diff options
author | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-08-08 21:59:37 +0300 |
---|---|---|
committer | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-08-08 21:59:37 +0300 |
commit | b30197c907c86e38740df5640642f2a5ea739c69 (patch) | |
tree | 1f5bdd30bd75dcd2076e3203400212951c744b3b /internal | |
parent | 90690a9d77b673df5845f05d626ff8f6e75529c7 (diff) |
Fix problem with the public suffix listed pages domain
Diffstat (limited to 'internal')
-rw-r--r-- | internal/auth/auth.go | 35 |
1 files changed, 11 insertions, 24 deletions
diff --git a/internal/auth/auth.go b/internal/auth/auth.go index ea185ea2..e88cf7a2 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -51,18 +51,10 @@ type errorResponse struct { func (a *Auth) getSessionFromStore(r *http.Request) (*sessions.Session, error) { store := sessions.NewCookieStore([]byte(a.storeSecret)) - if strings.HasSuffix(r.Host, a.pagesDomain) { - // GitLab pages wide cookie - store.Options = &sessions.Options{ - Path: "/", - Domain: a.pagesDomain, - } - } else { - // Cookie just for this domain - store.Options = &sessions.Options{ - Path: "/", - Domain: r.Host, - } + // Cookie just for this domain + store.Options = &sessions.Options{ + Path: "/", + Domain: r.Host, } return store.Get(r, "gitlab-pages") @@ -160,14 +152,14 @@ func (a *Auth) TryAuthenticate(w http.ResponseWriter, r *http.Request) bool { func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWriter, r *http.Request) bool { // If request is for authenticating via custom domain if shouldProxyAuth(r) { - customDomain := r.URL.Query().Get("domain") + domain := r.URL.Query().Get("domain") state := r.URL.Query().Get("state") - log.WithField("domain", customDomain).Debug("User is authenticating via custom domain") + log.WithField("domain", domain).Debug("User is authenticating via domain") if r.TLS != nil { - session.Values["proxy_auth_domain"] = "https://" + customDomain + session.Values["proxy_auth_domain"] = "https://" + domain } else { - session.Values["proxy_auth_domain"] = "http://" + customDomain + session.Values["proxy_auth_domain"] = "http://" + domain } session.Save(r, w) @@ -289,14 +281,9 @@ func (a *Auth) checkTokenExists(session *sessions.Session, w http.ResponseWriter session.Save(r, w) - // If we are in custom domain, redirect to pages domain to trigger authorization flow - if !strings.HasSuffix(r.Host, a.pagesDomain) { - http.Redirect(w, r, a.getProxyAddress(r, state), 302) - } else { - // Otherwise just redirect to OAuth login - url := fmt.Sprintf(authorizeURLTemplate, a.gitLabServer, a.clientID, a.redirectURI, state) - http.Redirect(w, r, url, 302) - } + // Because the pages domain might be in public suffix list, we have to + // redirect to pages domain to trigger authorization flow + http.Redirect(w, r, a.getProxyAddress(r, state), 302) return true } |