Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
0e2d874e
Unverified
Commit
0e2d874e
authored
Feb 14, 2020
by
Brian Gann
Committed by
GitHub
Feb 14, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
API: Fix redirect issue when configured to use a subpath (#21652)
* request uri will contain the subpath
parent
0cde7dec
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
40 additions
and
4 deletions
+40
-4
pkg/api/login.go
+8
-1
pkg/api/login_test.go
+31
-2
pkg/middleware/auth.go
+1
-1
No files found.
pkg/api/login.go
View file @
0e2d874e
...
...
@@ -35,7 +35,9 @@ func (hs *HTTPServer) validateRedirectTo(redirectTo string) error {
if
to
.
IsAbs
()
{
return
login
.
ErrAbsoluteRedirectTo
}
if
hs
.
Cfg
.
AppSubUrl
!=
""
&&
!
strings
.
HasPrefix
(
to
.
Path
,
"/"
+
hs
.
Cfg
.
AppSubUrl
)
{
// when using a subUrl, the redirect_to should have a relative or absolute path that includes the subUrl, otherwise the redirect
// will send the user to the wrong location
if
hs
.
Cfg
.
AppSubUrl
!=
""
&&
!
strings
.
HasPrefix
(
to
.
Path
,
hs
.
Cfg
.
AppSubUrl
)
&&
!
strings
.
HasPrefix
(
to
.
Path
,
"/"
+
hs
.
Cfg
.
AppSubUrl
)
{
return
login
.
ErrInvalidRedirectTo
}
return
nil
...
...
@@ -177,6 +179,11 @@ func (hs *HTTPServer) LoginPost(c *models.ReqContext, cmd dtos.LoginCommand) Res
if
redirectTo
,
_
:=
url
.
QueryUnescape
(
c
.
GetCookie
(
"redirect_to"
));
len
(
redirectTo
)
>
0
{
if
err
:=
hs
.
validateRedirectTo
(
redirectTo
);
err
==
nil
{
// remove subpath if it exists at the beginning of the redirect_to
// LoginCtrl.tsx is already prepending the redirectUrl with the subpath
if
setting
.
AppSubUrl
!=
""
&&
strings
.
Index
(
redirectTo
,
setting
.
AppSubUrl
)
==
0
{
redirectTo
=
strings
.
Replace
(
redirectTo
,
setting
.
AppSubUrl
,
""
,
1
)
}
result
[
"redirectUrl"
]
=
redirectTo
}
else
{
log
.
Info
(
"Ignored invalid redirect_to cookie value: %v"
,
redirectTo
)
...
...
pkg/api/login_test.go
View file @
0e2d874e
...
...
@@ -72,6 +72,7 @@ type redirectCase struct {
err
error
appURL
string
appSubURL
string
path
string
}
func
TestLoginErrorCookieApiEndpoint
(
t
*
testing
.
T
)
{
...
...
@@ -154,6 +155,7 @@ func TestLoginViewRedirect(t *testing.T) {
desc
:
"grafana relative url without subpath"
,
url
:
"/profile"
,
appURL
:
"http://localhost:3000"
,
path
:
"/"
,
status
:
302
,
},
{
...
...
@@ -161,6 +163,15 @@ func TestLoginViewRedirect(t *testing.T) {
url
:
"/grafana/profile"
,
appURL
:
"http://localhost:3000"
,
appSubURL
:
"grafana"
,
path
:
"grafana/"
,
status
:
302
,
},
{
desc
:
"grafana slashed relative url with subpath"
,
url
:
"/grafana/profile"
,
appURL
:
"http://localhost:3000"
,
appSubURL
:
"grafana"
,
path
:
"/grafana/"
,
status
:
302
,
},
{
...
...
@@ -168,13 +179,23 @@ func TestLoginViewRedirect(t *testing.T) {
url
:
"/profile"
,
appURL
:
"http://localhost:3000"
,
appSubURL
:
"grafana"
,
path
:
"grafana/"
,
status
:
200
,
err
:
login
.
