Config           oauth2.Config         `json:"-"`
 	Verifier               *oidc.IDTokenVerifier `json:"-"`
 }
@ -79,12 +82,14 @@ func (o *OAuthClient) InitAuthFlow(w http.ResponseWriter, r *http.Request) {
 	rand2, _ := rand.Int(rand.Reader, big.NewInt(math.MaxInt32))
 	state := fmt.Sprintf("%x", rand1)
 	nonce := fmt.Sprintf("%x", rand2)
-	o.OAuth2Config.RedirectURL += "?redirect=" + r.URL.Path
-	url := o.OAuth2Config.AuthCodeURL(state, oidc.Nonce(nonce))
+	if strings.HasPrefix(r.URL.Path, "/files/") && o.RedirectURLAppendQuery {
+		o.OAuth2Config.RedirectURL += "?redirect=" + url.QueryEscape(r.URL.Path)
+	}
+	redirect := o.OAuth2Config.AuthCodeURL(state, oidc.Nonce(nonce))

-	log.Println("oidc init flow ", url)
+	log.Println("oidc init flow ", redirect)
 	w.Header().Set("Set-Cookie", "state="+state+"; path=/")
-	http.Redirect(w, r, url, http.StatusMovedPermanently)
+	http.Redirect(w, r, redirect, http.StatusMovedPermanently)
 }

 // HandleAuthCallback manages code exchange and obtains the id token.
--- a/cmd/config.go
+++ b/cmd/config.go
@ -45,6 +45,7 @@ func addConfigFlags(flags *pflag.FlagSet) {
 	flags.String("oidc.clientSecret", "", "Open ID Connect Client Secret for auth.method=oidc")
 	flags.String("oidc.issuer", "", "Open ID Connect Configuration Issuer URL for auth.method=oidc")
 	flags.String("oidc.redirectURL", "", "Open ID Connect Redirect URL for auth.method=oidc")
+	flags.Bool("oidc.redirectURLAppendQuery", false, "Whether to append '?redirect=...' to the redirectURL")

 	flags.String("branding.name", "", "replace 'File Browser' by this name")
 	flags.String("branding.color", "", "set the theme color")
@ -132,6 +133,7 @@ func getAuthentication(flags *pflag.FlagSet, defaults ...interface{}) (settings.
 		secret := mustGetString(flags, "oidc.clientSecret")
 		url := mustGetString(flags, "oidc.issuer")
 		redirect := mustGetString(flags, "oidc.redirectURL")
+		appendQuery := mustGetBool(flags, "oidc.redirectURLAppendQuery")

 		if id != "" && secret != "" && url != "" && redirect != "" {
 			oidcAuth.OIDC = &auth.OAuthClient{
@ -139,6 +141,7 @@ func getAuthentication(flags *pflag.FlagSet, defaults ...interface{}) (settings.
 				ClientSecret:           secret,
 				Issuer:                 url,
 				RedirectURL:            redirect,
+				RedirectURLAppendQuery: appendQuery,
 			}
 		}
 		auther = oidcAuth
--- a/storage/bolt/importer/conf.go
+++ b/storage/bolt/importer/conf.go
@ -49,6 +49,7 @@ type oldConf struct {
 		ClientSecret           string `json:"clientSecret" yaml:"clientSecret" toml:"clientSecret"`
 		Issuer                 string `json:"issuer" yaml:"issuer" toml:"issuer"`
 		RedirectURL            string `json:"redirectURL" yaml:"redirectURL" toml:"redirectURL"`
+		RedirectURLAppendQuery bool   `json:"redirectURLAppendQuery" yaml:"redirectURLAppendQuery" toml:"redirectURLAppendQuery"`
 	} `json:"oidc" yaml:"oidc" toml:"oidc"`
 	Auth oldAuth `json:"auth" yaml:"auth" toml:"auth"`
 }
@ -163,6 +164,7 @@ func importConf(db *storm.DB, path string, sto *storage.Storage) error {
 				ClientSecret:           cfg.OIDC.ClientSecret,
 				Issuer:                 cfg.OIDC.Issuer,
 				RedirectURL:            cfg.OIDC.RedirectURL,
+				RedirectURLAppendQuery: cfg.OIDC.RedirectURLAppendQuery,
 			},
 		}
 		s.AuthMethod = auth.MethodOIDCAuth