Skip to content

Commit

Permalink
[local-app] fix failed/cancelled auth
Browse files Browse the repository at this point in the history
  • Loading branch information
akosyakov committed Sep 9, 2021
1 parent 77593cc commit 9c4bd51
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 5 deletions.
18 changes: 14 additions & 4 deletions components/local-app/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,12 +93,21 @@ func main() {
},
},
&cli.BoolFlag{
Name: "verbose",
Name: "verbose",
Usage: "Enable verbose logging",
EnvVars: []string{
"GITPOD_LCA_VERBOSE",
},
Value: false,
},
&cli.DurationFlag{
Name: "auth-timeout",
Usage: "Auth timeout in seconds",
EnvVars: []string{
"GITPOD_LCA_AUTH_TIMEOUT",
},
Value: 30,
},
},
Commands: []*cli.Command{
{
Expand All @@ -107,7 +116,8 @@ func main() {
if c.Bool("mock-keyring") {
keyring.MockInit()
}
return run(c.String("gitpod-host"), c.String("ssh_config"), c.Int("api-port"), c.Bool("allow-cors-from-port"), c.Bool("auto-tunnel"), c.String("auth-redirect-url"), c.Bool("verbose"))
return run(c.String("gitpod-host"), c.String("ssh_config"), c.Int("api-port"), c.Bool("allow-cors-from-port"),
c.Bool("auto-tunnel"), c.String("auth-redirect-url"), c.Bool("verbose"), c.Duration("auth-timeout"))
},
Flags: []cli.Flag{
&cli.PathFlag{
Expand All @@ -131,7 +141,7 @@ func DefaultCommand(name string) cli.ActionFunc {
}
}

func run(origin, sshConfig string, apiPort int, allowCORSFromPort bool, autoTunnel bool, authRedirectUrl string, verbose bool) error {
func run(origin, sshConfig string, apiPort int, allowCORSFromPort bool, autoTunnel bool, authRedirectUrl string, verbose bool, authTimeout time.Duration) error {
if verbose {
logrus.SetLevel(logrus.DebugLevel)
}
Expand All @@ -155,7 +165,7 @@ func run(origin, sshConfig string, apiPort int, allowCORSFromPort bool, autoTunn

var b *bastion.Bastion

client, err := connectToServer(auth.LoginOpts{GitpodURL: origin, RedirectURL: authRedirectUrl}, func() {
client, err := connectToServer(auth.LoginOpts{GitpodURL: origin, RedirectURL: authRedirectUrl, AuthTimeout: authTimeout}, func() {
if b != nil {
b.FullUpdate()
}
Expand Down
5 changes: 5 additions & 0 deletions components/local-app/pkg/auth/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
"net/http"
"net/url"
"strings"
"time"

jwt "github.com/dgrijalva/jwt-go"
gitpod "github.com/gitpod-io/gitpod/gitpod-protocol"
Expand Down Expand Up @@ -95,6 +96,7 @@ func DeleteToken(host string) error {
type LoginOpts struct {
GitpodURL string
RedirectURL string
AuthTimeout time.Duration
}

const html = `
Expand Down Expand Up @@ -201,6 +203,7 @@ func Login(ctx context.Context, opts LoginOpts) (token string, err error) {
return "", xerrors.Errorf("cannot open browser to URL %s: %s\n", authorizationURL, err)
}

authTimeout := time.NewTimer(opts.AuthTimeout * time.Second)
var query url.Values
var code, approved string
select {
Expand All @@ -211,6 +214,8 @@ func Login(ctx context.Context, opts LoginOpts) (token string, err error) {
case query = <-queryChan:
code = query.Get("code")
approved = query.Get("approved")
case <-authTimeout.C:
return "", xerrors.Errorf("auth timeout after %d seconds", uint32(opts.AuthTimeout))
}

if approved == "no" {
Expand Down
2 changes: 1 addition & 1 deletion components/server/src/oauth-server/oauth-controller.ts
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ export class OAuthController {

// Let the local app know they rejected the approval
const rt = req.query.redirect_uri;
if (!rt || !rt.startsWith("http://localhost:")) {
if (!rt || !rt.startsWith("http://127.0.0.1:")) {
log.error(`/oauth/authorize: invalid returnTo URL: "${rt}"`)
res.sendStatus(400);
return false;
Expand Down

0 comments on commit 9c4bd51

Please sign in to comment.