diff options
| author | mo khan <mo@mokhan.ca> | 2025-05-09 16:19:15 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-05-11 21:21:38 -0600 |
| commit | 18c5623190105a5e99e238d7577e7c896220972c (patch) | |
| tree | c141f617df3c963c1cba25deef27ec16db0df8c5 /app/controllers | |
| parent | 090d39e8adb08e49bd83e0432c7586086404a025 (diff) | |
test: test envoy and sparkle via testcontainers
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/sessions/controller.go | 2 | ||||
| -rw-r--r-- | app/controllers/sessions/service.go | 14 |
2 files changed, 14 insertions, 2 deletions
diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go index afc44f7..e8409a3 100644 --- a/app/controllers/sessions/controller.go +++ b/app/controllers/sessions/controller.go @@ -34,7 +34,7 @@ func (c *Controller) New(w http.ResponseWriter, r *http.Request) { return } - url, nonce := c.svc.GenerateRedirectURL() + url, nonce := c.svc.GenerateRedirectURL(r) cookie.Write(w, web.NewCookie(cfg.CSRFCookie, nonce)) c.redirectTo(w, r, url) } diff --git a/app/controllers/sessions/service.go b/app/controllers/sessions/service.go index 2dec9e3..9e74bfb 100644 --- a/app/controllers/sessions/service.go +++ b/app/controllers/sessions/service.go @@ -4,6 +4,7 @@ import ( "context" "errors" "net/http" + "net/url" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" @@ -24,11 +25,12 @@ func NewService(cfg *oidc.OpenID, http *http.Client) *Service { } } -func (svc *Service) GenerateRedirectURL() (string, string) { +func (svc *Service) GenerateRedirectURL(r *http.Request) (string, string) { nonce := pls.GenerateRandomHex(32) url := svc.cfg.Config.AuthCodeURL( nonce, oauth2.SetAuthURLParam("audience", svc.cfg.Config.ClientID), + oauth2.SetAuthURLParam("redirect_uri", svc.redirectURIFor(r)), ) return url, nonce } @@ -45,6 +47,7 @@ func (svc *Service) Exchange(r *http.Request) (*oidc.Tokens, error) { } ctx := context.WithValue(r.Context(), oauth2.HTTPClient, svc.http) + token, err := svc.cfg.Config.Exchange(ctx, r.URL.Query().Get("code")) if err != nil { return nil, err @@ -56,3 +59,12 @@ func (svc *Service) Exchange(r *http.Request) (*oidc.Tokens, error) { } return tokens, nil } + +func (svc *Service) redirectURIFor(r *http.Request) string { + if len(svc.cfg.Config.RedirectURL) > 0 { + return svc.cfg.Config.RedirectURL + } + redirectURL, _ := url.Parse(r.URL.String()) + redirectURL.Path = "/session/callback" + return redirectURL.String() +} |