[oidc] consider returnTo URL

AlexTugarev · AlexTugarev · commit d8e92d577e27 · 2023-03-28T07:02:46.000Z
diff --git a/components/public-api-server/pkg/oidc/router.go b/components/public-api-server/pkg/oidc/router.go
@@ -42,8 +42,13 @@ func (s *Service) getStartHandler() http.HandlerFunc {
 			return
 		}
 
+		returnToURL := r.URL.Query().Get("returnTo")
+		if returnToURL == "" {
+			returnToURL = "/"
+		}
+
 		redirectURL := getCallbackURL(r.Host)
-		startParams, err := s.GetStartParams(config, redirectURL)
+		startParams, err := s.GetStartParams(config, redirectURL, returnToURL)
 		if err != nil {
 			http.Error(rw, "failed to start auth flow", http.StatusInternalServerError)
 			return
diff --git a/components/public-api-server/pkg/oidc/service.go b/components/public-api-server/pkg/oidc/service.go
@@ -69,14 +69,12 @@ func NewService(sessionServiceAddress string, dbConn *gorm.DB, cipher db.Cipher,
 	}
 }
 
-func (s *Service) GetStartParams(config *ClientConfig, redirectURL string) (*StartParams, error) {
+func (s *Service) GetStartParams(config *ClientConfig, redirectURL string, returnToURL string) (*StartParams, error) {
 	// state is supposed to a) be present on client request as cookie header
 	// and b) to be mirrored by the IdP on callback requests.
 	stateParam := StateParam{
 		ClientConfigID: config.ID,
-
-		// TODO(at) read a relative URL from `returnTo` query param of the start request
-		ReturnToURL: "/",
+		ReturnToURL:    returnToURL,
 	}
 	state, err := s.encodeStateParam(stateParam)
 	if err != nil {
diff --git a/components/public-api-server/pkg/oidc/service_test.go b/components/public-api-server/pkg/oidc/service_test.go
@@ -43,7 +43,7 @@ func TestGetStartParams(t *testing.T) {
 		},
 	}
 
-	params, err := service.GetStartParams(config, redirectURL)
+	params, err := service.GetStartParams(config, redirectURL, "/")
 
 	require.NoError(t, err)
 	require.NotNil(t, params.Nonce)

Original file line number	Diff line number	Diff line change
`@@ -69,14 +69,12 @@ func NewService(sessionServiceAddress string, dbConn *gorm.DB, cipher db.Cipher,`
`69`	`69`	`}`
`70`	`70`	`}`
`71`	`71`
`72`		`-func (s Service) GetStartParams(config ClientConfig, redirectURL string) (*StartParams, error) {`
	`72`	`+func (s Service) GetStartParams(config ClientConfig, redirectURL string, returnToURL string) (*StartParams, error) {`
`73`	`73`	`// state is supposed to a) be present on client request as cookie header`
`74`	`74`	`// and b) to be mirrored by the IdP on callback requests.`
`75`	`75`	`stateParam := StateParam{`
`76`	`76`	`ClientConfigID: config.ID,`
`77`		`-`
`78`		- // TODO(at) read a relative URL from `returnTo` query param of the start request
`79`		`- ReturnToURL: "/",`
	`77`	`+ ReturnToURL: returnToURL,`
`80`	`78`	`}`
`81`	`79`	`state, err := s.encodeStateParam(stateParam)`
`82`	`80`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ func TestGetStartParams(t *testing.T) {`
`43`	`43`	`},`
`44`	`44`	`}`
`45`	`45`
`46`		`- params, err := service.GetStartParams(config, redirectURL)`
	`46`	`+ params, err := service.GetStartParams(config, redirectURL, "/")`
`47`	`47`
`48`	`48`	`require.NoError(t, err)`
`49`	`49`	`require.NotNil(t, params.Nonce)`