ErrInvalidRedirectTo
,
},
{
desc
:
"grafana subpath absolute url"
,
url
:
"http://localhost:3000/grafana/profile"
,
appURL
:
"http://localhost:3000"
,
appSubURL
:
"grafana"
,
path
:
"/grafana/profile"
,
status
:
200
,
},
{
desc
:
"grafana absolute url"
,
url
:
"http://localhost:3000/profile"
,
appURL
:
"http://localhost:3000"
,
path
:
"/"
,
status
:
200
,
err
:
login
.
ErrAbsoluteRedirectTo
,
},
...
...
@@ -182,6 +203,7 @@ func TestLoginViewRedirect(t *testing.T) {
desc
:
"non grafana absolute url"
,
url
:
"http://example.com"
,
appURL
:
"http://localhost:3000"
,
path
:
"/"
,
status
:
200
,
err
:
login
.
ErrAbsoluteRedirectTo
,
},
...
...
@@ -189,6 +211,7 @@ func TestLoginViewRedirect(t *testing.T) {
desc
:
"invalid url"
,
url
:
":foo"
,
appURL
:
"http://localhost:3000"
,
path
:
"/"
,
status
:
200
,
err
:
login
.
ErrInvalidRedirectTo
,
},
...
...
@@ -203,7 +226,7 @@ func TestLoginViewRedirect(t *testing.T) {
MaxAge
:
60
,
Value
:
c
.
url
,
HttpOnly
:
true
,
Path
:
hs
.
Cfg
.
AppSubUrl
+
"/"
,
Path
:
c
.
path
,
Secure
:
hs
.
Cfg
.
CookieSecure
,
SameSite
:
hs
.
Cfg
.
CookieSameSiteMode
,
}
...
...
@@ -219,7 +242,7 @@ func TestLoginViewRedirect(t *testing.T) {
assert
.
True
(
t
,
ok
,
"Set-Cookie exists"
)
assert
.
Greater
(
t
,
len
(
setCookie
),
0
)
var
redirectToCookieFound
bool
expCookieValue
:=
fmt
.
Sprintf
(
"redirect_to=%v; Path=%v; Max-Age=60; HttpOnly; Secure"
,
c
.
url
,
hs
.
Cfg
.
AppSubUrl
+
"/"
)
expCookieValue
:=
fmt
.
Sprintf
(
"redirect_to=%v; Path=%v; Max-Age=60; HttpOnly; Secure"
,
c
.
url
,
c
.
path
)
for
_
,
cookieValue
:=
range
setCookie
{
if
cookieValue
==
expCookieValue
{
redirectToCookieFound
=
true
...
...
@@ -282,6 +305,12 @@ func TestLoginPostRedirect(t *testing.T) {
appSubURL
:
"grafana"
,
},
{
desc
:
"grafana no slash relative url with subpath"
,
url
:
"grafana/profile"
,
appURL
:
"https://localhost:3000"
,
appSubURL
:
"grafana"
,
},
{
desc
:
"relative url with missing subpath"
,
url
:
"/profile"
,
appURL
:
"https://localhost:3000"
,
...
...
pkg/middleware/auth.go
View file @
0e2d874e
...
...
@@ -47,7 +47,7 @@ func notAuthorized(c *m.ReqContext) {
return
}
WriteCookie
(
c
.
Resp
,
"redirect_to"
,
url
.
QueryEscape
(
setting
.
AppSubUrl
+
c
.
Req
.
RequestURI
),
0
,
newCookieOptions
)
WriteCookie
(
c
.
Resp
,
"redirect_to"
,
url
.
QueryEscape
(
c
.
Req
.
RequestURI
),
0
,
newCookieOptions
)
c
.
Redirect
(
setting
.
AppSubUrl
+
"/login"
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment