Skip to content

Commit

Permalink
read env in auth.additional_redirect_urls values
Browse files Browse the repository at this point in the history
  • Loading branch information
jgoux committed Oct 11, 2024
1 parent 54c9d20 commit 1392333
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 1 deletion.
5 changes: 5 additions & 0 deletions pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -833,6 +833,11 @@ func (c *baseConfig) Validate(fsys fs.FS) error {
if c.Auth.SiteUrl, err = maybeLoadEnv(c.Auth.SiteUrl); err != nil {
return err
}
for i, url := range c.Auth.AdditionalRedirectUrls {
if c.Auth.AdditionalRedirectUrls[i], err = maybeLoadEnv(url); err != nil {
return errors.Errorf("Invalid config for auth.additional_redirect_urls[%d]: %v", i, err)
}
}
// Validate email config
for name, tmpl := range c.Auth.Email.Template {
if len(tmpl.ContentPath) > 0 {
Expand Down
5 changes: 5 additions & 0 deletions pkg/config/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,15 @@ func TestConfigParsing(t *testing.T) {
t.Setenv("AZURE_SECRET", "this is cool")
t.Setenv("AUTH_SEND_SMS_SECRETS", "v1,whsec_aWxpa2VzdXBhYmFzZXZlcnltdWNoYW5kaWhvcGV5b3Vkb3Rvbw==")
t.Setenv("SENDGRID_API_KEY", "sendgrid")
t.Setenv("AUTH_CALLBACK_URL", "http://localhost:3000/auth/callback")
assert.NoError(t, config.Load("", fsys))
// Check error
assert.Equal(t, "hello", config.Auth.External["azure"].ClientId)
assert.Equal(t, "this is cool", config.Auth.External["azure"].Secret)
assert.Equal(t, []string{
"https://127.0.0.1:3000",
"http://localhost:3000/auth/callback",
}, config.Auth.AdditionalRedirectUrls)
})

t.Run("config file with environment variables fails when unset", func(t *testing.T) {
Expand Down
2 changes: 1 addition & 1 deletion pkg/config/testdata/config.toml
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ enabled = true
# in emails.
site_url = "http://127.0.0.1:3000"
# A list of *exact* URLs that auth providers are permitted to redirect to post authentication.
additional_redirect_urls = ["https://127.0.0.1:3000"]
additional_redirect_urls = ["https://127.0.0.1:3000", "env(AUTH_CALLBACK_URL)"]
# How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 (1 week).
jwt_expiry = 3600
# If disabled, the refresh token will never expire.
Expand Down

0 comments on commit 1392333

Please sign in to comment.