Skip to content

Commit

Permalink
Allow sdk redirect on settings actions authgear#3813
Browse files Browse the repository at this point in the history
  • Loading branch information
IniZio authored and louischan-oursky committed Mar 6, 2024
1 parent 8a14972 commit 4fb7a11
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 5 deletions.
2 changes: 1 addition & 1 deletion pkg/auth/handler/webapp/settings_change_password.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ func (h *SettingsChangePasswordHandler) ServeHTTP(w http.ResponseWriter, r *http
ctrl.PostAction("", func() error {
userID := ctrl.RequireUserID()
opts := webapp.SessionOptions{
RedirectURI: "/settings",
RedirectURI: webapp.DeriveSettingsRedirectURIFromRequest(r, "/settings"),
}
intent := intents.NewIntentChangePrimaryPassword(userID)
result, err := ctrl.EntryPointPost(opts, intent, func() (input interface{}, err error) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func (h *SettingsChangeSecondaryPasswordHandler) ServeHTTP(w http.ResponseWriter
ctrl.PostAction("", func() error {
userID := ctrl.RequireUserID()
opts := webapp.SessionOptions{
RedirectURI: "/settings",
RedirectURI: webapp.DeriveSettingsRedirectURIFromRequest(r, "/settings"),
}
intent := intents.NewIntentChangeSecondaryPassword(userID)

Expand Down
2 changes: 1 addition & 1 deletion pkg/auth/handler/webapp/settings_profile_edit.go
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ func (h *SettingsProfileEditHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
}
}

result := webapp.Result{RedirectURI: "/settings/profile"}
result := webapp.Result{RedirectURI: webapp.DeriveSettingsRedirectURIFromRequest(r, "/settings/profile")}
result.WriteResponse(w, r)
return nil
})
Expand Down
42 changes: 41 additions & 1 deletion pkg/auth/webapp/redirect.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ import (
"github.com/authgear/authgear-server/pkg/util/httputil"
)

var reservedRedirectURIs = []string{
"authgearsdk://host/path", // For Authgear SDK only, used for closing the webview
}

func GetRedirectURI(r *http.Request, trustProxy bool, defaultURI string) string {
redirectURI, err := httputil.GetRedirectURI(r, trustProxy)
if err != nil {
Expand All @@ -19,6 +23,42 @@ type OAuthClientResolver interface {
ResolveClient(clientID string) *config.OAuthClientConfig
}

func DeriveSettingsRedirectURIFromRequest(r *http.Request, defaultURI string) string {
// 1. Redirect URL in query param (must be whitelisted)
// 2. Default redirect URL
// 3. `/settings`
redirectURIFromQuery := func() string {
redirectURI := r.URL.Query().Get("redirect_uri")
allowed := false

for _, u := range reservedRedirectURIs {
if u == redirectURI {
allowed = true
break
}
}

// 1. Redirect URL in query param (must be whitelisted)
if allowed && redirectURI != "" {
return redirectURI
}

return ""
}()

if redirectURIFromQuery != "" {
return redirectURIFromQuery
}

// 2. Default redirect URL
if defaultURI != "" {
return defaultURI
}

// 3. `/settings`
return "/settings"
}

func DerivePostLoginRedirectURIFromRequest(r *http.Request, clientResolver OAuthClientResolver, uiConfig *config.UIConfig) string {
// 1. Redirect URL in query param (must be whitelisted)
// 2. Default redirect URL of the client
Expand All @@ -38,7 +78,7 @@ func DerivePostLoginRedirectURIFromRequest(r *http.Request, clientResolver OAuth
allowedURIs := client.RedirectURIs
allowed := false

for _, u := range allowedURIs {
for _, u := range append(reservedRedirectURIs, allowedURIs...) {
if u == redirectURI {
allowed = true
break
Expand Down
2 changes: 1 addition & 1 deletion pkg/auth/webapp/service2.go
Original file line number Diff line number Diff line change
Expand Up @@ -504,7 +504,7 @@ func (s *Service2) afterPost(
result.NavigationAction = "replace"
}
}
s.Logger.Debugf("interaction: redirect to" + result.RedirectURI)
s.Logger.Debugf("interaction: redirect to %s", result.RedirectURI)

// Collect extras
session.Extra = collectExtras(graph.CurrentNode())
Expand Down

0 comments on commit 4fb7a11

Please sign in to comment.