From 188d333200f68ddde7b6928517a7e759431c6a87 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 26 Dec 2022 21:35:45 -0500 Subject: [PATCH] Fix openid redirect issue to use base_redirect_url when nextUrl is absent (#1282) Signed-off-by: Craig Perkins (cherry picked from commit db1fbb91b9a8ef3baa3befdbe7e812efe8294746) --- server/auth/types/openid/helper.test.ts | 37 ++++++++++++++++++++++++- server/auth/types/openid/helper.ts | 8 ++++++ server/auth/types/openid/routes.ts | 11 ++++++-- 3 files changed, 52 insertions(+), 4 deletions(-) diff --git a/server/auth/types/openid/helper.test.ts b/server/auth/types/openid/helper.test.ts index 539199ec7..3a125a2bf 100644 --- a/server/auth/types/openid/helper.test.ts +++ b/server/auth/types/openid/helper.test.ts @@ -13,7 +13,7 @@ * permissions and limitations under the License. */ -import { composeLogoutUrl, getExpirationDate, getRootUrl } from './helper'; +import { composeLogoutUrl, getExpirationDate, getRootUrl, getNextUrl } from './helper'; describe('test OIDC helper utility', () => { test('test compose logout url', () => { @@ -146,4 +146,39 @@ describe('test OIDC helper utility', () => { }) ); }); + + test('test getNextUrl when request.query.nextUrl is present', () => { + const config = { + openid: { + base_redirect_url: 'http://localhost:5601/ui', + }, + }; + + const core = {}; + + const request = { + query: { + nextUrl: 'http://localhost:5601/ui/app/home', + }, + }; + + expect('http://localhost:5601/ui/app/home').toEqual(getNextUrl(config, core, request)); + }); + + test('test getNextUrl when request.query.nextUrl is absent', () => { + const config = { + openid: { + base_redirect_url: 'http://localhost:5601/ui', + }, + }; + + const core = {}; + + const request = { + query: {}, + }; + + // Should go to config.openid?.base_redirect_url + expect('http://localhost:5601/ui').toEqual(getNextUrl(config, core, request)); + }); }); diff --git a/server/auth/types/openid/helper.ts b/server/auth/types/openid/helper.ts index a420b442e..9839175ca 100644 --- a/server/auth/types/openid/helper.ts +++ b/server/auth/types/openid/helper.ts @@ -72,6 +72,14 @@ export function getBaseRedirectUrl( return rootUrl; } +export function getNextUrl( + config: SecurityPluginConfigType, + core: CoreSetup, + request: OpenSearchDashboardsRequest +): string { + return request.query.nextUrl || getBaseRedirectUrl(config, core, request) || '/'; +} + export async function callTokenEndpoint( tokenEndpoint: string, query: any, diff --git a/server/auth/types/openid/routes.ts b/server/auth/types/openid/routes.ts index 442b44e32..027474951 100644 --- a/server/auth/types/openid/routes.ts +++ b/server/auth/types/openid/routes.ts @@ -27,9 +27,14 @@ import { SecuritySessionCookie } from '../../../session/security_cookie'; import { SecurityPluginConfigType } from '../../..'; import { OpenIdAuthConfig } from './openid_auth'; import { SecurityClient } from '../../../backend/opensearch_security_client'; -import { getBaseRedirectUrl, callTokenEndpoint, composeLogoutUrl } from './helper'; +import { + getBaseRedirectUrl, + callTokenEndpoint, + composeLogoutUrl, + getNextUrl, + getExpirationDate, +} from './helper'; import { validateNextUrl } from '../../../utils/next_url'; -import { getExpirationDate } from './helper'; import { AuthType, OPENID_AUTH_LOGIN, @@ -110,7 +115,7 @@ export class OpenIdAuthRoutes { const cookie: SecuritySessionCookie = { oidc: { state: nonce, - nextUrl: request.query.nextUrl || '/', + nextUrl: getNextUrl(this.config, this.core, request), }, authType: AuthType.OPEN_ID, };