Fix openid redirect issue to use base_redirect_url when nextUrl is ab…

…sent (#1282) Signed-off-by: Craig Perkins <[email protected]> (cherry picked from commit db1fbb9)
opensearch-project · Dec 27, 2022 · 188d333 · 188d333
1 parent 02cf6df
commit 188d333
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 4 deletions.
diff --git a/server/auth/types/openid/helper.test.ts b/server/auth/types/openid/helper.test.ts
@@ -13,7 +13,7 @@
  *   permissions and limitations under the License.
  */
 
-import { composeLogoutUrl, getExpirationDate, getRootUrl } from './helper';
+import { composeLogoutUrl, getExpirationDate, getRootUrl, getNextUrl } from './helper';
 
 describe('test OIDC helper utility', () => {
   test('test compose logout url', () => {
@@ -146,4 +146,39 @@ describe('test OIDC helper utility', () => {
       })
     );
   });
+
+  test('test getNextUrl when request.query.nextUrl is present', () => {
+    const config = {
+      openid: {
+        base_redirect_url: 'http://localhost:5601/ui',
+      },
+    };
+
+    const core = {};
+
+    const request = {
+      query: {
+        nextUrl: 'http://localhost:5601/ui/app/home',
+      },
+    };
+
+    expect('http://localhost:5601/ui/app/home').toEqual(getNextUrl(config, core, request));
+  });
+
+  test('test getNextUrl when request.query.nextUrl is absent', () => {
+    const config = {
+      openid: {
+        base_redirect_url: 'http://localhost:5601/ui',
+      },
+    };
+
+    const core = {};
+
+    const request = {
+      query: {},
+    };
+
+    // Should go to config.openid?.base_redirect_url
+    expect('http://localhost:5601/ui').toEqual(getNextUrl(config, core, request));
+  });
 });
diff --git a/server/auth/types/openid/helper.ts b/server/auth/types/openid/helper.ts
@@ -72,6 +72,14 @@ export function getBaseRedirectUrl(
   return rootUrl;
 }
 
+export function getNextUrl(
+  config: SecurityPluginConfigType,
+  core: CoreSetup,
+  request: OpenSearchDashboardsRequest
+): string {
+  return request.query.nextUrl || getBaseRedirectUrl(config, core, request) || '/';
+}
+
 export async function callTokenEndpoint(
   tokenEndpoint: string,
   query: any,

diff --git a/server/auth/types/openid/routes.ts b/server/auth/types/openid/routes.ts
@@ -27,9 +27,14 @@ import { SecuritySessionCookie } from '../../../session/security_cookie';
 import { SecurityPluginConfigType } from '../../..';
 import { OpenIdAuthConfig } from './openid_auth';
 import { SecurityClient } from '../../../backend/opensearch_security_client';
-import { getBaseRedirectUrl, callTokenEndpoint, composeLogoutUrl } from './helper';
+import {
+  getBaseRedirectUrl,
+  callTokenEndpoint,
+  composeLogoutUrl,
+  getNextUrl,
+  getExpirationDate,
+} from './helper';
 import { validateNextUrl } from '../../../utils/next_url';
-import { getExpirationDate } from './helper';
 import {
   AuthType,
   OPENID_AUTH_LOGIN,
@@ -110,7 +115,7 @@ export class OpenIdAuthRoutes {
           const cookie: SecuritySessionCookie = {
             oidc: {
               state: nonce,
-              nextUrl: request.query.nextUrl || '/',
+              nextUrl: getNextUrl(this.config, this.core, request),
             },
             authType: AuthType.OPEN_ID,
           };