Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v10] pass and preserve a path parameter during the app authentication #14048

Merged
merged 8 commits into from
Jul 5, 2022
Merged

[v10] pass and preserve a path parameter during the app authentication #14048

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
d1d10e3
pass and preserve a path parameter during the app access authenticati…
avatus Jun 23, 2022
7395cec
added missing semicolons
avatus Jun 24, 2022
a974e46
more javascript formatting
avatus Jun 24, 2022
66cc638
removed incorrect path redirect. replace URL with URL.Path
avatus Jun 24, 2022
8970a74
added a test for HasName
avatus Jun 29, 2022
f1e4150
added another test for default path
avatus Jun 29, 2022
864bfc9
ensure path param is valid path
avatus Jun 29, 2022
e00f903
build url without string concat
avatus Jun 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions lib/web/app/fragment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ func (h *Handler) handleFragment(w http.ResponseWriter, r *http.Request, p httpr
clusterName: q.Get("cluster"),
publicAddr: q.Get("addr"),
awsRole: q.Get("awsrole"),
path: q.Get("path"),
stateToken: stateToken,
}
return h.redirectToLauncher(w, r, urlParams)
Expand Down
2 changes: 1 addition & 1 deletion lib/web/app/handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -337,7 +337,7 @@ func HasName(r *http.Request, proxyPublicAddrs []utils.NetAddr) (string, bool) {
u := url.URL{
Scheme: "https",
Host: proxyPublicAddrs[0].String(),
Path: fmt.Sprintf("/web/launch/%v", raddr.Host()),
Path: fmt.Sprintf("/web/launch/%v?path=%v", raddr.Host(), r.URL.Path),
}
return u.String(), true
}
Expand Down
43 changes: 43 additions & 0 deletions lib/web/app/handler_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,49 @@ func TestAuthPOST(t *testing.T) {
}
}

func TestHasName(t *testing.T) {
for _, test := range []struct {
desc string
addrs []string
reqHost string
reqURL string
expectedURL string
hasName bool
}{
{
desc: "NOK - invalid host",
addrs: []string{"proxy.com"},
reqURL: "badurl.com",
expectedURL: "",
hasName: false,
},
{
desc: "OK - adds path",
addrs: []string{"proxy.com"},
reqURL: "https://app1.proxy.com/foo",
expectedURL: "https://proxy.com/web/launch/app1.proxy.com%3Fpath=/foo",
hasName: true,
},
{
desc: "OK - adds root path",
addrs: []string{"proxy.com"},
reqURL: "https://app1.proxy.com/",
expectedURL: "https://proxy.com/web/launch/app1.proxy.com%3Fpath=/",
hasName: true,
},
} {
t.Run(test.desc, func(t *testing.T) {
req, err := http.NewRequest(http.MethodGet, test.reqURL, nil)
require.NoError(t, err)

addrs := utils.MustParseAddrList(test.addrs...)
u, ok := HasName(req, addrs)
require.Equal(t, test.expectedURL, u)
require.Equal(t, test.hasName, ok)
})
}
}

func TestMatchApplicationServers(t *testing.T) {
clusterName := "test-cluster"
publicAddr := "app.example.com"
Expand Down
4 changes: 4 additions & 0 deletions lib/web/app/middleware.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,9 @@ func (h *Handler) redirectToLauncher(w http.ResponseWriter, r *http.Request, p l
if p.awsRole != "" {
urlQuery.Add("awsrole", p.awsRole)
}
if p.path != "" {
urlQuery.Add("path", p.path)
}

u := url.URL{
Scheme: "https",
Expand All @@ -106,6 +109,7 @@ type launcherURLParams struct {
publicAddr string
stateToken string
awsRole string
path string
}

// makeRouterHandler creates a httprouter.Handle.
Expand Down
18 changes: 14 additions & 4 deletions lib/web/app/redirect.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,16 +51,20 @@ const js = `
<title>Teleport Redirection Service</title>
<script nonce="%v">
(function() {
var url = new URL(window.location);
var params = new URLSearchParams(url.search);
var searchParts = window.location.search.split('=');
if (searchParts.length !== 2 || searchParts[0] !== '?state') {
var stateValue = params.get("state");
var path = params.get("path");
if (!stateValue) {
return;
}
var hashParts = window.location.hash.split('=');
if (hashParts.length !== 2 || hashParts[0] !== '#value') {
return;
}
const data = {
state_value: searchParts[1],
state_value: stateValue,
cookie_value: hashParts[1],
};
fetch('/x-teleport-auth', {
Expand All @@ -73,8 +77,14 @@ const js = `
body: JSON.stringify(data),
}).then(response => {
if (response.ok) {
// redirect to the root and remove current URL from history (back button)
window.location.replace('/');
try {
var redirectUrl = new URL(path, url.origin)
window.location.replace(redirectUrl.toString());
} catch (error) {
// in case of malformed url, return to origin
window.location.replace(url.origin)
}
// redirect to the target path and remove current URL from history (back button)
}
});
})();
Expand Down